From 1aa3eae661a92666cd6b5701dc1ab16c74d5f440 Mon Sep 17 00:00:00 2001 From: Shunsuke Suzuki Date: Tue, 8 Apr 2025 15:31:33 +0900 Subject: [PATCH] Generate GitHub Artifact Attestations --- .github/workflows/goreleaser.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index a25a3469f..263607ee1 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -5,6 +5,8 @@ on: - "v*" permissions: contents: write + id-token: write + attestations: write jobs: release: @@ -33,3 +35,11 @@ jobs: workdir: . env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Generate signed build provenance attestations for workflow artifacts + uses: actions/attest-build-provenance@v2 + with: + subject-path: | + dist/*.tar.gz + dist/*.zip + dist/*.txt pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy