Add build provenance for releases

philips-labs · Nov 4, 2021 · f9812db · f9812db
1 parent 7ad10a7
commit f9812db
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -182,3 +182,19 @@ jobs:
           docker logout
           docker logout ${{ secrets.HSDP_DOCKER_REGISTRY }}
           docker logout ghcr.io
+
+  provenance:
+    name: Generate provenance
+    runs-on: ubuntu-20.04
+    needs: [release]
+    if: startsWith(github.ref, 'refs/tags/')
+
+    steps:
+      - name: Generate provenance for release
+        uses: philips-labs/slsa-provenance-action@v0.2.0
+        with:
+          artifact_path: release-assets
+          output_path: 'provenance.json'
+          tag_name: "${{ github.ref_name }}"
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"