build-attest #66

	name: build-attest

	on:
	workflow_dispatch:

	jobs:
	build:
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	attestations: write


	env:
	GH_TOKEN: ${{ github.TOKEN }}

	steps:
	# Artifacts download
	- uses: actions/checkout@v4
	- run: \|
	(type -p wget >/dev/null \|\| (sudo apt update && sudo apt-get install wget -y)) \
	&& sudo mkdir -p -m 755 /etc/apt/keyrings \
	&& wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg \| sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \
	&& sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \
	&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \| sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
	&& sudo apt update \
	&& sudo apt install gh -y
	gh --version



	- run: tree -h -L 2 ${{ github.workspace }}

	- name: Generate artifact attestation
	uses: actions/attest-build-provenance@v1
	with:
	subject-path: ${{ github.workspace }}/gradlew
	github-token: ${{ github.TOKEN }}

	- run: \|
	gh attestation download ${{ github.workspace }}/gradlew -R milankomaj/data-livewallpaper
	tree -h -L 2 ${{ github.workspace }}

	- name: artifact attest verify
	run: \|
	gh attestation verify ${{ github.workspace }}/gradlew -R milankomaj/data-livewallpaper
	# gh attestation verify './gradlew' --owner milankomaj --bundle './sha256:c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4.jsonl'

Provide feedback