From 8dd8392cb8e4c5f2f7df6e8e3258eaab2d0bc00f Mon Sep 17 00:00:00 2001
From: Kenneth Bingham <kenneth.bingham@netfoundry.io>
Date: Mon, 24 Feb 2025 15:17:27 -0500
Subject: [PATCH] write attestation subjects outside work tree

---
 .github/workflows/release.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a21d9c57..c0aa572e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -299,8 +299,7 @@ jobs:
           ls -lAR ./automated-release-build/
 
           # create checksum file for the attestations
-          mkdir -p ./dist
-          shasum --algorithm 256 ./automated-release-build/* | tee ./dist/attestation-subject-checksums.sha256.txt
+          shasum --algorithm 256 ./automated-release-build/* | tee /tmp/attestation-subjects.sha256.txt
 
           # create checksum file for the release
           cd ./automated-release-build/
@@ -309,7 +308,7 @@ jobs:
       - name: Attest Build Provenance
         uses: actions/attest-build-provenance@v2
         with:
-          subject-checksums: ./dist/attestation-subject-checksums.sha256.txt
+          subject-checksums: /tmp/attestation-subjects.sha256.txt
 
       - name: Draft Release
         uses: goreleaser/goreleaser-action@v6