build(deps): bump actions/attest-build-provenance from 2 to 3

Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2 to 3.
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](https://github.com/actions/attest-build-provenance/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2025-08-29 18:09:52 +00:00 committed by GitHub
parent c4a93e74a4
commit bf3d6dcc50
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -149,7 +149,7 @@ jobs:
- name: Generate artifact attestation for GitHub Container Registry
if: github.event_name != 'pull_request'
uses: actions/attest-build-provenance@v2
uses: actions/attest-build-provenance@v3
with:
subject-name: ghcr.io/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.build-and-push.outputs.digest }}
@ -157,7 +157,7 @@ jobs:
- name: Generate artifact attestation for Docker Hub
if: github.event_name != 'pull_request'
uses: actions/attest-build-provenance@v2
uses: actions/attest-build-provenance@v3
with:
# According to the documentation [^1],
# "index.docker.io" should be used as the registry portion of the image name when pushing to Docker Hub.