From 3cc49d0f3271e54c91f428ca4f1b8557d5638d11 Mon Sep 17 00:00:00 2001 From: Bruno Oliveira Date: Thu, 16 May 2024 07:44:19 -0300 Subject: [PATCH 1/5] Attest build provenance This uses the new build provenance support added in https://github.com/hynek/build-and-inspect-python-package/blob/main/CHANGELOG.md#250---2024-05-13. --- .github/workflows/test.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7bc8f62..3d0df20 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -17,10 +17,15 @@ jobs: package: runs-on: ubuntu-latest + permissions: + id-token: write + attestations: write steps: - uses: actions/checkout@v3 - name: Build and Check Package uses: hynek/build-and-inspect-python-package@v1.5 + with: + attest-build-provenance-github: 'true' test: From e63d533eb1892acb45b35f03cab41ae849a86756 Mon Sep 17 00:00:00 2001 From: Bruno Oliveira Date: Thu, 16 May 2024 07:46:43 -0300 Subject: [PATCH 2/5] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3d0df20..799ff61 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,7 +23,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: Build and Check Package - uses: hynek/build-and-inspect-python-package@v1.5 + uses: hynek/build-and-inspect-python-package@v2.5.0 with: attest-build-provenance-github: 'true' From 8e27c6419993471eddb4e480b1f8b70e008fa480 Mon Sep 17 00:00:00 2001 From: Bruno Oliveira Date: Thu, 16 May 2024 07:48:15 -0300 Subject: [PATCH 3/5] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 799ff61..d217028 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -54,7 +54,7 @@ jobs: - uses: actions/checkout@v3 - name: Download Package - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: Packages path: dist From f3951fe06d1aea73e8758812ea859c3d5ddd512b Mon Sep 17 00:00:00 2001 From: Bruno Oliveira Date: Thu, 16 May 2024 07:50:52 -0300 Subject: [PATCH 4/5] Update deploy.yml --- .github/workflows/deploy.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 39d0512..0878a9b 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -12,6 +12,10 @@ jobs: package: runs-on: ubuntu-latest + # Required by attest-build-provenance-github. + permissions: + id-token: write + attestations: write env: SETUPTOOLS_SCM_PRETEND_VERSION: ${{ github.event.inputs.version }} @@ -20,6 +24,9 @@ jobs: - name: Build and Check Package uses: hynek/build-and-inspect-python-package@v1.5 + with: + attest-build-provenance-github: 'true' + deploy: needs: package From aa9c20b526288406560fe4fb42362525ea29b6d9 Mon Sep 17 00:00:00 2001 From: Bruno Oliveira Date: Thu, 16 May 2024 07:51:31 -0300 Subject: [PATCH 5/5] Update deploy.yml --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 0878a9b..0788ee0 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -40,7 +40,7 @@ jobs: - uses: actions/checkout@v3 - name: Download Package - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: Packages path: dist