Commit 4242571

@@ -6,6 +6,8 @@ on:
 #  pull_request: # debug
 permissions:
   contents: write
+  id-token: write
+  attestations: write
 jobs:
   release-binary:
     strategy:
@@ -63,3 +65,22 @@ jobs:
           # args: build --skip validate --clean --config .goreleaser-${{ matrix.os }}-${{ matrix.arch }}.yaml # debug
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  attestation:
+    runs-on: ubuntu-latest
+    needs: release-binary
+    steps:
+      - name: Set tag name
+        id: name
+        run: |
+          TAG_NAME="${{ github.ref_name }}"
+          # TAG_NAME="v0.8.0"  # debug
+          echo "TAG_NAME=$TAG_NAME" >> $GITHUB_OUTPUT
+      # --------- attestation ---------
+      - uses: robinraju/release-downloader@v1
+        with:
+          tag: ${{ steps.name.outputs.TAG_NAME }}
+          fileName: "*"
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-path: .