Skip to content

Commit b616e75

Browse files
azenlaazenla
committed
chore(workflows): release workflow should attest the efi artifacts
1 parent 069f858 commit b616e75

1 file changed

Lines changed: 12 additions & 0 deletions

File tree

.github/workflows/release.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@ jobs:
2020
name: release
2121
permissions:
2222
contents: write # Needed to upload release assets.
23+
id-token: write # Needed for attestation.
24+
attestations: write # Needed for attestations.
2325
runs-on: ubuntu-latest
2426
steps:
2527
- name: harden runner
@@ -39,6 +41,16 @@ jobs:
3941
- name: 'assemble artifacts'
4042
run: ./hack/assemble.sh
4143

44+
- name: 'attest sprout-x86_64.efi artifact'
45+
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
46+
with:
47+
subject-path: target/assemble/sprout-x86_64.efi
48+
49+
- name: 'attest sprout-aarch64.efi artifact'
50+
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
51+
with:
52+
subject-path: target/assemble/sprout-aarch64.efi
53+
4254
- name: 'generate cultivator token'
4355
uses: actions/create-github-app-token@bf559f85448f9380bcfa2899dbdc01eb5b37be3a # v3.0.0-beta.2
4456
id: generate-token

0 commit comments

Comments
 (0)