From 979dd48aa69407bb327b94afca53a07cd636c94a Mon Sep 17 00:00:00 2001
From: Albie Spriddell <albion@dragonfruit.network>
Date: Fri, 8 Nov 2024 12:03:38 +0000
Subject: [PATCH] add artifact attestation for entrypoint dll

---
 .github/workflows/publish.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 151d86f..08dd3d7 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -3,6 +3,11 @@
 on:
   release:
     types: [ published ]
+    
+permissions:
+  id-token: write
+  contents: write
+  attestations: write
 
 jobs:
   publish:
@@ -22,9 +27,14 @@ jobs:
       - name: Build
         run: dotnet publish -c Release --no-self-contained -p:Version=${{ github.event.release.tag_name }} -p:DebugType=None -p:UseAppHost=false -o ./pub-out DragonFruit.OnionFruit.Deploy.csproj
 
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: 'pub-out/DragonFruit.OnionFruit.Deploy.dll'
+
       - name: Archive
         run: cd pub-out && zip -r ../onionfruit-deploy.zip .
-        
+
       - name: Upload
         uses: softprops/action-gh-release@v2
         with: