Test attestation verification #12

	name: Test attestation verification
	on:
	workflow_dispatch:

	permissions:
	id-token: write
	attestations: write
	contents: write
	packages: write

	env:
	PRODUCT_NAME: ${{ github.event.repository.name }}
	PRODUCT_OWNER: ${{ github.repository_owner }}

	jobs:
	test-verification:
	runs-on: ubuntu-latest
	steps:
	- uses: robinraju/release-downloader@v1.10
	id: get-latest-release
	with:
	latest: true
	extract: true
	- name: Update ghcli
	run: \|
	curl -sOL https://github.com/cli/cli/releases/download/v2.49.0/gh_2.49.0_linux_amd64.deb
	sudo dpkg -i gh_2.49.0_linux_amd64.deb
	gh version
	- name: Verify attestation for latest release
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	RELEASE_FILE=`echo ${{ fromJson(steps.get-latest-release.outputs.downloaded_files)[0] }} \| awk -F'/' '{print $NF}'`
	echo $RELEASE_FILE
	echo gh attestation verify $RELEASE_FILE -o ${{ env.PRODUCT_OWNER }}
	gh attestation verify $RELEASE_FILE -o ${{ env.PRODUCT_OWNER }}

Provide feedback