From bc3888da79f34727aaca31f1c6d88739afdddbf3 Mon Sep 17 00:00:00 2001
From: Pun Butrach <pun.butrach@gmail.com>
Date: Thu, 30 Jan 2025 02:43:16 +0700
Subject: [PATCH] ci: Generate release artifact provenance (#2324)

Signed-off-by: validcube <pun.butrach@gmail.com>
---
 .github/workflows/release-build.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml
index c057a644..4b01fe63 100644
--- a/.github/workflows/release-build.yml
+++ b/.github/workflows/release-build.yml
@@ -9,6 +9,9 @@ jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      attestations: write
     steps:
       - uses: actions/checkout@v4
       - name: Set env
@@ -41,6 +44,11 @@ jobs:
       - name: Add version to APK
         run: mv ${{ steps.sign_apk.outputs.signedFile }} revanced-manager-${{ env.RELEASE_VERSION }}.apk
 
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: revanced-manager-${{ env.RELEASE_VERSION }}.apk
+
       - name: Publish release APK
         uses: "marvinpinto/action-automatic-releases@latest"
         with: