From f4683b8e86cd3cf68c372ed6b1beb31279bd5a02 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alex=20R=C3=B8nne=20Petersen?= <alex@alexrp.com>
Date: Mon, 6 May 2024 08:23:36 +0200
Subject: [PATCH] Add artifact attestation to workflows.

---
 .github/workflows/package.yml | 6 ++++++
 .github/workflows/release.yml | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml
index 9335db5..c9cd0fe 100644
--- a/.github/workflows/package.yml
+++ b/.github/workflows/package.yml
@@ -5,7 +5,9 @@ on:
     branches:
       - master
 permissions:
+  attestations: write
   contents: read
+  id-token: write
   packages: write
 defaults:
   run:
@@ -34,6 +36,10 @@ jobs:
       - name: Run Cake
         run: |
           ./cake upload-core-github
+      - name: Attest packages
+        uses: actions/attest-build-provenance@v1.0.0
+        with:
+          subject-path: out/pkg/debug/*.nupkg
       - name: Upload artifacts
         if: always()
         uses: actions/upload-artifact@v4.3.3
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9616717..3af4e58 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,7 +5,9 @@ on:
     types:
       - published
 permissions:
+  attestations: write
   contents: read
+  id-token: write
 defaults:
   run:
     shell: bash
@@ -33,6 +35,10 @@ jobs:
       - name: Run Cake
         run: |
           ./cake upload-core-nuget -c Release
+      - name: Attest packages
+        uses: actions/attest-build-provenance@v1.0.0
+        with:
+          subject-path: out/pkg/release/*.nupkg
       - name: Upload artifacts
         if: always()
         uses: actions/upload-artifact@v4.3.3