Skip to content

Commit d87936f

Browse files
samypr100orf
andcommitted
Add support for attestations
Co-authored-by: Thomas Forbes <tom.forbes@gitguardian.com>
1 parent 3c4fe23 commit d87936f

File tree

3 files changed

+30
-0
lines changed

3 files changed

+30
-0
lines changed

.github/workflows/linux.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -169,6 +169,10 @@ jobs:
169169
- pythonbuild
170170
- image
171171
runs-on: depot-ubuntu-22.04
172+
# Permissions used for actions/attest-build-provenance
173+
permissions:
174+
id-token: write
175+
attestations: write
172176
strategy:
173177
matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
174178
fail-fast: false
@@ -230,6 +234,12 @@ jobs:
230234
231235
build/pythonbuild validate-distribution ${EXTRA_ARGS} dist/*.tar.zst
232236
237+
- name: Generate attestations
238+
uses: actions/attest-build-provenance@v2
239+
if: ${{ github.ref == 'refs/heads/main' }}
240+
with:
241+
subject-path: dist/*
242+
233243
- name: Upload Distribution
234244
if: ${{ ! matrix.dry-run }}
235245
uses: actions/upload-artifact@v4

.github/workflows/macos.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,10 @@ jobs:
9191
matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
9292
fail-fast: false
9393
runs-on: depot-macos-latest
94+
# Permissions used for actions/attest-build-provenance
95+
permissions:
96+
id-token: write
97+
attestations: write
9498
name: ${{ matrix.target_triple }} / ${{ matrix.python }} / ${{ matrix.build_options }}
9599
steps:
96100
- uses: actions/checkout@v4
@@ -122,6 +126,12 @@ jobs:
122126
123127
./build-macos.py --target-triple ${{ matrix.target_triple }} --python cpython-${{ matrix.python }} --options ${{ matrix.build_options }}
124128
129+
- name: Generate attestations
130+
uses: actions/attest-build-provenance@v2
131+
if: ${{ github.ref == 'refs/heads/main' }}
132+
with:
133+
subject-path: dist/*
134+
125135
- name: Upload Distributions
126136
if: ${{ ! matrix.dry-run }}
127137
uses: actions/upload-artifact@v4

.github/workflows/windows.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,10 @@ jobs:
8989
- generate-matrix
9090
- pythonbuild
9191
runs-on: windows-latest-large
92+
# Permissions used for actions/attest-build-provenance
93+
permissions:
94+
id-token: write
95+
attestations: write
9296
strategy:
9397
matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
9498
fail-fast: false
@@ -132,6 +136,12 @@ jobs:
132136
$Dists = Resolve-Path -Path "dist/*.tar.zst" -Relative
133137
.\pythonbuild.exe validate-distribution --run $Dists
134138
139+
- name: Generate attestations
140+
uses: actions/attest-build-provenance@v2
141+
if: ${{ github.ref == 'refs/heads/main' }}
142+
with:
143+
subject-path: dist/*
144+
135145
- name: Upload Distributions
136146
uses: actions/upload-artifact@v4
137147
with:

0 commit comments

Comments
 (0)