From 06bf2ed2857f1540b2bc5c74f52ac78c9920da49 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joakim=20S=C3=B8rensen?= <ludeeus@ludeeus.dev>
Date: Wed, 22 May 2024 14:38:26 +0200
Subject: [PATCH] Add attest-build-provenance action (#725)

* Add attest-build-provenance action

* Add permissions

* Update .github/workflows/ReleaseActions.yml
---
 .github/workflows/ReleaseActions.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.github/workflows/ReleaseActions.yml b/.github/workflows/ReleaseActions.yml
index ed3691cd8..969620314 100644
--- a/.github/workflows/ReleaseActions.yml
+++ b/.github/workflows/ReleaseActions.yml
@@ -8,10 +8,16 @@ env:
   NODE_VERSION: 18
   PYTHON_VERSION: "3.x"
 
+permissions: {}
+
 jobs:
   deploy:
     runs-on: ubuntu-latest
     name: Deploy to PyPi
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
     steps:
       - uses: actions/checkout@v4.1.6
         with:
@@ -78,6 +84,11 @@ jobs:
           python setup.py sdist bdist_wheel
           twine upload dist/*
 
+      - name: Attest
+        uses: actions/attest-build-provenance@173725a1209d09b31f9d30a3890cf2757ebbff0d #v1.1.2
+        with:
+          subject-path: dist/*
+
       - name: Discord notification
         env:
           DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}