From 9c3a275ff3f614d5ea201149b7851905a4c2e8b4 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Tue, 28 May 2024 00:53:40 -0500 Subject: [PATCH] ci: Add GitHub artifact attestations to package distribution (#568) --- .github/workflows/cd.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 2e3b4cb0..098a4f5f 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -29,6 +29,8 @@ jobs: url: https://pypi.org/p/hist permissions: id-token: write + attestations: write + contents: read steps: - uses: actions/download-artifact@v4 @@ -36,4 +38,9 @@ jobs: name: Packages path: dist + - name: Generate artifact attestation for sdist and wheel + uses: actions/attest-build-provenance@173725a1209d09b31f9d30a3890cf2757ebbff0d # v1.1.2 + with: + subject-path: "dist/hist-*" + - uses: pypa/gh-action-pypi-publish@release/v1