diff --git a/.github/workflows/attest.yml b/.github/workflows/attest.yml
new file mode 100644
index 0000000..5829c6a
--- /dev/null
+++ b/.github/workflows/attest.yml
@@ -0,0 +1,21 @@
+name: attest in various ways
+
+on:
+  push:
+
+
+permissions:
+  id-token: write
+  attestations: write
+  contents: read
+
+jobs:
+  attest-direct:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Attest Build Provenance
+        uses: actions/attest-build-provenance@v1.1.1
+        with:
+          subject-path: foo.txt
diff --git a/foo.txt b/foo.txt
new file mode 100644
index 0000000..c5f8d0b
--- /dev/null
+++ b/foo.txt
@@ -0,0 +1 @@
+this is being attested to