From f272ed9ba0a349c59a9587166e1e7e4322344261 Mon Sep 17 00:00:00 2001 From: Lucas TESSON Date: Wed, 10 Apr 2024 10:21:18 +0200 Subject: [PATCH] ci(release): generate subject before SLSA provenance --- .github/workflows/release.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2863c00..d451507 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -45,6 +45,16 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} VERSION_LDFLAGS: ${{ steps.ldflags.outputs.version }} + - name: Generate subject + id: hash + env: + ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}" + run: | + set -euo pipefail + + checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path') + echo "hashes=$(cat $checksum_file | base64 -w0)" >> "$GITHUB_OUTPUT" + provenance: needs: [goreleaser] permissions: