Skip to content

Commit

Permalink
release: attest tarball provenance
Browse files Browse the repository at this point in the history
  • Loading branch information
@thepwagner
thepwagner authored May 16, 2024
1 parent 2d2a849 commit 8526c4a
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ on:
permissions:
contents: write
packages: write
id-token: write

jobs:
release:
Expand All @@ -29,10 +30,14 @@ jobs:
mkdir -p tmp
sed '/^# '$version'/,/^# /!d;//d;/^\s*$/d' CHANGELOG.md > tmp/release_changelog.md
- name: Release
uses: goreleaser/goreleaser-action@5df302e5e9e4c66310a6b6493a8865b12c555af2
uses: goreleaser/goreleaser-action@5df302e5e9e4c66310a6b6493a8865b12c555af2 # v2.8.0
with:
distribution: goreleaser
version: v1.22.1
version: v1.25.1
args: release --clean --release-notes=tmp/release_changelog.md
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Sign .tar.gz"
uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1
with:
subject-path: "dist/*.tar.gz"

0 comments on commit 8526c4a

Please sign in to comment.