Skip to content

[CHORE] Switch workflow attestation action to actions/attest #70

New issue
New issue
Open
Open
[CHORE] Switch workflow attestation action to actions/attest#70
Labels
area:ciCI/CD, GitHub Actions, workflowschoreGeneral tasks (e.g. update dependencies, contact a manufacturer, read a paper)
@c-vigo

Description

@c-vigo
c-vigo
opened on Mar 2, 2026

Chore Type

CI / Build change

Description

Migrate workflow attestation from actions/attest-build-provenance to actions/attest, per upstream guidance noted in PR #65.
As of v4, attest-build-provenance is a wrapper around actions/attest, and new implementations should use actions/attest directly.

Acceptance Criteria

  • Replace actions/attest-build-provenance usage with actions/attest in relevant workflow file(s)
  • Preserve existing attestation behavior (artifact subject, provenance generation, and permissions scope)
  • Validate workflow syntax and successful execution in CI
  • Document any required input/permission changes in workflow comments or docs (if applicable)

Implementation Notes

  • Scope is limited to GitHub Actions workflow attestation steps.
  • Review differences in action inputs between wrapper action and actions/attest.
  • Keep least-privilege permissions for workflow tokens.

Related Issues

Related to PR #65

Priority

Medium

Changelog Category

No changelog needed

Additional Context

PR #65 updates actions/attest-build-provenance and includes upstream release guidance:
“new implementations should use actions/attest instead.”

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:ciCI/CD, GitHub Actions, workflowschoreGeneral tasks (e.g. update dependencies, contact a manufacturer, read a paper)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions