From 522e8fb19cce47638429a607164929dc5f06a090 Mon Sep 17 00:00:00 2001
From: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
Date: Mon, 23 Sep 2024 21:49:03 +0900
Subject: [PATCH] feat(terraform-linters/tflint): verify GitHub Artifact
 Attestations

---
 pkgs/terraform-linters/tflint/registry.yaml | 20 ++++++++++++++++++++
 registry.yaml                               | 20 ++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/pkgs/terraform-linters/tflint/registry.yaml b/pkgs/terraform-linters/tflint/registry.yaml
index 2ac84643556..66b9e4edf4d 100644
--- a/pkgs/terraform-linters/tflint/registry.yaml
+++ b/pkgs/terraform-linters/tflint/registry.yaml
@@ -51,6 +51,24 @@ packages:
           type: github_release
           asset: checksums.txt
           algorithm: sha256
+      - version_constraint: semver("<= 0.51.0")
+        asset: tflint_{{.OS}}_{{.Arch}}.{{.Format}}
+        format: zip
+        windows_arm_emulation: true
+        checksum:
+          type: github_release
+          asset: checksums.txt
+          algorithm: sha256
+          cosign:
+            opts:
+              - --certificate-identity-regexp
+              - "https://github\\.com/terraform-linters/tflint/\\.github/workflows/release\\.yml@.*"
+              - --certificate-oidc-issuer
+              - "https://token.actions.githubusercontent.com"
+              - --signature
+              - https://github.com/terraform-linters/tflint/releases/download/{{.Version}}/checksums.txt.keyless.sig
+              - --certificate
+              - https://github.com/terraform-linters/tflint/releases/download/{{.Version}}/checksums.txt.pem
       - version_constraint: "true"
         asset: tflint_{{.OS}}_{{.Arch}}.{{.Format}}
         format: zip
@@ -59,6 +77,8 @@ packages:
           type: github_release
           asset: checksums.txt
           algorithm: sha256
+          github_artifact_attestations:
+            signer-workflow: terraform-linters/tflint/.github/workflows/release.yml
           cosign:
             opts:
               - --certificate-identity-regexp
diff --git a/registry.yaml b/registry.yaml
index 7dc85c387e0..7add0bd6a52 100644
--- a/registry.yaml
+++ b/registry.yaml
@@ -44761,6 +44761,24 @@ packages:
           type: github_release
           asset: checksums.txt
           algorithm: sha256
+      - version_constraint: semver("<= 0.51.0")
+        asset: tflint_{{.OS}}_{{.Arch}}.{{.Format}}
+        format: zip
+        windows_arm_emulation: true
+        checksum:
+          type: github_release
+          asset: checksums.txt
+          algorithm: sha256
+          cosign:
+            opts:
+              - --certificate-identity-regexp
+              - "https://github\\.com/terraform-linters/tflint/\\.github/workflows/release\\.yml@.*"
+              - --certificate-oidc-issuer
+              - "https://token.actions.githubusercontent.com"
+              - --signature
+              - https://github.com/terraform-linters/tflint/releases/download/{{.Version}}/checksums.txt.keyless.sig
+              - --certificate
+              - https://github.com/terraform-linters/tflint/releases/download/{{.Version}}/checksums.txt.pem
       - version_constraint: "true"
         asset: tflint_{{.OS}}_{{.Arch}}.{{.Format}}
         format: zip
@@ -44769,6 +44787,8 @@ packages:
           type: github_release
           asset: checksums.txt
           algorithm: sha256
+          github_artifact_attestations:
+            signer-workflow: terraform-linters/tflint/.github/workflows/release.yml
           cosign:
             opts:
               - --certificate-identity-regexp