From 0a910e0fb67b85e5e71677e6481df3572e980188 Mon Sep 17 00:00:00 2001
From: Jeroen Knoops <jeroen.knoops@philips.com>
Date: Thu, 4 Nov 2021 12:06:35 +0100
Subject: [PATCH] chore(ci): Add provenance file (#1371)

Add provenance file for releases.

SLSA level 1
---
 .github/workflows/release.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2242c91742..954739c6f5 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -33,6 +33,7 @@ jobs:
           retention-days: 1
 
   release:
+    name: release
     runs-on: ubuntu-latest
     needs:
       prepare
@@ -80,4 +81,21 @@ jobs:
           cp .release/* .
           yarn
           yarn release --repositoryUrl https://x-access-token:$GITHUB_TOKEN@github.com/$GITHUB_REPOSITORY.git
+          
+  provenance:
+    name: Generate provenance
+    runs-on: ubuntu-20.04
+    needs: 
+      release
+    if: startsWith(github.ref, 'refs/tags/')
+
+    steps:
+      - name: Generate provenance for release
+        uses: philips-labs/slsa-provenance-action@v0.2.0
+        with:
+          artifact_path: release-assets
+          output_path: 'build.provenance'
+          tag_name: "${{ github.ref_name }}"
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"