From dc62cd12037c344d565e9d5634f64b6bdad3ee66 Mon Sep 17 00:00:00 2001 From: Dennis Dyall Date: Tue, 17 Dec 2024 18:13:23 +0100 Subject: [PATCH] ci: added github attestation to build assets --- .github/workflows/build-nativeshims.yml | 14 ++++++++++++++ .github/workflows/build.yml | 12 ++++++++++++ 2 files changed, 26 insertions(+) diff --git a/.github/workflows/build-nativeshims.yml b/.github/workflows/build-nativeshims.yml index 3b68c479b..15bb2b7eb 100644 --- a/.github/workflows/build-nativeshims.yml +++ b/.github/workflows/build-nativeshims.yml @@ -108,6 +108,13 @@ jobs: pack: name: Package artifacts + permissions: + pull-requests: write + checks: write + id-token: write + contents: read + packages: read + attestations: write runs-on: windows-2019 needs: [build-windows, build-linux-amd64, build-linux-arm64, build-macos] steps: @@ -128,6 +135,13 @@ jobs: with: name: Yubico.NativeShims.nupkg path: Yubico.NativeShims.*.nupkg + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v2 + with: + subject-path: | + '${{ github.workspace }}/**/*.nupkg' + '${{ github.workspace }}/**/*.dll' publish-internal: name: Publish to internal NuGet diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 990b467dd..5b5386b74 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -58,8 +58,12 @@ jobs: runs-on: windows-2019 needs: run-tests permissions: + pull-requests: write + checks: write + id-token: write contents: read packages: read + attestations: write steps: # Checkout the local repository - uses: actions/checkout@v4 @@ -118,6 +122,14 @@ jobs: Yubico.Core/src/bin/ReleaseWithDocs/**/*.dll Yubico.YubiKey/src/bin/ReleaseWithDocs/**/*.dll + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v2 + with: + subject-path: | + '${{ github.workspace }}/**/*.nupkg' + '${{ github.workspace }}/**/*.snupkg' + '${{ github.workspace }}/**/*.dll' + # Package the OATH sample code source - name: Save build artifacts uses: actions/upload-artifact@v4