Skip to content

Commit

Permalink
ci: Add GitHub artifact attestations to package distribution (#1222)
Browse files Browse the repository at this point in the history 
* Add generation of GitHub artifact attestations to built sdist and wheel before upload. c.f.:
   - https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/
   - https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds
  • Loading branch information
@matthewfeickert
matthewfeickert authored May 22, 2024
1 parent e4cd29a commit d38f72a
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions .github/workflows/deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ jobs:
needs: [build_dist]
runs-on: ubuntu-latest
if: github.event_name == 'release' && github.event.action == 'published'
permissions:
id-token: write
attestations: write
contents: read

steps:
- uses: actions/download-artifact@v4
Expand All @@ -31,6 +35,11 @@ jobs:
- name: List distributions to be deployed
run: ls -lha dist/

- name: Generate artifact attestation for sdist and wheel
uses: actions/attest-build-provenance@173725a1209d09b31f9d30a3890cf2757ebbff0d # v1.1.2
with:
subject-path: dist/uproot-*

- uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.pypi_password }}

0 comments on commit d38f72a

Please sign in to comment.