upload sig json

Signed-off-by: Anas Nashif <[email protected]>

Author: nashif

.github/workflows/release.yml

@@ -60,7 +60,8 @@ jobs:
 
 
       # This step uses 'gh-action-sigstore-python' to sign the file designated in the inputs field.
-      - uses: sigstore/[email protected]
+      - name: Sign
+        uses: sigstore/[email protected]
         with:
           inputs: zephyr-${{ steps.get_version.outputs.VERSION }}.spdx
 
@@ -74,3 +75,14 @@ jobs:
           asset_path: zephyr-${{ steps.get_version.outputs.VERSION }}.spdx
           asset_name: zephyr-${{ steps.get_version.outputs.VERSION }}.spdx
           asset_content_type: text/plain
+
+      - name: Upload Release Assets (Sig)
+        id: upload-release-asset
+        uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: zephyr-${{ steps.get_version.outputs.VERSION }}.spdx.sigstore.json
+          asset_name: zephyr-${{ steps.get_version.outputs.VERSION }}.spdx.sigstore.json
+          asset_content_type: application/json