sprout: version 0.0.19

.github/workflows/publish.yml

@@ -27,6 +27,8 @@ jobs:
     name: artifacts
     permissions:
       contents: write # Needed to upload artifacts.
+      id-token: write # Needed for attestation.
+      attestations: write # Needed for attestations.
     runs-on: ubuntu-latest
     steps:
     - name: harden runner
@@ -46,14 +48,28 @@ jobs:
     - name: 'assemble artifacts'
       run: ./hack/assemble.sh
 
-    - name: 'upload sprout-x86_64.efi artifact'
+    - name: 'upload sprout-x86_64.efi.zip artifact'
+      id: upload-sprout-x86_64-efi
       uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
       with:
-        name: sprout-x86_64.efi
+        name: sprout-x86_64.efi.zip
         path: target/assemble/sprout-x86_64.efi
 
-    - name: 'upload sprout-aarch64.efi artifact'
+    - name: 'upload sprout-aarch64.efi.zip artifact'
+      id: upload-sprout-aarch64-efi
       uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
       with:
-        name: sprout-aarch64.efi
+        name: sprout-aarch64.efi.zip
         path: target/assemble/sprout-aarch64.efi
+
+    - name: 'attest sprout-x86_64.efi.zip artifact'
+      uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
+      with:
+        subject-name: sprout-x86_64.efi.zip
+        subject-digest: "sha256:${{ steps.upload-sprout-x86_64-efi.outputs.artifact-digest }}"
+
+    - name: 'attest sprout-aarch64.efi.zip artifact'
+      uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
+      with:
+        subject-name: sprout-aarch64.efi.zip
+        subject-digest: "sha256:${{ steps.upload-sprout-aarch64-efi.outputs.artifact-digest }}"

.github/workflows/release.yml

@@ -20,6 +20,8 @@ jobs:
     name: release
     permissions:
       contents: write # Needed to upload release assets.
+      id-token: write # Needed for attestation.
+      attestations: write # Needed for attestations.
     runs-on: ubuntu-latest
     steps:
     - name: harden runner
@@ -39,6 +41,16 @@ jobs:
     - name: 'assemble artifacts'
       run: ./hack/assemble.sh
 
+    - name: 'attest sprout-x86_64.efi artifact'
+      uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
+      with:
+        subject-path: target/assemble/sprout-x86_64.efi
+
+    - name: 'attest sprout-aarch64.efi artifact'
+      uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
+      with:
+        subject-path: target/assemble/sprout-aarch64.efi
+
     - name: 'generate cultivator token'
       uses: actions/create-github-app-token@bf559f85448f9380bcfa2899dbdc01eb5b37be3a # v3.0.0-beta.2
       id: generate-token

Cargo.lock

@@ -66,7 +66,7 @@ dependencies = [
 
 [[package]]
 name = "edera-sprout"
-version = "0.0.18"
+version = "0.0.19"
 dependencies = [
  "anyhow",
  "bitflags",
@@ -81,7 +81,7 @@ dependencies = [
 
 [[package]]
 name = "edera-sprout-config"
-version = "0.0.18"
+version = "0.0.19"
 dependencies = [
  "serde",
 ]

Cargo.toml

@@ -7,7 +7,7 @@ resolver = "3"
 
 [workspace.package]
 license = "Apache-2.0"
-version = "0.0.18"
+version = "0.0.19"
 homepage = "https://sprout.edera.dev"
 repository = "https://github.com/edera-dev/sprout"
 edition = "2024"