From 606996079228b44cc68e3f9de02be4ffaf55eb86 Mon Sep 17 00:00:00 2001
From: Javier Rodriguez <javier@chainloop.dev>
Date: Mon, 7 Apr 2025 10:58:45 +0200
Subject: [PATCH] chore(ci): Attest Chainloop CLI on release

Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
---
 .github/workflows/release.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 53c859059..9e39a9bad 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -120,6 +120,18 @@ jobs:
             fi
           done
 
+          # Attest the cli binaries
+          binaries=$(cat dist/artifacts.json | jq -r '.[] | select(.type=="Binary" and .extra.ID!="binaries-cli") | select(.path | startswith("dist/cli"))  | .path')
+          echo "$binaries" | while IFS= read -r entry; do
+            # Extract OS and ARCH
+            os_arch=$(echo "$entry" | sed -E 's|dist/cli_([^_]+)_([^/_]+).*|\1-\2|')
+
+            # Format as chainloop-OS-ARCH
+            material_name="chainloop-$os_arch"
+
+            chainloop attestation add --name $material_name --value $entry --kind ARTIFACT
+          done
+
       - name: Bump Chart and Dagger Version
         run: .github/workflows/utils/bump-chart-and-dagger-version.sh deployment/chainloop extras/dagger ${{ github.ref_name }}
       - name: Bump Project Version