From e49af862b7f44d50691f14ac4b2dddc77e4ecf0c Mon Sep 17 00:00:00 2001
From: Philip Sampaio <philip.sampaio@gmail.com>
Date: Tue, 11 Jun 2024 14:16:43 -0300
Subject: [PATCH] Add Artifact Attestations (#926)

This is a new feature from GitHub Actions to store the attestation that
the artifact generated in the build was not modified later on.
---
 .github/workflows/release.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6ce7cc4eb..c3153e459 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -22,8 +22,12 @@ jobs:
   build_release:
     name: NIF ${{ matrix.nif }} - ${{ matrix.job.target }} (${{ matrix.job.os }} | ${{ matrix.job.variant || 'default' }})
     runs-on: ${{ matrix.job.os }}
+
     permissions:
       contents: write
+      id-token: write
+      attestations: write
+
     strategy:
       fail-fast: false
       matrix:
@@ -85,6 +89,11 @@ jobs:
           cargo-args: ${{ matrix.job.cargo-args }}
           variant: ${{ matrix.job.variant }}
 
+      - name: Artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: ${{ steps.build-crate.outputs.file-path }}
+
       - name: Artifact upload
         uses: actions/upload-artifact@v4
         with: