From 72d806aaf1fe3accbcb9cdb086cf44b00429035b Mon Sep 17 00:00:00 2001
From: Krishna Manchikalapudi <krishnam@jfrog.com>
Date: Tue, 7 Oct 2025 09:10:10 -0700
Subject: [PATCH] github attestation

---
 .github/workflows/jf-cli.yml    | 9 +++++++++
 spring-petclinic.code-workspace | 4 +++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/jf-cli.yml b/.github/workflows/jf-cli.yml
index eed78c159..b39cca4f8 100755
--- a/.github/workflows/jf-cli.yml
+++ b/.github/workflows/jf-cli.yml
@@ -6,6 +6,7 @@ permissions:
   packages: write # for uploading attestations.
   contents: read
   security-events: write # Required for uploading code scanning.
+  attestations: write
 env:
   JF_RT_URL: "https://${{vars.JF_NAME}}.jfrog.io"
   BUILD_NAME: "spring-petclinic"
@@ -227,6 +228,14 @@ jobs:
 
           jf rt bdc ${{env.RT_REPO_DOCKER_VIRTUAL}} --image-file ${{env.DOCKER_METADATA_JSON}} --build-name=${{env.BUILD_NAME}} --build-number=${{env.BUILD_ID}}
 
+          
+      - name: "Evidence: GitHub Attestation"
+        uses: actions/attest-build-provenance@v3
+        with:
+          subject-name: "oci://${{env.RT_REPO_DOCKER_URL}}"
+          subject-digest: "${{env.DOCKER_METADATA_JSON}}" #  "${{steps.config-docker.outputs.digest}}"
+
+
       - name: "BuildInfo: Build Publish"
         run: jf rt bp ${{env.BUILD_NAME}} ${{env.BUILD_ID}} --detailed-summary=true
 
diff --git a/spring-petclinic.code-workspace b/spring-petclinic.code-workspace
index 876a1499c..a200db562 100644
--- a/spring-petclinic.code-workspace
+++ b/spring-petclinic.code-workspace
@@ -4,5 +4,7 @@
 			"path": "."
 		}
 	],
-	"settings": {}
+	"settings": {
+		"java.compile.nullAnalysis.mode": "automatic"
+	}
 }
\ No newline at end of file