From 113781628b6e7489bcc344441759fea38694ae55 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 2 May 2024 22:19:03 +0200 Subject: [PATCH] Add GitHub attestation build provenance for NuGet packages --- .github/workflows/dotnet-core.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dotnet-core.yml b/.github/workflows/dotnet-core.yml index 915eba91..832d841c 100644 --- a/.github/workflows/dotnet-core.yml +++ b/.github/workflows/dotnet-core.yml @@ -6,6 +6,11 @@ on: - stable - next +permissions: + id-token: write + attestations: write + contents: read + jobs: build-windows-msvc: runs-on: windows-latest @@ -221,6 +226,11 @@ jobs: name: nuget-package path: .libsodium-pack/bin/Release/*.nupkg + - name: Attest Build Provenance + uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 + with: + subject-path: .libsodium-pack/bin/Release/*.nupkg + build-test-binaries: runs-on: ubuntu-latest needs: @@ -328,4 +338,4 @@ jobs: - name: Run ${{ matrix.arch }} run: | chmod +x .libsodium-builds/linux-${{ matrix.arch }}/Tests - env LD_LIBRARY_PATH=${{ matrix.libs }} .libsodium-builds/linux-${{ matrix.arch }}/Tests + env LD_LIBRARY_PATH=${{ matrix.libs }} .libsodium-builds/linux-${{ matrix.arch }}/Tests \ No newline at end of file