From 3e8862ea5aec519b0fdf84158528d127bd535ffd Mon Sep 17 00:00:00 2001
From: Pun Butrach <pun.butrach@gmail.com>
Date: Mon, 10 Feb 2025 19:34:12 +0700
Subject: [PATCH] ci: Generate release artifact provenance (#2315)

---
 .github/workflows/release.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4513330e..540a931a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,7 +17,9 @@ jobs:
   release:
     name: Release
     permissions:
-        contents: write
+      id-token: write
+      contents: write
+      attestations: write
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -63,3 +65,8 @@ jobs:
           KEYSTORE_ENTRY_PASSWORD: ${{ secrets.KEYSTORE_ENTRY_PASSWORD }}
         run: |
           npx semantic-release
+          
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: build/app/outputs/apk/release/revanced-manager-*.apk