.github/workflows/release-bazel: disable attestation
The bazel attestations are too complicated for mortals like me.
Change-Id: I28e05de4ca3391fd9c87189ff3be3aeedea95ac4
diff --git a/.github/workflows/release-bazel.yml b/.github/workflows/release-bazel.yml
index 8bac4c4..b13d04c 100644
--- a/.github/workflows/release-bazel.yml
+++ b/.github/workflows/release-bazel.yml
@@ -21,10 +21,17 @@
uses: bazel-contrib/publish-to-bcr/.github/workflows/publish.yaml@v0.2.2
with:
tag_name: ${{ inputs.tag_name }}
- # This workflow seems to require keeping a fork of the upstream to open
- # PRs from.
registry_fork: re2-machine/bazel-central-registry
- attest: true
+ # NOTE: To use attest: true, we need a signed intoto.jsonl file,
+ # but that appears to require using
+ # the release_ruleset support described on
+ # https://github.com/bazel-contrib/publish-to-bcr?tab=readme-ov-file#attesation-support
+ # but that requires a release_prep.sh file,
+ # and an override on the test command,
+ # and may insist on doing the release upload of the source zip
+ # (which we do ourselves separately),
+ # and possibly more problems I didn't hit because I gave up.
+ attest: false # too hard to generate the intoto.jsonl file
permissions:
contents: write
id-token: write
