From 5fb38fe89414dc7ffa63ba5a9b5c95f77f14273c Mon Sep 17 00:00:00 2001
From: maxisoft <maxisoft.eu@gmail.com>
Date: Mon, 9 Sep 2024 14:37:49 +0200
Subject: [PATCH] added attest-build-provenance in the ci

---
 .github/workflows/publish.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 353c345..ca9e7a1 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -169,6 +169,9 @@ jobs:
     if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') }}
     needs: publish
     runs-on: ubuntu-latest
+    permissions:
+        id-token: write
+        attestations: write
 
     steps:
     - name: Checkout code
@@ -183,6 +186,16 @@ jobs:
         name: windows-latest_${{ env.PLUGIN_NAME }}-generic
         path: out
 
+    - name: Unzip and copy generic artifact
+      run: |
+        mkdir -p attest_provenance
+        unzip out/${{ env.PLUGIN_NAME }}-generic.zip -d attest_provenance
+        cp --archive out/${{ env.PLUGIN_NAME }}-generic.zip attest_provenance
+
+    - uses: actions/attest-build-provenance@v1
+      with:
+          subject-path: 'attest_provenance/*'
+
     - name: Create GitHub release
       id: github_release
       uses: actions/create-release@v1.1.4