Feature request
Could PR-Agent publish verifiable provenance for official Docker Hub images, such as GitHub Artifact Attestations, SLSA provenance, and/or cosign signatures?
The goal is for consumers to verify that a pinned image digest like pragent/pr-agent@sha256:<digest> was built from The-PR-Agent/pr-agent at a specific commit or tag.
Ideally, consumers could verify this using GitHub artifact attestations or cosign with the repository’s GitHub Actions OIDC identity.
Related context: #2306 reported that some earlier Docker tags appeared not to match their corresponding source tags. I’m not assuming that is still happening, but it highlights why downstream users need a verifiable way to answer “which source commit produced this image digest?”
Edit to add example
For example:
gh attestation verify \
oci://index.docker.io/pragent/pr-agent@sha256:<digest> \
--repo The-PR-Agent/pr-agent
Motivation
Downstream users may want to pin pragent/pr-agent Docker images by digest in CI/CD pipelines so the runtime image is repeatable and not affected by mutable tags such as latest.
However, digest pinning only verifies that the same image bytes are pulled each time. It does not prove that the image was built from this GitHub repository, or from a specific source tag or commit.
This matters for users who need to evaluate supply-chain risk before using PR-Agent in organization-managed CI/CD environments.
Related issue #2306 shows that Docker image/source alignment has already been a real consumer concern. Even if that specific issue is resolved, it highlights the value of publishing verifiable provenance so consumers can answer: “which source commit produced this image digest?”
Without published provenance, organizations may need to fork the repository or rebuild and publish their own internal images solely to establish source provenance. Published attestations or signatures would make it safer and easier to consume the official Docker images directly.
Feature request
Could PR-Agent publish verifiable provenance for official Docker Hub images, such as GitHub Artifact Attestations, SLSA provenance, and/or cosign signatures?
The goal is for consumers to verify that a pinned image digest like
pragent/pr-agent@sha256:<digest>was built fromThe-PR-Agent/pr-agentat a specific commit or tag.Ideally, consumers could verify this using GitHub artifact attestations or cosign with the repository’s GitHub Actions OIDC identity.
Related context: #2306 reported that some earlier Docker tags appeared not to match their corresponding source tags. I’m not assuming that is still happening, but it highlights why downstream users need a verifiable way to answer “which source commit produced this image digest?”
Edit to add example
For example:
Motivation
Downstream users may want to pin
pragent/pr-agentDocker images by digest in CI/CD pipelines so the runtime image is repeatable and not affected by mutable tags such aslatest.However, digest pinning only verifies that the same image bytes are pulled each time. It does not prove that the image was built from this GitHub repository, or from a specific source tag or commit.
This matters for users who need to evaluate supply-chain risk before using PR-Agent in organization-managed CI/CD environments.
Related issue #2306 shows that Docker image/source alignment has already been a real consumer concern. Even if that specific issue is resolved, it highlights the value of publishing verifiable provenance so consumers can answer: “which source commit produced this image digest?”
Without published provenance, organizations may need to fork the repository or rebuild and publish their own internal images solely to establish source provenance. Published attestations or signatures would make it safer and easier to consume the official Docker images directly.