cargo-dist icon indicating copy to clipboard operation
cargo-dist copied to clipboard

Published 20 hours ago • verified publisher icon axodotdev

[WIP]: GitHub Artifact Attestations

Open dunxen opened this issue 9 months ago • 0 comments

Just a draft of adding a config to enable GitHub Artifact Attestations.

Has some todos and probably still missing a few things and tests, but just putting up the draft for early comment / visibility.

One quirk with the (silly) glob I wrote in the yml for the job is that attestations for the checksums are also generated which I suppose is fine.

I've made few changes since I last tested it on my example project, but I did manage to run it and attestations do get generated (https://github.com/dunxen/pors/attestations). I guess it would be good to also link the attestation downloads in the release announcement download table for each artifact too for offline verification.

dunxen avatar May 06 '24 17:05 dunxen