From 633b825f35b0e0d2cb569fdc8cbec55bbe93420c Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Sun, 5 May 2024 10:39:08 +0200
Subject: [PATCH] Add artifact attestation

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 .github/actions/build-and-test/action.yml | 5 +++++
 .github/workflows/build.yml               | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/.github/actions/build-and-test/action.yml b/.github/actions/build-and-test/action.yml
index 731f382eb..d45fc1253 100644
--- a/.github/actions/build-and-test/action.yml
+++ b/.github/actions/build-and-test/action.yml
@@ -98,6 +98,11 @@ runs:
       with:
         name: ${{ inputs.artifact_name }}
         path: '${{ inputs.bin_name }}*'
+    -
+      name: Generate artifact attestation
+      uses: actions/attest-build-provenance@v1
+      with:
+        subject-path: ${{ inputs.bin_name }}
     -
       name: Extract documentation files from container
       if: inputs.event_name != 'pull_request' && inputs.platform == 'linux/amd64'
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8f83db7cc..38859edb8 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,5 +1,10 @@
 name: Build, Test, Deploy
 
+permissions:
+  id-token: write
+  contents: read
+  attestations: write
+
 on:
   push:
     branches: