Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: Add GitHub artifact attestations to package distribution #568

Merged
merged 1 commit into from
May 28, 2024

Conversation

matthewfeickert
Copy link
Member

@matthewfeickert matthewfeickert requested a review from henryiii May 21, 2024 21:41
@matthewfeickert matthewfeickert self-assigned this May 21, 2024
@henryiii henryiii merged commit 9c3a275 into main May 28, 2024
10 checks passed
@henryiii henryiii deleted the ci/add-artifact-attestations branch May 28, 2024 05:53
@matthewfeickert
Copy link
Member Author

The hist v2.7.3 release now has attestations: https://github.com/scikit-hep/hist/attestations

$ python -m pip --no-cache-dir download --no-deps hist
Collecting hist
  Downloading hist-2.7.3-py3-none-any.whl.metadata (16 kB)
Downloading hist-2.7.3-py3-none-any.whl (40 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 40.6/40.6 kB 1.3 MB/s eta 0:00:00
Saved ./hist-2.7.3-py3-none-any.whl
Successfully downloaded hist
$ gh attestation verify hist*.whl --repo scikit-hep/hist
Loaded digest sha256:635aaa69bdbde57734feb5965762295669da44a20b11321143ae9301652c9a23 for file://hist-2.7.3-py3-none-any.whl
Loaded 1 attestation from GitHub API
✓ Verification succeeded!

sha256:635aaa69bdbde57734feb5965762295669da44a20b11321143ae9301652c9a23 was attested by:
REPO             PREDICATE_TYPE                  WORKFLOW                                 
scikit-hep/hist  https://slsa.dev/provenance/v1  .github/workflows/cd.yml@refs/tags/v2.7.3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants