* [x] Auth scope support * [x] Buildx 0.31.0 https://github.com/docker/buildx/pull/3562 * [x] Login Action https://github.com/docker/login-action/pull/912 * [x] Verify external dependencies * [x] Buildx binary * [x] Pin version https://github.com/docker/github-builder-experimental/pull/37 * [x] Sign binaries https://github.com/docker/buildx/pull/3520 * [x] Verify buildx binary signature on install in actions-toolkit https://github.com/docker/actions-toolkit/pull/929 * [x] BuildKit image `moby/buildkit` * [x] Pin image https://github.com/docker/github-builder-experimental/pull/37 * [x] Sign image https://github.com/moby/buildkit/pull/6388 * [x] Verify BuildKit image signature in reusable workflow https://github.com/docker/github-builder-experimental/pull/82 * [x] BuildKit Syft scanner image (SBOM) `docker/buildkit-syft-scanner` * [x] Pin image https://github.com/docker/github-builder-experimental/pull/76 * [x] Sign image https://github.com/docker/buildkit-syft-scanner/pull/153 * [x] Built-in signature verification of the image in BuildKit or in the reusable workflow using cosign https://github.com/docker/github-builder-experimental/pull/82 * [x] Cosign binary * [x] Verify cosign binary signature https://github.com/docker/actions-toolkit/pull/904 * [x] Binfmt image (QEMU action) `tonistiigi/binfmt` * [x] Pin image https://github.com/docker/github-builder-experimental/pull/79 * [x] Sign image https://github.com/tonistiigi/binfmt/pull/279 https://github.com/tonistiigi/binfmt/pull/286 * [x] Auth scope support to avoid rate limitation with Docker Hub * [x] Verification in the reusable workflow using cosign https://github.com/docker/github-builder-experimental/pull/82 * [x] GHA cache blobs https://github.com/docker/github-builder-experimental/pull/60 * [x] Pin GitHub Actions https://github.com/docker/github-builder-experimental/pull/53 * [x] Trusted publishing and signing for actions-toolkit module https://github.com/docker/actions-toolkit/pull/906 * [x] Support non-distributed builds https://github.com/docker/github-builder-experimental/pull/88 cc @tonistiigi @colinhemmings
moby/buildkitdocker/buildkit-syft-scannertonistiigi/binfmtcc @tonistiigi @colinhemmings