Update release verify commands to use sentinel value

Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com>

pkg/cmd/attestation/api/mock_client.go

@@ -41,6 +41,11 @@ func OnGetByDigestSuccess(params FetchParams) ([]*Attestation, error) {
 	att3 := makeTestReleaseAttestation()
 	attestations := []*Attestation{&att1, &att2}
 	if params.PredicateType != "" {
+		// "release" is a sentinel value that returns all release attestations (v0.1, v0.2, etc.)
+		// This mimics the GitHub API behavior which handles this server-side
+		if params.PredicateType == "release" {
+			return []*Attestation{&att3}, nil
+		}
 		if params.PredicateType == "https://in-toto.io/attestation/release/v0.1" {
 			attestations = append(attestations, &att3)
 		}

pkg/cmd/release/verify-asset/verify_asset.go

@@ -147,7 +147,7 @@ func verifyAssetRun(config *VerifyAssetConfig) error {
 	// Find attestations for the release tag SHA
 	attestations, err := config.AttClient.GetByDigest(api.FetchParams{
 		Digest:        releaseRefDigest.DigestWithAlg(),
-		PredicateType: shared.ReleasePredicateType,
+		PredicateType: "release",
 		Owner:         baseRepo.RepoOwner(),
 		Repo:          baseRepo.RepoOwner() + "/" + baseRepo.RepoName(),
 		// TODO: Allow this value to be set via a flag.

pkg/cmd/release/verify/verify.go

@@ -135,7 +135,7 @@ func verifyRun(config *VerifyConfig) error {
 	// Find all the attestations for the release tag SHA
 	attestations, err := config.AttClient.GetByDigest(api.FetchParams{
 		Digest:        releaseRefDigest.DigestWithAlg(),
-		PredicateType: shared.ReleasePredicateType,
+		PredicateType: "release",
 		Owner:         baseRepo.RepoOwner(),
 		Repo:          baseRepo.RepoOwner() + "/" + baseRepo.RepoName(),
 		Initiator:     "github",