From 40f6332c08be7d398176297a73c6ad6827b89162 Mon Sep 17 00:00:00 2001
From: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
Date: Wed, 6 May 2026 21:02:51 +1000
Subject: [PATCH] chore: enable OCI artifact type for attestation manifests

BuildKit's default image exporter does not set `artifactType` or the OCI
1.1 Referrers `subject` backlink on attestation manifests. Setting
`oci-artifact=true` on the image exporter adds both, so SBOM and
provenance attestations become discoverable through the OCI Referrers API.

`oci-mediatypes=true` is redundant (BuildKit already defaults it to true
when pushing to a registry, which is why the top-level index is already
`application/vnd.oci.image.index.v1+json`) but kept for clarity.

Same fix as cloudnative-pg/cloudnative-pg#10601, mirroring
cloudnative-pg/postgres-extensions-containers#198.

Closes #436

Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
---
 docker-bake.hcl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docker-bake.hcl b/docker-bake.hcl
index 0fccfe45..dc97af13 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -85,6 +85,9 @@ target "default" {
     STANDARD_ADDITIONAL_POSTGRES_PACKAGES = "${getStandardAdditionalPostgresPackagesPerMajorVersion(getMajor(pgVersion))}"
     BARMAN_VERSION = "${barmanVersion}"
   }
+  output = [
+    "type=image,oci-mediatypes=true,oci-artifact=true",
+  ]
   attest = [
     "type=provenance,mode=max",
     "type=sbom"