From 3d3e69d58b101490a139a9a9197468ed2d173c14 Mon Sep 17 00:00:00 2001
From: Henry Schreiner <henry.fredrick.schreiner@cern.ch>
Date: Sat, 5 Oct 2024 04:05:50 -0400
Subject: [PATCH] ci: attestations (#467)

Signed-off-by: Henry Schreiner <henryschreineriii@gmail.com>
---
 .github/workflows/wheel.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/wheel.yml b/.github/workflows/wheel.yml
index 24c86674..db97adcf 100644
--- a/.github/workflows/wheel.yml
+++ b/.github/workflows/wheel.yml
@@ -27,6 +27,7 @@ jobs:
     environment: pypi
     permissions:
       id-token: write
+      attestations: write
 
     steps:
       - uses: actions/download-artifact@v4
@@ -34,4 +35,11 @@ jobs:
           name: Packages
           path: dist
 
+      - name: Generate artifact attestation for sdist and wheel
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: "dist/*"
+
       - uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          attestations: true