From a921f9f99463242ade02fda7eb18699bca970fa1 Mon Sep 17 00:00:00 2001
From: CrazyMax <crazy-max@users.noreply.github.com>
Date: Fri, 16 Dec 2022 06:57:56 +0100
Subject: [PATCH 1/3] Dockerfile: update Alpine to 3.17

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index fb235c5b..a9cad2b6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,12 +15,12 @@
 #syntax=docker/dockerfile:1
 
 ARG GO_VERSION="1.19"
-ARG ALPINE_VERSION="3.16"
+ARG ALPINE_VERSION="3.17"
 ARG XX_VERSION="1.1.2"
 
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
 
-FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS base
+FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS base
 COPY --from=xx / /
 ENV CGO_ENABLED=0
 RUN apk add --no-cache file git

From 096ea2106d8cf645f1710c08c90720eb5b11aefe Mon Sep 17 00:00:00 2001
From: CrazyMax <crazy-max@users.noreply.github.com>
Date: Fri, 16 Dec 2022 07:03:55 +0100
Subject: [PATCH 2/3] ci: opt-in sbom and provenance

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
---
 .github/workflows/ci.yaml | 9 +++++++++
 Dockerfile                | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 88413c7a..38be2a79 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -15,6 +15,8 @@ on:
 
 env:
   DOCKERHUB_SLUG: docker/buildkit-syft-scanner
+  BUILDX_VERSION: v0.10.0-rc2
+  BUILDKIT_IMAGE: moby/buildkit:v0.11.0-rc3
 
 jobs:
   build:
@@ -48,6 +50,10 @@ jobs:
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver-opts: image=${{ env.BUILDKIT_IMAGE }}
+          buildkitd-flags: --debug
       -
         name: Login to DockerHub
         if: github.event_name != 'pull_request'
@@ -64,3 +70,6 @@ jobs:
             ${{ steps.meta.outputs.bake-file }}
           targets: image
           push: ${{ github.event_name != 'pull_request' }}
+          set: |
+            *.attest=type=sbom
+            *.attest=type=provenance,mode=max,builder-id=https://github.com/${{ env.GITHUB_REPOSITORY }}/actions/runs/${{ env.GITHUB_RUN_ID }}
diff --git a/Dockerfile b/Dockerfile
index a9cad2b6..d4358bfd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-#syntax=docker/dockerfile:1
+# syntax=docker/dockerfile-upstream:master
 
 ARG GO_VERSION="1.19"
 ARG ALPINE_VERSION="3.17"

From bf45c0ba2ae7165da8b00ededc8f2694e4e9f08d Mon Sep 17 00:00:00 2001
From: CrazyMax <crazy-max@users.noreply.github.com>
Date: Fri, 16 Dec 2022 07:04:46 +0100
Subject: [PATCH 3/3] ci: enable gha cache

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
---
 .github/workflows/ci.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 38be2a79..c488000b 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -71,5 +71,7 @@ jobs:
           targets: image
           push: ${{ github.event_name != 'pull_request' }}
           set: |
+            *.cache-from=type=gha,scope=image
+            *.cache-to=type=gha,scope=image,mode=max
             *.attest=type=sbom
             *.attest=type=provenance,mode=max,builder-id=https://github.com/${{ env.GITHUB_REPOSITORY }}/actions/runs/${{ env.GITHUB_RUN_ID }}