use an action to generate signed build provenance attestations for the built binary

To sign the built binary in the container ensures more security.
 
- https://github.com/actions/attest-build-provenance?tab=readme-ov-file
- [Example](https://github.com/actions/attest-build-provenance?tab=readme-ov-file#examples)

```yaml
name: build-attest

on:
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
      attestations: write

    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Build artifact
        run: make my-app
      - name: Attest
        uses: actions/attest-build-provenance@v2
        with:
          subject-path: '${{ github.workspace }}/my-app'
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

use an action to generate signed build provenance attestations for the built binary #69

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

use an action to generate signed build provenance attestations for the built binary #69

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions