chore(ci): Add provenance file (philips-labs#1371)

Add provenance file for releases. SLSA level 1 Signed-off-by: Nathaniel McAuliffe <[email protected]>
mcaulifn · Nov 9, 2021 · a8e050c · a8e050c
1 parent b7f0711
commit a8e050c
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -33,6 +33,7 @@ jobs:
           retention-days: 1
 
   release:
+    name: release
     runs-on: ubuntu-latest
     needs:
       prepare
@@ -80,4 +81,21 @@ jobs:
           cp .release/* .
           yarn
           yarn release --repositoryUrl https://x-access-token:[email protected]/$GITHUB_REPOSITORY.git
+          
+  provenance:
+    name: Generate provenance
+    runs-on: ubuntu-20.04
+    needs: 
+      release
+    if: startsWith(github.ref, 'refs/tags/')
+
+    steps:
+      - name: Generate provenance for release
+        uses: philips-labs/[email protected]
+        with:
+          artifact_path: release-assets
+          output_path: 'build.provenance'
+          tag_name: "${{ github.ref_name }}"
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"