Merge pull request #11067 from austinvazquez/cherry-pick-3961dc9c8cb0e31925e45a2273bbdc06412be262-to-2.0

[release/2.0] Publish attestation as release artifact
2024-11-27 08:36:11 -08:00 · 2024-11-27 08:36:11 -08:00 · 961cac9aa0
commit 961cac9aa0
parent b4cab35e2b 34a45cab2a
1 changed files with 8 additions and 4 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -147,6 +147,13 @@ jobs:
        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          path: builds
+      - name: Attest Artifacts
+        id: attest
+        uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
+        with:
+          subject-path: ./builds/release-tars-**/*.tar.gz
+      - name: Rename attestation artifact
+        run: mv ${{ steps.attest.outputs.bundle-path }} containerd-${{ needs.check.outputs.stringver }}-attestation.intoto.jsonl
      - name: Create Release
        uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9
        with:
@ -158,8 +165,5 @@ jobs:
          body_path: ./builds/containerd-release-notes/release-notes.md
          files: |
            builds/release-tars-**/*
+            containerd-*-attestation.intoto.jsonl
          make_latest: true
-      - name: Attest Artifacts
-        uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
-        with:
-          subject-path: ./builds/release-tars-**/*.tar.gz