Generate build provenace attestations

qbittorrent · Jun 4, 2024 · e22cd79 · e22cd79
1 parent 8aa6c44
commit e22cd79
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 1 deletion.
diff --git a/.github/workflows/alpha.yaml b/.github/workflows/alpha.yaml
@@ -6,6 +6,8 @@ on:
   workflow_dispatch:  # allow trigger it manually
 
 permissions:
+  attestations: write
+  id-token: write
   packages: write
 
 jobs:
@@ -86,6 +88,11 @@ jobs:
           name: qbittorrent-nox_alpha_${{ steps.set-variables.outputs.PLATFORM_NAME }}
           path: qbittorrent-nox_alpha_${{ steps.set-variables.outputs.PLATFORM_NAME }}
 
+      - name: Generate build provenace attestations
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: qbittorrent-nox_alpha_${{ steps.set-variables.outputs.PLATFORM_NAME }}
+
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -2,7 +2,9 @@ name: CI
 
 on: [pull_request, push]
 
-permissions: {}
+permissions:
+  attestations: write
+  id-token: write
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
@@ -84,3 +86,8 @@ jobs:
         with:
           name: qbittorrent-nox_devel_${{ steps.set-variables.outputs.PLATFORM_NAME }}
           path: qbittorrent-nox_devel_${{ steps.set-variables.outputs.PLATFORM_NAME }}
+
+      - name: Generate build provenace attestations
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: qbittorrent-nox_devel_${{ steps.set-variables.outputs.PLATFORM_NAME }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -4,6 +4,8 @@ on:
   workflow_dispatch:  # trigger it manually
 
 permissions:
+  attestations: write
+  id-token: write
   packages: write
 
 env:
@@ -103,6 +105,11 @@ jobs:
           name: qbittorrent-nox_${{ env.QBT_VERSION }}_${{ steps.set-variables.outputs.PLATFORM_NAME }}
           path: qbittorrent-nox_${{ env.QBT_VERSION }}_${{ steps.set-variables.outputs.PLATFORM_NAME }}
 
+      - name: Generate build provenace attestations
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: qbittorrent-nox_${{ env.QBT_VERSION }}_${{ steps.set-variables.outputs.PLATFORM_NAME }}
+
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with: