From 71ce2b83f18ead417db487fbd5a134d5400bf439 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 18 Jul 2024 13:56:45 +0200
Subject: [PATCH] Post provenance data to the public transparency log for
 private repos

We are OK with making private repository names discoverable via the
public Rekor API server.
---
 .github/workflows/build-packages.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml
index d6b69a16c4..6ece22db86 100644
--- a/.github/workflows/build-packages.yml
+++ b/.github/workflows/build-packages.yml
@@ -195,6 +195,7 @@ jobs:
       base64-subjects: "${{ needs.build.outputs[format('pkghashes-{0}-{1}', matrix.os, matrix.architecture)] }}"
       upload-assets: false
       provenance-name: "${{ inputs.product }}-${{ needs.build.outputs.version }}-${{ matrix.os }}-${{ matrix.architecture }}.intoto.jsonl"
+      private-repository: true
 
   provenance-src:
     needs: build
@@ -208,6 +209,7 @@ jobs:
       base64-subjects: "${{ needs.build.outputs.srchashes }}"
       upload-assets: false
       provenance-name: "${{ inputs.product }}-${{ needs.build.outputs.version }}-src.intoto.jsonl"
+      private-repository: true
 
   upload-provenance:
     needs: [prepare, build, provenance-src, provenance-pkgs]
-- 
2.47.2