From fd9d5da5898c17203d3051737699791fbfaef78d Mon Sep 17 00:00:00 2001
From: Henry Schreiner <henryschreineriii@gmail.com>
Date: Wed, 2 Oct 2024 14:52:07 -0400
Subject: [PATCH] ci: attestations

Signed-off-by: Henry Schreiner <henryschreineriii@gmail.com>
---
 .github/workflows/wheel.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/wheel.yml b/.github/workflows/wheel.yml
index 24c86674..55df98c4 100644
--- a/.github/workflows/wheel.yml
+++ b/.github/workflows/wheel.yml
@@ -27,6 +27,7 @@ jobs:
     environment: pypi
     permissions:
       id-token: write
+      attestations: write
 
     steps:
       - uses: actions/download-artifact@v4
@@ -34,4 +35,11 @@ jobs:
           name: Packages
           path: dist
 
-      - uses: pypa/gh-action-pypi-publish@release/v1
+    - name: Generate artifact attestation for sdist and wheel
+      uses: actions/attest-build-provenance@v1
+      with:
+        subject-path: "dist/*"
+
+    - uses: pypa/gh-action-pypi-publish@release/v1
+      with:
+        attestations: true