From fb7d7c646fd0c10f1c50a3b78f2a7fc8231470ba Mon Sep 17 00:00:00 2001
From: Miguel Martinez Trivino <miguel@chainloop.dev>
Date: Tue, 10 Oct 2023 12:27:03 +0200
Subject: [PATCH] chore(demo): add chainloop

Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
---
 .chainloop.yml                    |  2 ++
 .github/workflows/maven-build.yml | 14 +++++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 .chainloop.yml

diff --git a/.chainloop.yml b/.chainloop.yml
new file mode 100644
index 000000000..c589ea4be
--- /dev/null
+++ b/.chainloop.yml
@@ -0,0 +1,2 @@
+# defines files to be added to the attestation
+attestation: {}
diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml
index 3ffd14e5f..09f149ab6 100644
--- a/.github/workflows/maven-build.yml
+++ b/.github/workflows/maven-build.yml
@@ -36,7 +36,7 @@ jobs:
 
   collect-metadata:
     runs-on: ubuntu-latest
-    name: "Security and Compliance Checks"
+    name: Generate metadata
     needs: build
     steps:
       - name: Download all workflow run artifacts
@@ -57,3 +57,15 @@ jobs:
         with:
           name: metadata
           path: metadata/*
+
+  # Send metadata to Chainloop
+  chainloop:
+    name: Chainloop
+    uses: chainloop-dev/labs/.github/workflows/chainloop.yml@a75dff2ef342a1e5c5e1ec5c42fb99f3d1bc03cb
+    needs: collect-metadata
+    # with:
+    #   contract_revision: 3
+    secrets:
+      api_token: ${{ secrets.CHAINLOOP_ROBOT_ACCOUNT }}
+      signing_key: ${{ secrets.PRIVATE_KEY }}
+      signing_key_password: ${{ secrets.PRIVATE_KEY_PASSWORD }}
\ No newline at end of file