Skip to content

Commit

Permalink
Use attestation instead of signature
Browse files Browse the repository at this point in the history
  • Loading branch information
@trask
trask committed Feb 10, 2025
1 parent e975536 commit ae7f480
Showing 1 changed file with 19 additions and 4 deletions.
23 changes: 19 additions & 4 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ jobs:
release:
permissions:
contents: write # for creating the release
attestations: write # for creating the attestation
id-token: write # for creating the attestation
runs-on: ubuntu-latest
needs:
- required-jobs
Expand Down Expand Up @@ -169,20 +171,33 @@ jobs:
.github/scripts/generate-release-contributors.sh v$PRIOR_VERSION >> /tmp/release-notes.txt
fi
- name: Simplify jar path for attesting and attaching
run: |
cp javaagent/build/libs/opentelemetry-javaagent-${VERSION}.jar opentelemetry-javaagent.jar
- id: attest
uses: actions/attest-build-provenance@v2
with:
subject-path: |
opentelemetry-javaagent.jar
opentelemetry-java-instrumentation-SBOM.zip
- name: Rename attestation bundle file for attaching
run: |
cp ${{ steps.attest.outputs.bundle-path }} attestations.intoto.jsonl
- id: create-github-release
name: Create GitHub release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cp javaagent/build/libs/opentelemetry-javaagent-${VERSION}.jar opentelemetry-javaagent.jar
cp javaagent/build/libs/opentelemetry-javaagent-${VERSION}.jar.asc opentelemetry-javaagent.jar.asc
gh release create --target $GITHUB_REF_NAME \
--title "Version $VERSION" \
--notes-file /tmp/release-notes.txt \
v$VERSION \
opentelemetry-javaagent.jar \
opentelemetry-javaagent.asc.jar \
opentelemetry-java-instrumentation-SBOM.zip
opentelemetry-java-instrumentation-SBOM.zip \
attestations.intoto.jsonl
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "prior-version=$PRIOR_VERSION" >> $GITHUB_OUTPUT
Expand Down

0 comments on commit ae7f480

Please sign in to comment.