From 77862e8940d7e76f9bdd7e0b449ccf38298758bd Mon Sep 17 00:00:00 2001
From: Pun Butrach <pun.butrach@gmail.com>
Date: Thu, 22 May 2025 19:54:29 +0700
Subject: [PATCH] ci: Attest release artifacts (#367)

Co-authored-by: oSumAtrIX <johan.melkonyan1@web.de>
---
 .github/workflows/release.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ce715b3..e7799bf 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,6 +12,8 @@ jobs:
     name: Release
     permissions:
       contents: write
+      id-token: write
+      attestations: write
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -47,6 +49,14 @@ jobs:
           fingerprint: ${{ vars.GPG_FINGERPRINT }}
 
       - name: Release
+        uses: cycjimmy/semantic-release-action@v4
+        id: release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: npm exec semantic-release
+
+      - name: Attest
+        if: steps.release.outputs.new_release_published == 'true'
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: 'ReVanced CLI ${{ steps.release.outputs.new_release_git_tag }}'
+          subject-path: build/libs/revanced-cli*.jar