From cd712e86b7ea11fe3c5ce13107beec089514911c Mon Sep 17 00:00:00 2001 From: pasta Date: Tue, 22 Oct 2024 09:57:23 -0500 Subject: [PATCH] ci: attest results of guix builds --- .github/workflows/guix-build.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/guix-build.yml b/.github/workflows/guix-build.yml index 1bd3d2a2eb..1f7722abef 100644 --- a/.github/workflows/guix-build.yml +++ b/.github/workflows/guix-build.yml @@ -2,6 +2,8 @@ name: Guix Build permissions: packages: write + id-token: write + attestations: write on: pull_request_target: @@ -127,3 +129,7 @@ jobs: path: | ${{ github.workspace }}/dash/guix-build*/output/${{ matrix.build_target }}/ + - name: Attest build provenance + uses: actions/attest-build-provenance@v1 + with: + subject-path: ${{ github.workspace }}/dash/guix-build*/output/${{ matrix.build_target }}/*