diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0408fdc3e3eb..bedd681f862d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,6 +21,8 @@ jobs: release: permissions: contents: write # for creating the release + attestations: write # for creating the attestation + id-token: write # for creating the attestation runs-on: ubuntu-latest needs: - required-jobs @@ -169,20 +171,33 @@ jobs: .github/scripts/generate-release-contributors.sh v$PRIOR_VERSION >> /tmp/release-notes.txt fi + - name: Simplify jar path for attesting and attaching + run: | + cp javaagent/build/libs/opentelemetry-javaagent-${VERSION}.jar opentelemetry-javaagent.jar + + - id: attest + uses: actions/attest-build-provenance@v2 + with: + subject-path: | + opentelemetry-javaagent.jar + opentelemetry-java-instrumentation-SBOM.zip + + - name: Rename attestation bundle file for attaching + run: | + cp ${{ steps.attest.outputs.bundle-path }} attestation.intoto.jsonl + - id: create-github-release name: Create GitHub release env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - cp javaagent/build/libs/opentelemetry-javaagent-${VERSION}.jar opentelemetry-javaagent.jar - cp javaagent/build/libs/opentelemetry-javaagent-${VERSION}.jar.asc opentelemetry-javaagent.jar.asc gh release create --target $GITHUB_REF_NAME \ --title "Version $VERSION" \ --notes-file /tmp/release-notes.txt \ v$VERSION \ opentelemetry-javaagent.jar \ - opentelemetry-javaagent.asc.jar \ - opentelemetry-java-instrumentation-SBOM.zip + opentelemetry-java-instrumentation-SBOM.zip \ + attestation.intoto.jsonl echo "version=$VERSION" >> $GITHUB_OUTPUT echo "prior-version=$PRIOR_VERSION" >> $GITHUB_OUTPUT