From 73c13af10d1ac0c79a9aaf239d7c994ccc402fbd Mon Sep 17 00:00:00 2001
From: El RIDO <elrido@gmx.net>
Date: Mon, 18 Sep 2023 20:47:16 +0200
Subject: [PATCH] add workflow attaching SLSA provinence to draft release

---
 .github/workflows/release.yml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 .github/workflows/release.yml

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 00000000..4efecd54
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,34 @@
+name: Release New Version
+
+on:
+  push:
+    tags: '[0-9]+.[0-9]?[0-9]?[0-9]?.?[0-9]+'
+
+jobs:
+  release:
+    outputs:
+      hashes: ${{ steps.hash.outputs.hashes }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Collect artifacts
+        run: |
+          wget -q https://github.com/PrivateBin/PrivateBin/archive/refs/tags/${GITHUB_REF_NAME}.tar.gz
+          wget -q https://github.com/PrivateBin/PrivateBin/archive/refs/tags/${GITHUB_REF_NAME}.zip
+
+      - name: Generate hashes
+        shell: bash
+        id: hash
+        run: echo "hashes=$(sha256sum ${GITHUB_REF_NAME} | base64 -w0)" >> "$GITHUB_OUTPUT"
+
+  provenance:
+    needs:
+      - release
+    permissions:
+      actions: read
+      id-token: write
+      contents: write
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
+    with:
+      base64-subjects: "${{ needs.release.outputs.hashes }}"
+      draft-release: true
+      upload-assets: true