From 1aa3eae661a92666cd6b5701dc1ab16c74d5f440 Mon Sep 17 00:00:00 2001
From: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
Date: Tue, 8 Apr 2025 15:31:33 +0900
Subject: [PATCH] Generate GitHub Artifact Attestations

---
 .github/workflows/goreleaser.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
index a25a3469..263607ee 100644
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -5,6 +5,8 @@ on:
       - "v*"
 permissions:
   contents: write
+  id-token: write
+  attestations: write
 
 jobs:
   release:
@@ -33,3 +35,11 @@ jobs:
           workdir: .
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Generate signed build provenance attestations for workflow artifacts
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-path: |
+            dist/*.tar.gz
+            dist/*.zip
+            dist/*.txt