From ca613d0d5ba6acc72ecdbf65681b57ea36c4dd10 Mon Sep 17 00:00:00 2001
From: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Date: Tue, 26 Dec 2023 11:11:42 +0530
Subject: [PATCH] Ensure SLSA Attestations are Generated when Possible (#889)

Signed-off-by: coder12git <suruchikumarimfp4@gmail.com>
---
 .github/workflows/release.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 0b97b2d07f..6f62de7d4b 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -13,8 +13,19 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
+
+      - name: Install tejolote
+        uses: kubernetes-sigs/release-actions/setup-tejolote@dd08496c83441d6477114cc0555b96d404dacff7 # v0.1.2
+
+      - name: Run tejolote 
+        env:
+          TAG: ${{ github.ref_name }}
+        run: |
+          tejolote attest --artifacts github://kubernetes-sigs/karpenter/"${TAG}" github://kubernetes-sigs/karpenter/"${{ github.run_id }}" --output karpenter.intoto.json --sign
+
       - name: Create Github Release
         uses: marvinpinto/action-automatic-releases@919008cf3f741b179569b7a6fb4d8860689ab7f0 # v1.2.1
         with:
+          files: karpenter.intoto.json
           repo_token: "${{ secrets.GITHUB_TOKEN }}"
           prerelease: false