From c9c96f01f890355db02a69eb12a6c5f2abd4e80c Mon Sep 17 00:00:00 2001
From: Ashley Williams <ashley666ashley@gmail.com>
Date: Fri, 2 Aug 2024 09:30:45 -0500
Subject: [PATCH] feat(dist): enable github attestations

---
 .github/workflows/release.yml | 6 ++++++
 Cargo.toml                    | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a00892e26..3f8b6d186 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,7 +13,9 @@
 
 name: Release
 permissions:
+  "attestations": "write"
   "contents": "write"
+  "id-token": "write"
 
 # This task will run whenever you push a git tag that looks like a version
 # like "1.0.0", "v0.1.0-prerelease.1", "my-app/0.1.0", "releases/v1.0.0", etc.
@@ -132,6 +134,10 @@ jobs:
           # Actually do builds and make zips and whatnot
           cargo dist build ${{ needs.plan.outputs.tag-flag }} --print=linkage --output-format=json ${{ matrix.dist_args }} > dist-manifest.json
           echo "cargo dist ran successfully"
+      - name: Attest
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: "target/distrib/*${{ join(matrix.targets, ', ') }}*"
       - id: cargo-dist
         name: Post-build
         # We force bash here just because github makes it really hard to get values up
diff --git a/Cargo.toml b/Cargo.toml
index bd5c3abea..90a8138d8 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -36,6 +36,8 @@ install-path = "~/.limbo"
 install-updater = true
 # Whether to consider the binaries in a package for distribution (defaults true)
 dist = false
+# Whether to enable GitHub Attestations
+github-attestations = true
 
 [profile.dist]
 inherits = "release"