Skip to content

Commit af4d1c1

Browse files
authored
Merge pull request #60 from dorssel/attestation
Add artifact attestation for build provenance
2 parents 296227a + a2c9f20 commit af4d1c1

1 file changed

Lines changed: 10 additions & 1 deletion

File tree

.github/workflows/dotnet.yml

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@ permissions:
1818
issues: read
1919
checks: write
2020
pull-requests: write
21+
id-token: write
22+
attestations: write
2123

2224
jobs:
2325
build:
@@ -58,14 +60,21 @@ jobs:
5860
run: dotnet pack --configuration Release --no-build
5961

6062
- name: Upload Package Artifact
63+
id: upload
6164
uses: actions/upload-artifact@v6
6265
with:
63-
name: nuget-package
66+
name: artifacts
6467
path: |
6568
**/*.nupkg
6669
**/*.snupkg
6770
retention-days: 14
6871
72+
- name: Build Attestation
73+
uses: actions/attest-build-provenance@v3
74+
with:
75+
subject-name: artifacts.zip
76+
subject-digest: sha256:${{ steps.upload.outputs.artifact-digest }}
77+
6978
- name: Upload test results to Codecov
7079
if: ${{ !cancelled() }}
7180
uses: codecov/codecov-action@v5

0 commit comments

Comments
 (0)