diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index 4af98f336b8..5081b9da4af 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -163,7 +163,8 @@ jobs: OPENCLAW_EXTENSIONS=diagnostics-otel tags: ${{ steps.tags.outputs.value }} labels: ${{ steps.labels.outputs.value }} - provenance: false + sbom: true + provenance: mode=max push: true - name: Build and push amd64 slim image @@ -180,7 +181,8 @@ jobs: OPENCLAW_VARIANT=slim tags: ${{ steps.tags.outputs.slim }} labels: ${{ steps.labels.outputs.value }} - provenance: false + sbom: true + provenance: mode=max push: true # Build arm64 images (default + slim share the build stage cache) @@ -283,7 +285,8 @@ jobs: OPENCLAW_EXTENSIONS=diagnostics-otel tags: ${{ steps.tags.outputs.value }} labels: ${{ steps.labels.outputs.value }} - provenance: false + sbom: true + provenance: mode=max push: true - name: Build and push arm64 slim image @@ -300,7 +303,8 @@ jobs: OPENCLAW_VARIANT=slim tags: ${{ steps.tags.outputs.slim }} labels: ${{ steps.labels.outputs.value }} - provenance: false + sbom: true + provenance: mode=max push: true # Create multi-platform manifests diff --git a/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml b/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml index 48486ccbeae..eeada4f02d2 100644 --- a/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml +++ b/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml @@ -628,7 +628,8 @@ jobs: cache-from: type=gha,scope=docker-e2e cache-to: type=gha,mode=max,scope=docker-e2e tags: ${{ steps.image.outputs.image }} - provenance: false + sbom: true + provenance: mode=max push: true validate_live_models_docker: