chore: SLSA L3 provenance, cosign .sig, Artifact Hub (#106)

- Add SLSA L3 provenance via slsa-github-generator reusable workflow - Build job outputs binary hash for provenance generation - Cosign now outputs .sig + .cert alongside .bundle (scorecard needs .sig) - Remove fake provenance JSON and broken gh attestation step - Add artifacthub-repo.yml for Artifact Hub discovery
2026-04-12 08:00:32 +00:00 · 2026-04-06 02:53:22 +03:00
parent 0c95fa9786
commit 38828ec31e
2 changed files with 36 additions and 39 deletions
--- a/artifacthub-repo.yml
+++ b/artifacthub-repo.yml
@@ -0,0 +1,6 @@
+# Artifact Hub repository metadata
+# https://artifacthub.io/docs/topics/repositories/
+repositoryID: null  # filled by Artifact Hub after registration
+owners:
+  - name: DevITWay
+    email: devitway@gmail.com