Merge #6338: ci: attest results of guix builds

cd712e86b7 ci: attest results of guix builds (pasta)

Pull request description:

  ## Issue being fixed or feature implemented
  This simply adds attestations to guix results by GitHub. This way, not only can someone verify that all us developers agree, but also that GitHub hosted runners agree :)

  ## What was done?
  Add actions/attest-build-provenance to guix-build CI

  ## How Has This Been Tested?
  see: https://github.com/PastaPastaPasta/dash/actions/runs/11239755631

  ## Breaking Changes
  None

  ## Checklist:
    _Go over all the following points, and put an `x` in all the boxes that apply._
  - [x] I have performed a self-review of my own code
  - [ ] I have commented my code, particularly in hard-to-understand areas
  - [ ] I have added or updated relevant unit/integration/functional/e2e tests
  - [ ] I have made corresponding changes to the documentation
  - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_

ACKs for top commit:
  UdjinM6:
    utACK cd712e86b7

Tree-SHA512: b590ee2cf29aa57f78cb68c22d5327e8c9272d63d523c3b64fbbdffabb90981a6b6505c5f511bde19310ea1d8c96fc6d181359a7d7a0672612473110cbe079ef
This commit is contained in:
pasta 2024-10-22 10:24:37 -05:00
parent 6fb4e49ae5
commit 167608c7c7
No known key found for this signature in database
GPG Key ID: E2F3D7916E722D38

View File

@ -2,6 +2,8 @@ name: Guix Build
permissions: permissions:
packages: write packages: write
id-token: write
attestations: write
on: on:
pull_request_target: pull_request_target:
@ -127,3 +129,7 @@ jobs:
path: | path: |
${{ github.workspace }}/dash/guix-build*/output/${{ matrix.build_target }}/ ${{ github.workspace }}/dash/guix-build*/output/${{ matrix.build_target }}/
- name: Attest build provenance
uses: actions/attest-build-provenance@v1
with:
subject-path: ${{ github.workspace }}/dash/guix-build*/output/${{ matrix.build_target }}/*