From 6205d33ce0de6480a681e03ee2e1da9910e20d39 Mon Sep 17 00:00:00 2001
From: martincostello <martin@martincostello.com>
Date: Sun, 12 May 2024 09:52:21 +0100
Subject: [PATCH] Artifact attestation

Attest the binaries and packages from the build artifacts.
---
 .github/workflows/actions-lint.yml |  2 +-
 .github/workflows/build.yml        | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/actions-lint.yml b/.github/workflows/actions-lint.yml
index 2b8de60dfe..c3251367b4 100644
--- a/.github/workflows/actions-lint.yml
+++ b/.github/workflows/actions-lint.yml
@@ -31,6 +31,6 @@ jobs:
       run: echo "::add-matcher::.github/actionlint-matcher.json"
 
     - name: Lint workflows
-      uses: docker://rhysd/actionlint@sha256:daa1edae4a6366f320b68abb60b74fb59a458c17b61938d3c62709d92b231558 # v1.6.27
+      uses: docker://rhysd/actionlint@sha256:5acca218639222e4afbc82fc6e9ef56cbe646ade3b07f3f5ec364b638258a244 # v1.7.0
       with:
         args: -color
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ed19b5ab3b..531df0ddec 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -28,6 +28,11 @@ jobs:
     outputs:
       dotnet-sdk-version: ${{ steps.setup-dotnet.outputs.dotnet-version }}
 
+    permissions:
+      attestations: write
+      contents: read
+      id-token: write
+
     strategy:
       fail-fast: false
       matrix:
@@ -79,6 +84,26 @@ jobs:
         flags: ${{ runner.os }}
         token: ${{ secrets.CODECOV_TOKEN }}
 
+    - name: Attest artifacts
+      uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1
+      if: |
+        runner.os == 'Windows' &&
+        github.event.repository.fork == false &&
+        (github.ref_name == github.event.repository.default_branch || startsWith(github.ref, 'refs/tags/v'))
+      with:
+        subject-path: |
+          ./artifacts/bin/Swashbuckle.AspNetCore.Annotations/release*/Swashbuckle.AspNetCore.Annotations.dll
+          ./artifacts/bin/Swashbuckle.AspNetCore.ApiTesting/release*/Swashbuckle.AspNetCore.ApiTesting.dll
+          ./artifacts/bin/Swashbuckle.AspNetCore.ApiTesting.Xunit/release*/Swashbuckle.AspNetCore.ApiTesting.Xunit.dll
+          ./artifacts/bin/Swashbuckle.AspNetCore.Cli/release*/dotnet-swagger.dll
+          ./artifacts/bin/Swashbuckle.AspNetCore.Cli/release*/dotnet-swagger.exe
+          ./artifacts/bin/Swashbuckle.AspNetCore.Newtonsoft/release*/Swashbuckle.AspNetCore.Newtonsoft.dll
+          ./artifacts/bin/Swashbuckle.AspNetCore.ReDoc/release*/Swashbuckle.AspNetCore.ReDoc.dll
+          ./artifacts/bin/Swashbuckle.AspNetCore.Swagger/release*/Swashbuckle.AspNetCore.Swagger.dll
+          ./artifacts/bin/Swashbuckle.AspNetCore.SwaggerGen/release*/Swashbuckle.AspNetCore.SwaggerGen.dll
+          ./artifacts/bin/Swashbuckle.AspNetCore.SwaggerUI/release*/Swashbuckle.AspNetCore.SwaggerUI.dll
+          ./artifacts/package/release/*
+
     - name: Publish NuGet packages
       uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
       with: