ci: Add GitHub artifact attestations to package distribution #933
Conversation
|
@henryiii I saw that you reran the failing Pyodide wheel tests, but they're still failing, though have to be unrelated to this PR. |
|
You requested review from me, but Henry normally handles boost-histogram. I can work on this if Henry is busy. |
|
Thanks @HDembinski. If @henryiii normally covers this then I'll let him get to it whenever he has time — no rush here. Thanks though! |
|
Yes, I've just been hoping the pyodide test would resolve, but it looks like something has changed and I'll need to debug. Doing so in #934. For my understanding, this only shows up in GitHub's page for now (and in the future PyPI might accept them too)? |
updates: - [github.com/python-jsonschema/check-jsonschema: 0.28.2 → 0.28.4](python-jsonschema/check-jsonschema@0.28.2...0.28.4)
* Add generation of GitHub artifact attestations to built sdist and wheel before upload. c.f.: - https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/ - https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds
henryiii
force-pushed
the
ci/add-artifact-attestations
branch
from
90a50fa
to
859da6c
Compare
|
Thanks! |
|
Once this runs during a release the attestations will be uploaded to https://github.com/scikit-hep/boost-histogram/attestations and can be verified from a wheel or sdist artifact using the |
c.f.:
python-jsonschema/check-jsonschemapre-commit hook to recognizeattestationspermissionskey.