v0.13.0 release failed provenance validation

[imjasonh]

The release workflow failed during verification: https://github.com/ko-build/ko/actions/runs/4386793516/jobs/7681560335

Looking at the release artifacts, here: https://github.com/ko-build/ko/releases/tag/v0.13.0

There's a multiple.intoto.jsonl uploaded by the provenance generation workflow, but the verification step seems to be looking for attestation.intoto.jsonl. Please let me know if this is a bug on ko's end, or if this is a misconfiguration, or a bug in the SLSA provenance generation.

cc @laurentsimon @ianlewis

[ianlewis]

Apologies. It seems we updated the default name of the attestation artifact that gets uploaded. #980 addresses this by using the attestation-name output which gives the name of the artifact rather than using a static value.

[developer-guy]

Thanks for fixing this @ianlewis!