From 282ccd95590ac168270c45263e6ca0a18419979d Mon Sep 17 00:00:00 2001
From: Zxilly <zxilly@outlook.com>
Date: Wed, 19 Jun 2024 21:03:39 +0800
Subject: [PATCH] ci: also upload provenance

Signed-off-by: Zxilly <zxilly@outlook.com>
---
 .github/workflows/release.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 86ad64656b..30710e0495 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -64,6 +64,14 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Attest build provenance
+        id: attest
         uses: actions/attest-build-provenance@bdd51370e0416ac948727f861e03c2f05d32d78e # v1.3.2
         with:
-          subject-path: 'dist/go-size-analyzer*.*'
\ No newline at end of file
+          subject-path: 'dist/go-size-analyzer*.*'
+
+      - name: Upload build provenance
+        uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2.9.0
+        with:
+          asset_name: attestations.intoto.jsonl
+          file: ${{ steps.attest.outputs.bundle-path }}
+          overwrite: false
\ No newline at end of file