Attest artifacts (#1410)

- Attest the binaries and packages from the build artifacts. - Ignore binlog files. - Bump actionlint to 1.7.0.
justeattakeaway · May 13, 2024 · f77d668 · f77d668
1 parent e4baf85
commit f77d668
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 2 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -28,6 +28,11 @@ jobs:
     outputs:
       dotnet-sdk-version: ${{ steps.setup-dotnet.outputs.dotnet-version }}
 
+    permissions:
+      attestations: write
+      contents: read
+      id-token: write
+
     strategy:
       fail-fast: false
       matrix:
@@ -75,6 +80,22 @@ jobs:
           file: ./artifacts/coverage/coverage.cobertura.xml
           flags: ${{ matrix.os_name }}
 
+      - name: Attest artifacts
+        uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1
+        if: |
+          runner.os == 'Windows' &&
+          github.event.repository.fork == false &&
+          (github.ref_name == github.event.repository.default_branch ||
+           startsWith(github.ref, 'refs/tags/v'))
+        with:
+          subject-path: |
+            ./artifacts/publish/JustSaying/release*/JustSaying.dll
+            ./artifacts/publish/JustSaying.Extensions.Aws/release*/JustSaying.Extensions.Aws.dll
+            ./artifacts/publish/JustSaying.Extensions.DependencyInjection.Microsoft/release*/JustSaying.Extensions.DependencyInjection.Microsoft.dll
+            ./artifacts/publish/JustSaying.Extensions.DependencyInjection.StructureMap/release*/JustSaying.Extensions.DependencyInjection.StructureMap.dll
+            ./artifacts/publish/JustSaying.Models/release*/JustSaying.Models.dll
+            ./artifacts/package/release/*
+
       - name: Publish NuGet packages
         uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:

diff --git a/.github/workflows/lint-actions.yml b/.github/workflows/lint-actions.yml
@@ -27,12 +27,12 @@ jobs:
     steps:
 
     - name: Checkout code
-      uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+      uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
     - name: Add actionlint problem matcher
       run: echo "::add-matcher::.github/actionlint-matcher.json"
 
     - name: Lint workflows
-      uses: docker://rhysd/actionlint@sha256:2eb91a78b5a19140be099c7b4262d298c2567f2a9f27e10ed2a4323c5bcface8 # v1.6.26
+      uses: docker://rhysd/actionlint@sha256:5acca218639222e4afbc82fc6e9ef56cbe646ade3b07f3f5ec364b638258a244 # v1.7.0
       with:
         args: -color
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
+*.binlog
 *.cache
 *.coverage
 *.idea