diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7cb3f10..08f8039 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,6 +18,11 @@ jobs: name: ${{ matrix.os }} runs-on: ${{ matrix.os }} + permissions: + attestations: write + contents: read + id-token: write + strategy: fail-fast: false matrix: @@ -66,6 +71,14 @@ jobs: flags: ${{ matrix.codecov_os }} token: ${{ secrets.CODECOV_TOKEN }} + - name: Attest dist + uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1 + if: | + runner.os == 'Linux' && + github.ref_name == github.event.repository.default_branch + with: + subject-path: ./dist/**/*.js + lint: runs-on: ubuntu-latest