fix: add attestations

.github/workflows/release.yml

@@ -8,12 +8,13 @@ name: release
 on:
   push:
     tags:
-      - 'v*'
+      - "v*"
 
 permissions:
   contents: write # needed to write releases
   id-token: write # needed for keyless signing
   packages: write # needed for ghcr access
+  attestations: write # needed for attestations
 
 jobs:
   release:
@@ -37,7 +38,15 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
       - uses: goreleaser/goreleaser-action@v6 # run goreleaser
         with:
-          version: latest
+          version: v2.12.0-nightly
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      # After GoReleaser runs, attest all the files in ./dist/checksums.txt:
+      - uses: actions/attest-build-provenance@v2
+        with:
+          subject-checksums: ./dist/checksums.txt
+      # After GoReleaser runs, attest all the images in ./dist/digests.txt:
+      - uses: actions/attest-build-provenance@v2
+        with:
+          subject-checksums: ./dist/digests.txt

.goreleaser.yml

@@ -48,6 +48,9 @@ builds:
 # https://goreleaser.com/customization/checksum
 checksum:
   name_template: "checksums.txt"
+# Change the digests filename:
+docker_digests:
+  name_template: "digests.txt"
 # create a source tarball
 # https://goreleaser.com/customization/source/
 source: