[feature] Support for GitHub Attestation Store #3669
Labels
type:feature
New feature or request
Comments
|
Great! Looking forward to native implementation, now I have to download each artifact and attest it with workaround attestation:
needs: [build]
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
attestations: write
strategy:
matrix:
artifact:
- linux-amd64
- linux-arm64
- darwin-amd64
- darwin-arm64
- windows-amd64.exe
- windows-arm64.exe
steps:
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: yutu-${{ matrix.artifact }}
- name: Attest
uses: actions/attest-build-provenance@v1
with:
subject-path: '${{ github.workspace }}/yutu-${{ matrix.artifact }}' |
|
@OpenWaygate So I guess you generating two attestations? one created by |
|
yes, while the one created by |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We should consider adding support for storing results in GitHub's attestation store.
I think, we would need to create a predicate that matches what the attestation store expects, so it would be slightly different than the ones we create today. This might be ok, since we aren't supporting SLSA v1.0 much in our workflows yet, so we could do it at the same time.
Related #3668
The text was updated successfully, but these errors were encountered: