attestation workflow test

Author: afragen

.github/workflows/attestation-test.yml

@@ -0,0 +1,38 @@
+name: Test attestation
+
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    name: Test attestation
+    runs-on: ubuntu-latest
+    permissions:
+      attestations: write
+      contents: read
+      id-token: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@master
+
+      - name: Get tag
+        id: tag
+        run: echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
+
+      - name: Build project
+        run: git archive -o /tmp/${{ github.event.repository.name }}-${{ steps.tag.outputs.tag }}.zip --prefix=${{ github.event.repository.name }}/ ${{ steps.tag.outputs.tag }}
+
+      - name: Create Release
+        id: create_release
+        uses: softprops/action-gh-release@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          files: /tmp/${{ github.event.repository.name }}-${{ steps.tag.outputs.tag }}.zip
+
+      - name: Generate build provenance attestation
+        uses: johnbillion/[email protected]
+        with:
+          zip-path: ${{ steps.deploy.outputs.zip-path }}
+          zip-url: "https://github.com/${{ github.event.repository.full_name }}/${{ github.event.repository.name }}-${{ steps.tag.outputs.tag }}.zip"
+          dry-run: true