From 8d301d192df0d1a93f4f1c2ec65e2de183dffd86 Mon Sep 17 00:00:00 2001 From: martincostello Date: Thu, 6 Jun 2024 08:10:42 +0100 Subject: [PATCH] Attest artifacts Attest the binaries and packages from the build artifacts. --- .github/workflows/build.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1eed38333..3f0ec4a9b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -26,6 +26,11 @@ jobs: outputs: dotnet-sdk-version: ${{ steps.setup-dotnet.outputs.dotnet-version }} + permissions: + attestations: write + contents: read + id-token: write + strategy: fail-fast: false matrix: @@ -77,6 +82,20 @@ jobs: if: ${{ runner.os != 'Windows' }} run: ./eng/common/cibuild.sh -configuration Release -prepareMachine + - name: Attest artifacts + uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0 + if: | + runner.os == 'Windows' && + github.event.repository.fork == false && + (github.ref_name == github.event.repository.default_branch || + startsWith(github.ref, 'refs/heads/dev') || + startsWith(github.ref, 'refs/heads/rel/') || + startsWith(github.ref, 'refs/tags/')) + with: + subject-path: | + ./artifacts/bin/AspNet.Security.*/Release/**/AspNet.Security.*.dll + ./artifacts/packages/Release/Shipping/* + - name: Publish logs uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 if: ${{ always() }} @@ -134,7 +153,7 @@ jobs: runs-on: ubuntu-latest if: | github.event.repository.fork == false && - (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || + (github.ref_name == github.event.repository.default_branch || startsWith(github.ref, 'refs/heads/dev') || startsWith(github.ref, 'refs/heads/rel/') || startsWith(github.ref, 'refs/tags/'))