github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Attest artifacts in release workflow

Browse Source 
Signed-off-by: Vishal Reddy Gurrala <vishalgurrala21@gmail.com>
This commit is contained in:
Vishal Reddy Gurrala 2024-08-05 20:54:34 -05:00
parent 337d8c52c5
commit fc1637d16e
No known key found for this signature in database
GPG Key ID: 36FD6EF79F691FAE
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.github/workflows/release.yml vendored
View File

@ -17,8 +17,6 @@ env:
permissions: # added using https://github.com/step-security/secure-workflows permissions: # added using https://github.com/step-security/secure-workflows
contents: read contents: read
id-token: write
attestations: write
jobs: jobs:
check: check:
@ -133,16 +131,14 @@ jobs:
with: with:
name: release-tars-${{env.PLATFORM_CLEAN}} name: release-tars-${{env.PLATFORM_CLEAN}}
path: src/github.com/containerd/containerd/releases/*.tar.gz* path: src/github.com/containerd/containerd/releases/*.tar.gz*
- name: Attest Artifacts
uses: actions/attest-build-provenance@v1
with:
subject-path: src/github.com/containerd/containerd/releases/release-tars-${{env.PLATFORM_CLEAN}}.tar.gz*
release: release:
name: Create containerd Release name: Create containerd Release
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
permissions: permissions:
contents: write contents: write
id-token: write
attestations: write
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
timeout-minutes: 10 timeout-minutes: 10
needs: [build, check] needs: [build, check]
@ -163,3 +159,7 @@ jobs:
files: | files: |
builds/release-tars-**/* builds/release-tars-**/*
make_latest: false make_latest: false
- name: Attest Artifacts
uses: actions/attest-build-provenance@v1
with:
subject-path: ./builds/release-tars-**/*.tar.gz