feat: adds github attestation for release workflow

LogCraftIO · Jun 24, 2024 · 2f5971d · 2f5971d
1 parent 2dc6d41
commit 2f5971d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -15,6 +15,8 @@ name: Release
 
 permissions:
   contents: write
+  id-token: write
+  attestations: write
 
 # This task will run whenever you push a git tag that looks like a version
 # like "1.0.0", "v0.1.0-prerelease.1", "my-app/0.1.0", "releases/v1.0.0", etc.
@@ -132,6 +134,10 @@ jobs:
           # Actually do builds and make zips and whatnot
           cargo dist build ${{ needs.plan.outputs.tag-flag }} --print=linkage --output-format=json ${{ matrix.dist_args }} > dist-manifest.json
           echo "cargo dist ran successfully"
+      - name: Attest
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: "target/distrib/*${{ join(matrix.targets, ', ') }}*"
       - id: cargo-dist
         name: Post-build
         # We force bash here just because github makes it really hard to get values up

diff --git a/Cargo.toml b/Cargo.toml
@@ -109,5 +109,5 @@ targets = ["aarch64-apple-darwin", "x86_64-apple-darwin", "x86_64-unknown-linux-
 pr-run-mode = "plan"
 # Whether to install an updater program
 install-updater = false
-# Artifacts attestation feature
+# Whether to enable GitHub Attestations
 github-attestations = true