Skip to content

cherry-pick: address disruption taint race condition (#1180) (#1206) #81

cherry-pick: address disruption taint race condition (#1180) (#1206)

cherry-pick: address disruption taint race condition (#1180) (#1206) #81

Workflow file for this run

name: Release
on:
push:
tags: ['v*.*.*']
permissions:
contents: read
jobs:
release:
env:
TAG: ${{ github.ref_name }}
permissions:
contents: write # Needed for creating and editing releases
id-token: write # Needed for cosigning build attestation files with tejolote
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
fetch-depth: 0
- name: Run vexctl
uses: openvex/generate-vex@31b415924ea0d72ed5f2640f1dee59dea6c2770b
with:
product: pkg:generic/karpenter@${{ env.TAG }}
file: karpenter.vex.json
- name: Create Github Release
uses: marvinpinto/action-automatic-releases@919008cf3f741b179569b7a6fb4d8860689ab7f0 # v1.2.1
with:
files: |
karpenter.vex.json
repo_token: "${{ secrets.GITHUB_TOKEN }}"
prerelease: false
- name: Install tejolote
uses: kubernetes-sigs/release-actions/setup-tejolote@841d76a188a7c121231a863572e27012805715a2 # v0.1.4
- name: Run tejolote
run: |
tejolote attest "github://kubernetes-sigs/karpenter/${{ github.run_id }}" --artifacts "github://kubernetes-sigs/karpenter/$TAG" --output karpenter.intoto.json --sign
- name: Add the tejolote provenance attestation to release
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release upload "$TAG" karpenter.intoto.json