From b0432c76590987b0341e064cd724af9ad565ed90 Mon Sep 17 00:00:00 2001
From: "B. Blechschmidt" <git@blechschmidt.io>
Date: Sat, 15 Jun 2024 16:30:46 +0200
Subject: [PATCH] Re-add tested build provenance attestations

---
 .github/workflows/publish-exe.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/.github/workflows/publish-exe.yml b/.github/workflows/publish-exe.yml
index 6b89324..f502f19 100644
--- a/.github/workflows/publish-exe.yml
+++ b/.github/workflows/publish-exe.yml
@@ -8,6 +8,12 @@ name: Publish Releases
 jobs:
   build_publish:
     name: Publishing Tasks
+
+    permissions:
+      contents: write
+      id-token: write
+      attestations: write
+
     strategy:
       matrix:
         target:
@@ -84,6 +90,17 @@ jobs:
             fi
           fi
 
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: bin-${{ matrix.target }}
+          path: mypubdir4/*
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: mypubdir4/*
+
       - name: Publish
         uses: softprops/action-gh-release@v1
         env: