Skip to content

Commit

Permalink
chore: ITSEC-2207 Add SDK artifact SBOM signing (#2119)
Browse files Browse the repository at this point in the history
Signed-off-by: immutable-art <[email protected]>
  • Loading branch information
immutable-art authored Aug 29, 2024
1 parent 9ec60ca commit a24953d
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions .github/workflows/publish.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,9 @@ on:
branches:
- main

permissions:
attestations: write # Required for GitHub Attestation

env:
RELEASE_TYPE: ${{ github.event.inputs.release_type || 'alpha' }}
UPGRADE_TYPE: ${{ github.event.inputs.upgrade_type || 'none' }}
Expand Down Expand Up @@ -127,6 +130,11 @@ jobs:
tag: ${{ contains(env.RELEASE_TYPE, 'alpha') && 'alpha' }}
dry-run: ${{ env.DRY_RUN }}

- name: Generate SDK attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: './sdk'

- name: Authenticate NPM
if: contains(env.RELEASE_TYPE, 'release')
run: npm config set //registry.npmjs.org/:_authToken ${{ secrets.TS_IMMUTABLE_SDK_NPM_TOKEN }}
Expand Down

0 comments on commit a24953d

Please sign in to comment.