Merge pull request LiuYunPlayer#21 from Do-sth-sharp/master

LiuYunPlayer · web-flow · commit 71c5fb7c4504 · 2024-06-03T20:08:05.000+08:00
Add Artifacts Attestation
diff --git a/.github/workflows/build-artifacts.yml b/.github/workflows/build-artifacts.yml
@@ -21,6 +21,11 @@ jobs:
 
     runs-on: windows-latest
 
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
+
     steps:
     - name: Checkout
       uses: actions/checkout@v4
@@ -51,6 +56,11 @@ jobs:
       shell: pwsh
       run: Move-Item -Path TuneLab\bin\Release\net8.0\${{ matrix.runtime }}\publish -Destination workspace
 
+    - name: Generate artifact attestation
+      uses: actions/attest-build-provenance@v1
+      with:
+        subject-path: '"workspace/*.dll","workspace/*.exe"'
+
     - name: Pack artifacts
       shell: pwsh
       run: Compress-Archive -Path workspace\* -DestinationPath ${env:ARCHIVE_NAME}'.zip'
@@ -79,6 +89,11 @@ jobs:
 
     runs-on: macos-latest
 
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
+
     steps:
     - name: Checkout
       uses: actions/checkout@v4
@@ -108,6 +123,11 @@ jobs:
     - name: Move artifacts
       run: mv TuneLab/bin/Release/net8.0/${{ matrix.runtime }}/publish workspace
 
+    - name: Generate artifact attestation
+      uses: actions/attest-build-provenance@v1
+      with:
+        subject-path: '"workspace/*.dll","workspace/ExtensionInstaller","workspace/TuneLab"'
+
     - name: Pack artifacts
       run: |
         cd workspace
@@ -129,6 +149,11 @@ jobs:
 
     runs-on: ubuntu-latest
 
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
+
     steps:
     - name: Checkout
       uses: actions/checkout@v4
@@ -158,6 +183,11 @@ jobs:
     - name: Move artifacts
       run: mv TuneLab/bin/Release/net8.0/${{ matrix.runtime }}/publish workspace
 
+    - name: Generate artifact attestation
+      uses: actions/attest-build-provenance@v1
+      with:
+        subject-path: '"workspace/*.dll","workspace/ExtensionInstaller","workspace/TuneLab"'
+
     - name: Pack artifacts
       run: |
         cd workspace
