From b28a286a5207091e46ca9def6bf6d96cefbbfec1 Mon Sep 17 00:00:00 2001
From: Javier Rodriguez <javier@chainloop.dev>
Date: Fri, 11 Apr 2025 10:55:33 +0200
Subject: [PATCH 1/2] chore(ci): Include SLSA attestation link on chainloop
 attestation

Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
---
 .github/workflows/contracts/chainloop-vault-release.yml | 5 +++++
 .github/workflows/release.yaml                          | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/contracts/chainloop-vault-release.yml b/.github/workflows/contracts/chainloop-vault-release.yml
index 6dae43ccc..18c1a1568 100644
--- a/.github/workflows/contracts/chainloop-vault-release.yml
+++ b/.github/workflows/contracts/chainloop-vault-release.yml
@@ -1,5 +1,10 @@
 # Contract for the release workflow
 schemaVersion: v1
+materials:
+  - name: slsa-attestation
+    type: SLSA_PROVENANCE
+    annotations:
+      - name: githubattestation
 policies:
   attestation:
     - ref: source-commit
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 1bdd06f84..db4030a21 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -174,7 +174,7 @@ jobs:
 
       - name: Attest SLSA attestation
         run: |
-          chainloop attestation --name slsa-attestation add --value ${{ steps.slsa-attest.outputs.bundle-path }} --kind SLSA_PROVENANCE --attestation-id ${{ env.ATTESTATION_ID }}
+          chainloop attestation --name slsa-attestation add --value ${{ steps.slsa-attest.outputs.bundle-path }} --annotation githubattestation="${{ steps.slsa-attest.outputs.attestation-url }}" --kind SLSA_PROVENANCE --attestation-id ${{ env.ATTESTATION_ID }}
 
       - name: Include source code on attestation
         run: |

From 9ba280232e8409b3cfd40bf44da409da444d74c8 Mon Sep 17 00:00:00 2001
From: Javier Rodriguez <javier@chainloop.dev>
Date: Fri, 11 Apr 2025 11:05:53 +0200
Subject: [PATCH 2/2] modify annotation name

Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
---
 .github/workflows/contracts/chainloop-vault-release.yml | 2 +-
 .github/workflows/release.yaml                          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/contracts/chainloop-vault-release.yml b/.github/workflows/contracts/chainloop-vault-release.yml
index 18c1a1568..f1b41290c 100644
--- a/.github/workflows/contracts/chainloop-vault-release.yml
+++ b/.github/workflows/contracts/chainloop-vault-release.yml
@@ -4,7 +4,7 @@ materials:
   - name: slsa-attestation
     type: SLSA_PROVENANCE
     annotations:
-      - name: githubattestation
+      - name: github_attestation
 policies:
   attestation:
     - ref: source-commit
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index db4030a21..f3847f735 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -174,7 +174,7 @@ jobs:
 
       - name: Attest SLSA attestation
         run: |
-          chainloop attestation --name slsa-attestation add --value ${{ steps.slsa-attest.outputs.bundle-path }} --annotation githubattestation="${{ steps.slsa-attest.outputs.attestation-url }}" --kind SLSA_PROVENANCE --attestation-id ${{ env.ATTESTATION_ID }}
+          chainloop attestation --name slsa-attestation add --value ${{ steps.slsa-attest.outputs.bundle-path }} --annotation github_attestation="${{ steps.slsa-attest.outputs.attestation-url }}" --kind SLSA_PROVENANCE --attestation-id ${{ env.ATTESTATION_ID }}
 
       - name: Include source code on attestation
         run: |