From 3a2c6534f6b3e23e714fe83b743cacc6a01f0514 Mon Sep 17 00:00:00 2001
From: Henry Schreiner <henryschreineriii@gmail.com>
Date: Wed, 2 Oct 2024 14:52:07 -0400
Subject: [PATCH] ci: attestations

Signed-off-by: Henry Schreiner <henryschreineriii@gmail.com>
---
 .github/workflows/wheel.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/wheel.yml b/.github/workflows/wheel.yml
index 24c86674..db97adcf 100644
--- a/.github/workflows/wheel.yml
+++ b/.github/workflows/wheel.yml
@@ -27,6 +27,7 @@ jobs:
     environment: pypi
     permissions:
       id-token: write
+      attestations: write
 
     steps:
       - uses: actions/download-artifact@v4
@@ -34,4 +35,11 @@ jobs:
           name: Packages
           path: dist
 
+      - name: Generate artifact attestation for sdist and wheel
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: "dist/*"
+
       - uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          attestations: true