From 714cdeedc779cd8d5fd02d4672aa1b8a6e94ad35 Mon Sep 17 00:00:00 2001
From: Hynek Schlawack <hs@ox.cx>
Date: Mon, 28 Oct 2024 10:26:10 +0100
Subject: [PATCH] Write GitHub provenance for packages

---
 .github/workflows/pypi-package.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/pypi-package.yml b/.github/workflows/pypi-package.yml
index 1f41cd2..1aa8c45 100644
--- a/.github/workflows/pypi-package.yml
+++ b/.github/workflows/pypi-package.yml
@@ -1,5 +1,5 @@
 ---
-name: Build & maybe upload PyPI package
+name: Build & upload PyPI package
 
 on:
   push:
@@ -11,6 +11,7 @@ on:
   workflow_dispatch:
 
 permissions:
+  attestations: write
   contents: read
   id-token: write
 
@@ -31,6 +32,8 @@ jobs:
           fetch-depth: 0
 
       - uses: hynek/build-and-inspect-python-package@v2
+        with:
+          attest-build-provenance-github: 'true'
 
   # Upload to Test PyPI on every commit on main.
   release-test-pypi: