From 4e4347072bce3c1d79000b7cac6a5db197959f6c Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@icinga.com>
Date: Tue, 1 Apr 2025 09:47:21 +0200
Subject: [PATCH] `container-image` workflow: Don't push attestations to image
 registries

Without further investigation, this only seems to push the image with the
digest as a tag, which only pollutes the registry.
---
 .github/workflows/container-image.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml
index 1517bb61e..0f109e4a5 100644
--- a/.github/workflows/container-image.yml
+++ b/.github/workflows/container-image.yml
@@ -103,7 +103,7 @@ jobs:
         with:
           subject-name: ghcr.io/${{ env.IMAGE_NAME }}
           subject-digest: ${{ steps.build-and-push.outputs.digest }}
-          push-to-registry: true
+          push-to-registry: false
 
       - name: Generate artifact attestation for Docker Hub
         if: github.event_name != 'pull_request'
@@ -115,4 +115,4 @@ jobs:
           # [^1]: https://github.com/actions/attest-build-provenance?tab=readme-ov-file#container-image
           subject-name: index.docker.io/${{ env.IMAGE_NAME }}
           subject-digest: ${{ steps.build-and-push.outputs.digest }}
-          push-to-registry: true
+          push-to-registry: false