Skip to content

Commit b20f641

Browse files
authored
Merge pull request #170 from xsnippet/attestation
Try actions/attest-build-provenance for our builds
2 parents afacae4 + f627c83 commit b20f641

File tree

1 file changed

+13
-1
lines changed

1 file changed

+13
-1
lines changed

.github/workflows/release.yml

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,11 @@ jobs:
3838
GH_REPO: ${{ env.GITHUB_REPOSITORY }}
3939

4040
build_assets:
41+
permissions:
42+
id-token: write
43+
contents: read
44+
attestations: write
45+
4146
needs: create_release
4247

4348
strategy:
@@ -66,7 +71,8 @@ jobs:
6671
command: build
6772
args: --release
6873

69-
- run: |
74+
- id: build
75+
run: |
7076
rustc --print cfg | grep = > rustc.vars
7177
source rustc.vars
7278
@@ -80,7 +86,13 @@ jobs:
8086
fi
8187
gh release upload $RELEASE_TAG $ASSET_NAME
8288
popd
89+
90+
echo "asset_path=target/release/$ASSET_NAME" >> $GITHUB_OUTPUT
8391
env:
8492
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
8593
GH_REPO: ${{ env.GITHUB_REPOSITORY }}
8694
RELEASE_TAG: ${{ needs.create_release.outputs.release_tag }}
95+
96+
- uses: actions/attest-build-provenance@v1
97+
with:
98+
subject-path: ${{ steps.build.outputs.asset_path }}

0 commit comments

Comments
 (0)