mirror of
https://github.com/mwisnowski/mtg_python_deckbuilder.git
synced 2026-04-04 12:17:17 +02:00
75184a5967
* feat: add SBOM generation and build provenance attestation to release workflows * docs: update release notes template with SBOM unreleased entry
429 B
429 B
MTG Python Deckbuilder
[Unreleased]
Added
- SBOM & supply chain provenance: Every tagged release now attaches source SBOMs (SPDX + CycloneDX JSON) for Python dependencies and a CycloneDX container image SBOM to the GitHub Release assets. Build provenance attestations (SLSA-style) are published for the multi-arch Docker image via the GitHub Attestations API.
provenance: mode=maxis enabled on all arch builds.