From 0712927816d8fc7e148f1a4349fc666c0d189af0 Mon Sep 17 00:00:00 2001
From: Blooym <19539165+Blooym@users.noreply.github.com>
Date: Thu, 7 Nov 2024 02:19:20 +0000
Subject: [PATCH] ci: attest release artifacts

---
 .github/workflows/release.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 63f426f..3ea7a21 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -14,6 +14,8 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: write
+      attestations: write
+      id-token: write
     steps:
       - name: GitHub Checkout
         uses: actions/checkout@v4
@@ -39,6 +41,13 @@ jobs:
           mv xlm xlm-x86_64-unknown-linux-gnu
           sha256sum xlm-x86_64-unknown-linux-gnu > xlm-x86_64-unknown-linux-gnu.sha256sum
 
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: |
+            ./target/release/xlm-x86_64-unknown-linux-gnu
+            ./target/release/xlm-x86_64-unknown-linux-gnu.sha256sum
+
       - name: Release on GitHub
         uses: softprops/action-gh-release@v2
         with: