|
21 | 21 | release: |
22 | 22 | permissions: |
23 | 23 | contents: write # for creating the release |
| 24 | + attestations: write # for creating the attestation |
| 25 | + id-token: write # for creating the attestation |
24 | 26 | runs-on: ubuntu-latest |
25 | 27 | needs: |
26 | 28 | - required-jobs |
@@ -169,20 +171,33 @@ jobs: |
169 | 171 | .github/scripts/generate-release-contributors.sh v$PRIOR_VERSION >> /tmp/release-notes.txt |
170 | 172 | fi |
171 | 173 |
|
| 174 | + - name: Simplify jar path for attesting and attaching |
| 175 | + run: | |
| 176 | + cp javaagent/build/libs/opentelemetry-javaagent-${VERSION}.jar opentelemetry-javaagent.jar |
| 177 | +
|
| 178 | + - id: attest |
| 179 | + uses: actions/attest-build-provenance@v2 |
| 180 | + with: |
| 181 | + subject-path: | |
| 182 | + opentelemetry-javaagent.jar |
| 183 | + opentelemetry-java-instrumentation-SBOM.zip |
| 184 | +
|
| 185 | + - name: Rename attestation bundle file for attaching |
| 186 | + run: | |
| 187 | + cp ${{ steps.attest.outputs.bundle-path }} attestation.intoto.jsonl |
| 188 | +
|
172 | 189 | - id: create-github-release |
173 | 190 | name: Create GitHub release |
174 | 191 | env: |
175 | 192 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
176 | 193 | run: | |
177 | | - cp javaagent/build/libs/opentelemetry-javaagent-${VERSION}.jar opentelemetry-javaagent.jar |
178 | | - cp javaagent/build/libs/opentelemetry-javaagent-${VERSION}.jar.asc opentelemetry-javaagent.jar.asc |
179 | 194 | gh release create --target $GITHUB_REF_NAME \ |
180 | 195 | --title "Version $VERSION" \ |
181 | 196 | --notes-file /tmp/release-notes.txt \ |
182 | 197 | v$VERSION \ |
183 | 198 | opentelemetry-javaagent.jar \ |
184 | | - opentelemetry-javaagent.asc.jar \ |
185 | | - opentelemetry-java-instrumentation-SBOM.zip |
| 199 | + opentelemetry-java-instrumentation-SBOM.zip \ |
| 200 | + attestation.intoto.jsonl |
186 | 201 |
|
187 | 202 | echo "version=$VERSION" >> $GITHUB_OUTPUT |
188 | 203 | echo "prior-version=$PRIOR_VERSION" >> $GITHUB_OUTPUT |
|
0 commit comments