github · GitHub Actions Docs
Actions Enforcing artifact attestations with a Kubernetes admission controller - GitHub Docs
Implements a security workflow to enforce artifact attestations within a Kubernetes cluster using an admission controller to ensure only verified artifacts are deployed.
Derived skill
Files assembled from official documentation
Viewing SKILL.md
Actions Enforcing artifact attestations with a Kubernetes admission controller - GitHub Docs
Implements a security workflow to enforce artifact attestations within a Kubernetes cluster using an admission controller to ensure only verified artifacts are deployed.
When To Use
Use when you need to prevent the deployment of unverified or untrusted container images in a Kubernetes environment by validating GitHub Actions artifact attestations.
Reference Files
| File | Contains | Use For |
|---|---|---|
SKILL.md | Entry point: scope, routing table, and workflow. | Start here. |
docs/actions-how-tos-secure-your-work-enforcing-artifact-attestations-with-a-workflow-guide.md | A guide on deploying the Sigstore Policy Controller and configuring ClusterImagePolicy to enforce GitHub Actions artifact attestations within a Kubernetes cluster. | Questions about a guide on deploying the Sigstore Policy Controller and configuring ClusterImagePolicy to enforce GitHub Actions arti... |
examples/actions-how-tos-secure-your-work-enforcing-artifact-attestations-with-a-.text | A helm upgrade command to install the Sigstore policy controller for enforcing artifact attestations in a Kubernetes namespace. | Exact payloads, commands, or snippets shown in A helm upgrade command to install the Sigstore policy controller for enforcing artifact attestations in a Kubernetes... |
examples/actions-how-tos-secure-your-work-enforcing-artifact-attestations-with-a--2.text | A helm upgrade command to install the artifact attestations trust policies into a Kubernetes namespace. | Exact payloads, commands, or snippets shown in A helm upgrade command to install the artifact attestations trust policies into a Kubernetes namespace. |
examples/actions-how-tos-secure-your-work-enforcing-artifact-attestations-with-a--3.text | A text file containing Kubernetes admission controller policy metadata labels for enforcing artifact attestations. | Exact payloads, commands, or snippets shown in A text file containing Kubernetes admission controller policy metadata labels for enforcing artifact attestations. |
examples/actions-how-tos-secure-your-work-enforcing-artifact-attestations-with-a--4.text | A kubectl command to label a Kubernetes namespace to include it in the artifact attestation enforcement policy. | Exact payloads, commands, or snippets shown in A kubectl command to label a Kubernetes namespace to include it in the artifact attestation enforcement policy. |
examples/actions-how-tos-secure-your-work-enforcing-artifact-attestations-with-a--5.text | A helm upgrade command used to install the artifact attestations trust policies helm chart into a kubernetes namespace. | Exact payloads, commands, or snippets shown in A helm upgrade command used to install the artifact attestations trust policies helm chart into a kubernetes namespace. |
examples/actions-how-tos-secure-your-work-enforcing-artifact-attestations-with-a--6.text | Helm values configuration for the Sigstore policy controller used to enforce artifact attestations in a Kubernetes cluster. | Exact payloads, commands, or snippets shown in Helm values configuration for the Sigstore policy controller used to enforce artifact attestations in a Kubernetes cl... |
examples/actions-how-tos-secure-your-work-enforcing-artifact-attestations-with-a--7.text | Helm values configuration for the GitHub artifact attestations trust policies admission controller. | Exact payloads, commands, or snippets shown in Helm values configuration for the GitHub artifact attestations trust policies admission controller. |
What This Skill Covers
-
- GitHub Actions / - How-tos / - Secure your work / - Use artifact attestations / - Enforce artifact attestations
- Main sections:
Getting started with Kubernetes admission controller,Deploy the Sigstore Policy Controller,Add the GitHub TrustRoot and a ClusterImagePolicy,Enable the policy in your namespace,Advanced usage.
Workflow
- Open the most relevant file under
docs/for the exact documented workflow and wording. - Open
schemas/files for exact structured contracts. - Open
examples/files for concrete requests, commands, snippets, and manifests. - Do not add behavior or configuration that is not present in the attached source files.
Canonical source: https://docs.github.com/en/actions/how-tos/secure-your-work/use-artifact-attestations/enforce-artifact-attestations