Publish attestation as release artifact

austinvazquez · austinvazquez · commit 34a45cab2a57 · 2024-11-26T19:47:08.000-07:00
Signed-off-by: Austin Vazquez <macedonv@amazon.com> (cherry picked from commit 3961dc9) Signed-off-by: Austin Vazquez <macedonv@amazon.com>
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -147,6 +147,13 @@ jobs:
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           path: builds
+      - name: Attest Artifacts
+        id: attest
+        uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
+        with:
+          subject-path: ./builds/release-tars-**/*.tar.gz
+      - name: Rename attestation artifact
+        run: mv ${{ steps.attest.outputs.bundle-path }} containerd-${{ needs.check.outputs.stringver }}-attestation.intoto.jsonl
       - name: Create Release
         uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9
         with:
@@ -158,8 +165,5 @@ jobs:
           body_path: ./builds/containerd-release-notes/release-notes.md
           files: |
             builds/release-tars-**/*
+            containerd-*-attestation.intoto.jsonl
           make_latest: true
-      - name: Attest Artifacts
-        uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
-        with:
-          subject-path: ./builds/release-tars-**/*.tar.gz
