From 0e84011d0c6495a6e0fed6825ad62c60dc35b000 Mon Sep 17 00:00:00 2001
From: Peter Shen <xianpeng.shen@gmail.com>
Date: Tue, 11 Jun 2024 12:12:22 +0800
Subject: [PATCH] Update py-publish.yml to generate build provenance
 attestations

ref to #28
---
 .github/workflows/py-publish.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/py-publish.yml b/.github/workflows/py-publish.yml
index 96641b7..fded8ae 100644
--- a/.github/workflows/py-publish.yml
+++ b/.github/workflows/py-publish.yml
@@ -5,6 +5,8 @@ on:
 
 permissions:
   contents: read
+  id-token: write
+  attestations: write
 
 jobs:
   publish-to-pypi:
@@ -29,6 +31,11 @@ jobs:
     - name: Check distribution
       run: twine check dist/*
 
+    - name: Create attestations
+      uses: actions/attest-build-provenance@v1
+      with:
+        subject-path: 'dist/*'
+
     - name: Publish package (to TestPyPI)
       if: github.event_name == 'workflow_dispatch' && startsWith(github.repository, 'cpp-linter')
       env: