electron icon indicating copy to clipboard operation
electron copied to clipboard
verified publisher icon electron

build: generate artifact attestions for released assets

Open MarshallOfSound opened this issue 6 months ago • 2 comments

Based on sam/limit-workflow-permissions for easier permission stuff.

  • Introduces a cloning system for the -build segment so that we can have two permissions sets for the same set of work (normal builds should not have the attestation capability)
  • Attests to every artifact we upload to github

Should test this in a nightly and then backport. I don't think this attests to our checksum file but we can figure that out later.

Notes: none

MarshallOfSound avatar Sep 01 '25 21:09 MarshallOfSound

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedyaml@​2.8.110010010081100

View full report

socket-security[bot] avatar Nov 14 '25 21:11 socket-security[bot]

@electron/wg-infra this PR's been in limbo for a couple of months now, does anyone have cycles to review?

ckerr avatar Nov 25 '25 15:11 ckerr