File tree 3 files changed +35
-5
lines changed
3 files changed +35
-5
lines changed Original file line number Diff line number Diff line change @@ -130,7 +130,7 @@ jobs:
130130 pythonbuild_changed : ${{ steps.changed.outputs.pythonbuild_any_changed }}
131131 steps :
132132 - uses : actions/checkout@v4
133-
133+
134134 - name : Set up Python
135135 uses : astral-sh/setup-uv@v4
136136
@@ -140,7 +140,7 @@ jobs:
140140 # Convert GitHub labels array to comma-separated string
141141 LABELS=$(echo '${{ toJson(github.event.pull_request.labels.*.name) }}' | jq -r 'join(",")')
142142 echo "labels=$LABELS" >> $GITHUB_OUTPUT
143-
143+
144144name : Generate build matrix
145145 id : set-matrix
146146 run : |
@@ -168,6 +168,10 @@ jobs:
168168 - generate-matrix
169169 - pythonbuild
170170 - image
171+ # Permissions used for actions/attest-build-provenance
172+ permissions :
173+ id-token : write
174+ attestations : write
171175 runs-on : ${{ matrix.runner }}
172176 strategy :
173177 matrix : ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
@@ -230,6 +234,12 @@ jobs:
230234
231235 build/pythonbuild validate-distribution ${EXTRA_ARGS} dist/*.tar.zst
232236
237+ name : Generate attestations
238+ uses : actions/attest-build-provenance@v2
239+ if : ${{ github.ref == 'refs/heads/main' }}
240+ with :
241+ subject-path : dist/*
242+
233243 - name : Upload Distribution
234244 if : ${{ ! matrix.dry-run }}
235245 uses : actions/upload-artifact@v4
Original file line number Diff line number Diff line change @@ -87,10 +87,14 @@ jobs:
8787 needs :
8888 - generate-matrix
8989 - pythonbuild
90+ # Permissions used for actions/attest-build-provenance
91+ permissions :
92+ id-token : write
93+ attestations : write
94+ runs-on : ${{ matrix.runner }}
9095 strategy :
9196 matrix : ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
9297 fail-fast : false
93- runs-on : ${{ matrix.runner }}
9498 name : ${{ matrix.target_triple }} / ${{ matrix.python }} / ${{ matrix.build_options }}
9599 steps :
96100 - uses : actions/checkout@v4
@@ -122,6 +126,12 @@ jobs:
122126
123127 ./build-macos.py --target-triple ${{ matrix.target_triple }} --python cpython-${{ matrix.python }} --options ${{ matrix.build_options }}
124128
129+ name : Generate attestations
130+ uses : actions/attest-build-provenance@v2
131+ if : ${{ github.ref == 'refs/heads/main' }}
132+ with :
133+ subject-path : dist/*
134+
125135 - name : Upload Distributions
126136 if : ${{ ! matrix.dry-run }}
127137 uses : actions/upload-artifact@v4
Original file line number Diff line number Diff line change 5151 pythonbuild_changed : ${{ steps.changed.outputs.pythonbuild_any_changed }}
5252 steps :
5353 - uses : actions/checkout@v4
54-
54+
5555 - name : Set up Python
5656 uses : astral-sh/setup-uv@v4
5757
6161 # Convert GitHub labels array to comma-separated string
6262 LABELS=$(echo '${{ toJson(github.event.pull_request.labels.*.name) }}' | jq -r 'join(",")')
6363 echo "labels=$LABELS" >> $GITHUB_OUTPUT
64-
64+
6565name : Generate build matrix
6666 id : set-matrix
6767 run : |
8888 needs :
8989 - generate-matrix
9090 - pythonbuild
91+ # Permissions used for actions/attest-build-provenance
92+ permissions :
93+ id-token : write
94+ attestations : write
9195 runs-on : ${{ matrix.runner }}
9296 strategy :
9397 matrix : ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
@@ -132,6 +136,12 @@ jobs:
132136 $Dists = Resolve-Path -Path "dist/*.tar.zst" -Relative
133137 .\pythonbuild.exe validate-distribution --run $Dists
134138
139+ name : Generate attestations
140+ uses : actions/attest-build-provenance@v2
141+ if : ${{ github.ref == 'refs/heads/main' }}
142+ with :
143+ subject-path : dist/*
144+
135145 - name : Upload Distributions
136146 uses : actions/upload-artifact@v4
137147 with :
You can’t perform that action at this time.
0 commit comments