junit-team · sormuras · Jun 6, 2024 · Jun 5, 2024 · Jun 5, 2024 · Jun 5, 2024
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -17,7 +17,9 @@ jobs:
   Linux:
     runs-on: ubuntu-latest
     permissions:
-      contents: write # required for submitting a dependency graph
+      contents: write     # required for submitting a dependency graph
+      attestations: write # required for build provenance attestation
+      id-token: write     # required for build provenance attestation
     steps:
     - name: Check out repository
       uses: actions/checkout@v4
@@ -42,6 +44,12 @@ jobs:
           build \
           jacocoRootReport \
           prepareDocsForUploadToGhPages
+    - name: Generate build provenance attestations
+      uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0
+      with:
+        subject-path: |
+          'junit-jupiter/build/libs/junit-jupiter-*-SNAPSHOT.jar'
+          'junit-jupiter-api/build/libs/junit-jupiter-api-*-SNAPSHOT.jar'
     - name: Upload to Codecov.io
       uses: codecov/codecov-action@v4
       with: