From 1d677960fd214c851f17bb001882964a4a992427 Mon Sep 17 00:00:00 2001
From: David van der Spek <vanderspek.david@gmail.com>
Date: Thu, 28 Sep 2023 16:41:34 +0200
Subject: [PATCH] ci: disable provenance in docker bake

Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
---
 .github/workflows/build.yml   | 5 +++--
 .github/workflows/release.yml | 8 ++++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e63ca5bdd8c..f575145f895 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -46,8 +46,8 @@ jobs:
 
   build:
     permissions:
-      id-token: 'write' # to write to GHCR
-      packages: 'write' # to write to GHCR
+      id-token: write # to write to GHCR
+      packages: write # to write to GHCR
 
     runs-on: ubuntu-latest
     needs:
@@ -92,6 +92,7 @@ jobs:
         uses: docker/bake-action@v4
         with:
           targets: artifact-all
+          provenance: false
       -
         name: Move artifacts
         run: |
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 96720fae545..f37e6a748da 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,6 +7,7 @@ on:
 
 env:
   GHCR_SLUG: ghcr.io/${{ github.repository_owner }}/distribution
+  DOCKERHUB_SLUG: distribution/distribution
 
 permissions:
   contents: read # to fetch code (actions/checkout)
@@ -37,7 +38,7 @@ jobs:
 
   build:
     permissions:
-      contents: write # to create GitHub release (softprops/action-gh-release)
+      contents: write # to create GitHub release (cycjimmy/semantic-release-action)
       id-token: write # to write to GHCR
       packages: write # to write to GHCR
 
@@ -53,9 +54,10 @@ jobs:
         uses: cycjimmy/semantic-release-action@v4
         id: semantic_release
         with:
+          dry_run: true
+          semantic_version: 22.0.5
           extra_plugins: |
             conventional-changelog-conventionalcommits
-          dry_run: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Docker meta
@@ -99,6 +101,7 @@ jobs:
         uses: docker/bake-action@v4
         with:
           targets: artifact-all
+          provenance: false
       - name: Move artifacts
         run: |
           mv ./bin/**/* ./bin/
@@ -119,6 +122,7 @@ jobs:
       - name: Semantic Release
         uses: cycjimmy/semantic-release-action@v4
         with:
+          semantic_version: 22.0.5
           extra_plugins: |
             conventional-changelog-conventionalcommits
         env: