Add initial version of slsa releaser that validates the generated SLSA signatures

.github/workflows/slsa-releaser.yml

@@ -2,6 +2,7 @@ name: SLSA Client Releaser
 on:
   workflow_dispatch:
   push:
+    branches: [ master ]
     tags:
       - "*" 
 
@@ -141,10 +142,10 @@ jobs:
         run: |
           curl https://api.hishtory.dev/api/v1/trigger-cron
 
-  # Upload to GitHub release.
+  # Validate the signed binaries
-  upload:
+  validate:
     permissions:
-      contents: write
+      contents: read
     runs-on: ubuntu-latest
     needs: 
       - build-linux-amd64 
@@ -169,14 +170,14 @@ jobs:
       - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
         with:
           name: hishtory-darwin-arm64.intoto.jsonl
-      - name: Release
+      - name: Validate Release
-        uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5
+        run: |
-        if: ${{ startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-') }}
+          curl https://hishtory.dev/install.py | python3 -
-        with:
+          source ~/.bashrc
-          files: |
+          ls
-            hishtory-linux-amd64
+          pwd
-            hishtory-linux-amd64.intoto.jsonl
+          which hishtory
-            hishtory-darwin-amd64
+          echo $PATH
-            hishtory-darwin-amd64.intoto.jsonl
+          hishtory validate-binary v0.`cat VERSION` hishtory-linux-amd64 hishtory-linux-amd64.intoto.jsonl
-            hishtory-darwin-arm64
+          # TODO: Validate other binaries here
-            hishtory-darwin-arm64.intoto.jsonl
+