From eb79de2dfcc2152c94a4d4be6b2e8f74e2414433 Mon Sep 17 00:00:00 2001
From: Henry Schreiner <henryschreineriii@gmail.com>
Date: Fri, 17 Jan 2025 16:22:02 -0500
Subject: [PATCH] ci: add github attestations

Signed-off-by: Henry Schreiner <henryschreineriii@gmail.com>
---
 .github/workflows/deploy.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 229b86e..a57dcb6 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -19,12 +19,20 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     if: startsWith(github.ref, 'refs/tags/v')
+    permissions:
+      attestations: write
+
     steps:
     - uses: actions/download-artifact@v4
       with:
         name: Packages
         path: dist
 
+    - name: Generate artifact attestation for sdist and wheel
+      uses: actions/attest-build-provenance@v2
+      with:
+        subject-path: "dist/*"
+
     - name: Publish package
       uses: pypa/gh-action-pypi-publish@release/v1
       with: