Add build attestations. Closes #343 #371

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Open

orf wants to merge 1 commit into astral-sh:main from orf:add-attestations

Contributor

orf commented Oct 16, 2024

This adds build attestations for our builds, following the guides here: https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds#generating-build-provenance-for-binaries

Closes #343


          Add build attestations. Closes astral-sh#343

639bf61

Member

zanieb commented Oct 16, 2024

Thank you! Should we only be attesting the artifacts on main?

chludwig-haufe mentioned this pull request

Add release atteststions #343

Closed

samypr100 mentioned this pull request

Add support for build attestations #481

Merged

zanieb added a commit that referenced this pull request


          Add support for build attestations (#481)

e1deaa1

Follow up on feedback from #371 and the previous work from @orf which I
cherry-picked.

This adds build attestations for the builds using
[actions/attest-build-provenance](https://github.com/actions/attest-build-provenance).

Closes #343

### Test Plan

Did a trial CI run which results in attestations like below for
`cpython-3.10-aarch64-unknown-linux-gnu-lto`

*
https://github.com/samypr100/python-build-standalone/attestations/4246020
* https://search.sigstore.dev/?logIndex=160192732

Co-authored-by: Thomas Forbes <tom.forbes@gitguardian.com>
Co-authored-by: Zanie Blue <contact@zanie.dev>

# for free to join this conversation on GitHub. Already have an account? # to comment

Labels

None yet