From d361b690018f7bab04d3020474a5abda8946a929 Mon Sep 17 00:00:00 2001
From: Praveen K B <30530587+praveen5959@users.noreply.github.com>
Date: Mon, 11 Nov 2024 10:59:53 +0530
Subject: [PATCH] feat: artefact attestation (#987)

fixes #772
---
 .github/workflows/release.yml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 651a1f865..783f96b94 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -14,6 +14,10 @@ jobs:
   build-linux:
     name: Build for ${{matrix.target}}
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
     strategy:
       fail-fast: false
       matrix:
@@ -39,6 +43,11 @@ jobs:
         run: |
           mv target/${{ matrix.target }}/release/parseable Parseable_OSS_${{ matrix.target }}
 
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: Parseable_OSS_${{ matrix.target }}
+
       - name: Create Artifact
         uses: actions/upload-artifact@v4
         with:
@@ -56,6 +65,10 @@ jobs:
 
   build-windows:
     runs-on: windows-latest
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
     steps:
       - name: Checkout
         uses: actions/checkout@v1
@@ -75,6 +88,11 @@ jobs:
         run: |
           mv target/x86_64-pc-windows-msvc/release/PARSEABLE.exe Parseable_OSS_x86_64-pc-windows-msvc.exe
 
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: Parseable_OSS_x86_64-pc-windows-msvc.exe
+
       - name: Create artifact for Windows
         uses: actions/upload-artifact@v4
         with:
@@ -92,6 +110,10 @@ jobs:
 
   build-mac:
     runs-on: macos-latest
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
     strategy:
       matrix:
         target:
@@ -120,6 +142,11 @@ jobs:
         run: |
           mv target/${{ matrix.target }}/release/Parseable Parseable_OSS_${{ matrix.target }}
 
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: Parseable_OSS_${{ matrix.target }}
+
       - name: Create artifact
         uses: actions/upload-artifact@v4
         with: