Publish Docker Hub image attestations and document digest verification

[Copilot]

This updates the Docker release pipeline so official pragent/pr-agent images publish verifiable GitHub Artifact Attestations alongside the pushed image digest. That gives consumers a supported way to verify that a pinned Docker Hub digest was built from this repository and release workflow.

• Release workflow

  • Extend publish-docker permissions to allow OIDC-backed attestation generation.
  • Capture the digest emitted by docker/build-push-action.
  • Publish provenance for each pushed Docker Hub image with actions/attest-build-provenance and push-to-registry: true.

• Consumer verification docs

  • Document digest verification in the GitHub Action installation guide.
  • Add the same verification flow to the security guidance for users pinning Docker images by digest.

• Verification example

  gh attestation verify \
    oci://index.docker.io/pragent/pr-agent@sha256:<digest> \
    --repo The-PR-Agent/pr-agent

[qodo-free-for-open-source-projects]

Review Summary by Qodo

Publish Docker Hub image attestations and document digest verification

✨ Enhancement 📝 Documentation

Walkthroughs

Description

• Add Docker image attestations to release workflow
  - Extend publish-docker job permissions for OIDC-backed attestation generation
  - Capture digest from docker/build-push-action and publish provenance
• Document digest verification for Docker image consumers
  - Add verification instructions to security guidance
  - Add verification instructions to GitHub Action installation guide

Diagram

flowchart LR
  A["Release Workflow"] -->|"Capture digest"| B["docker/build-push-action"]
  B -->|"Publish provenance"| C["actions/attest-build-provenance"]
  C -->|"Push to registry"| D["GitHub Artifact Attestations"]
  D -->|"Enable verification"| E["Consumer Docs"]
  E -->|"Verification command"| F["gh attestation verify"]

Loading

File Changes

1. .github/workflows/publish.yml ✨ Enhancement +13/-1

Add Docker image attestation publishing to release workflow

• Add OIDC-backed permissions (id-token: write, attestations: write) to publish-docker job
• Add step ID to docker/build-push-action to capture output digest
• Add new actions/attest-build-provenance step to publish image provenance with `push-to-registry:
 true`

.github/workflows/publish.yml

---

2. SECURITY.md 📝 Documentation +8/-0

Document Docker image digest verification with attestations

• Add section documenting GitHub Artifact Attestation verification for Docker images
• Provide gh attestation verify command example with OCI image reference format

SECURITY.md

---

3. docs/docs/installation/github.md 📝 Documentation +7/-0

Document Docker digest verification in installation guide

• Add section documenting GitHub Artifact Attestation verification for pinned Docker digests
• Provide gh attestation verify command example for consumers

docs/docs/installation/github.md

---

[qodo-free-for-open-source-projects]

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0) 🎨 UX issues (0)

1. `` breaks shell example ✓ Resolved 📘 Rule violation ≡ Correctness

Description

The added gh attestation verify documentation examples use sha256:, where < is parsed by
shells as input redirection, making the copy/paste commands invalid. This undermines PR Compliance
ID 23’s requirement that modified docs/examples remain syntactically valid.

Code

SECURITY.md[R58-63]

+Official Docker Hub release images also publish GitHub Artifact Attestations, so you can verify a pinned digest before using it:
+
+```sh
+gh attestation verify \
+  oci://index.docker.io/pragent/pr-agent@sha256:<digest> \
+  --repo The-PR-Agent/pr-agent

Evidence

PR Compliance ID 23 requires that modified documentation examples remain syntactically valid, but
the newly added command snippets in SECURITY.md and docs/docs/installation/github.md include an
OCI reference like oci://...@sha256:. Because ` contains a <`, typical shells interpret it as
input redirection unless it is quoted or escaped, so the example as written will fail when copied
and pasted.

SECURITY.md[58-64]
docs/docs/installation/github.md[539-544]
Best Practice: Learned patterns

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The documentation shell examples for `gh attestation verify` use `sha256:<digest>`, and the `<` character is interpreted by most shells as input redirection when pasted, causing the command to fail; the examples must be adjusted so they are syntactically valid and copy/paste safe.
## Issue Context
PR Compliance ID 23 requires modified docs/examples to remain syntactically valid. The PR adds attestation verification snippets intended for end users (including a verification flow for users pinning Docker digests) and these commands should work when copied directly from the documentation without requiring the reader to guess quoting/escaping.
## Fix Focus Areas
- SECURITY.md[58-64]
- docs/docs/installation/github.md[539-544]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Overbroad workflow permissions ✓ Resolved 🐞 Bug ⛨ Security

Description

The publish-docker job grants packages: write to GITHUB_TOKEN even though the job only logs
into Docker Hub, builds/pushes images, and publishes attestations, increasing blast radius if a
step/action is compromised. No step in this job interacts with GitHub Packages/GHCR, so this
permission is unused here.

Code

.github/workflows/publish.yml[R94-98]

+    permissions:
+      contents: read
+      id-token: write
+      attestations: write
+      packages: write

Evidence

The permissions block includes packages: write, but the job steps are limited to checkout, Docker
Hub login, build/push to Docker Hub, and provenance attestation publication—none of which use GitHub
Packages.

.github/workflows/publish.yml[90-98]
.github/workflows/publish.yml[151-208]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The `publish-docker` job requests `packages: write` permission, but the job doesn’t use GitHub Packages/GHCR. This violates least-privilege and unnecessarily expands what a compromised workflow step could do with `GITHUB_TOKEN`.
### Issue Context
This job authenticates to Docker Hub, pushes images to Docker Hub, and publishes provenance attestations.
### Fix Focus Areas
- .github/workflows/publish.yml[94-98]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[naorpeled]

@copilot address Qodo's feedback

[Copilot]

@copilot address Qodo's feedback

Addressed in b91705a.