Open llucax opened 2 months ago
GitHub has a new option to add artifact attestation to establish provenance for builds and we should use it.
Add an extra step to attest the generated files:
- name: Generate artifact attestation uses: actions/attest-build-provenance@v1 with: subject-path: 'PATH/TO/ARTIFACT'
No response
What's needed?
GitHub has a new option to add artifact attestation to establish provenance for builds and we should use it.
Proposed solution
Add an extra step to attest the generated files:
Use cases
Alternatives and workarounds
No response
Additional context