Skip to content

Commit d1c4e9f

Browse files
developer-guydeveloper-guy
authored
verify provenance (#1611)
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
1 parent df518f9 commit d1c4e9f

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

.github/workflows/release.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -55,14 +55,15 @@ jobs:
5555
- name: Download assets
5656
env:
5757
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
58+
PROVENANCE: "${{ needs.provenance.outputs.provenance-name }}"
5859
run: |
5960
set -euo pipefail
6061
gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "*.tar.gz"
61-
gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "multiple.intoto.jsonl"
62+
gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p $PROVENANCE
6263
- name: Verify assets
6364
env:
6465
CHECKSUMS: ${{ needs.goreleaser.outputs.hashes }}
65-
PROVENANCE: "${{ needs.provenance.outputs.attestation-name }}"
66+
PROVENANCE: "${{ needs.provenance.outputs.provenance-name }}"
6667
run: |
6768
set -euo pipefail
6869
checksums=$(echo "$CHECKSUMS" | base64 -d)

0 commit comments

Comments
 (0)