From 5bf239121774ae1e3d3fc7e00c08b1f98c3545dc Mon Sep 17 00:00:00 2001
From: Scott Leggett <scott@sl.id.au>
Date: Fri, 6 Jun 2025 09:58:12 +0800
Subject: [PATCH] chore: disable dockerhub image attestation

Until dockerhub supports the OCI Referrers API, attestations attached to
images result in numerous noisy sha256-* tags. So disable dockerhub
image attestation for now.
---
 .github/workflows/build-and-publish.yaml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/.github/workflows/build-and-publish.yaml b/.github/workflows/build-and-publish.yaml
index 9119585..d468f65 100644
--- a/.github/workflows/build-and-publish.yaml
+++ b/.github/workflows/build-and-publish.yaml
@@ -66,13 +66,6 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
-      - name: Attest dockerhub image
-        uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0
-        with:
-          subject-digest: ${{steps.build-and-push.outputs.digest}}
-          subject-name: index.docker.io/${{ github.repository }}
-          push-to-registry: true
-
       - name: Attest ghcr image
         uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0
         with: