From d377db67e923e69fc1263f6044233032ba8d1a8a Mon Sep 17 00:00:00 2001
From: C0D3 M4513R <28912031+C0D3-M4513R@users.noreply.github.com>
Date: Mon, 10 Jun 2024 18:09:28 +0200
Subject: [PATCH] Add attestation with sbom

Signed-off-by: C0D3 M4513R <28912031+C0D3-M4513R@users.noreply.github.com>
---
 .github/workflows/rust.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
index cfed8d9..d6565fa 100644
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -9,6 +9,9 @@ on:
     branches: [main]
 permissions:
   contents: write
+  id-token: write
+  attestations: write
+  actions: read
 
 jobs:
   create-release:
@@ -101,6 +104,16 @@ jobs:
         uses: mozilla-actions/sccache-action@v0.0.4
       - name: Run build
         run: cargo build --target ${{ matrix.target }} --release --package ${{ matrix.package }} --bin ${{ matrix.package }}
+      - uses: anchore/sbom-action@v0
+        with:
+          artifact-name: "${{ matrix.package }}-${{ matrix.name }}-sbom.spdx.json"
+          output-file: "${{ matrix.package }}-${{ matrix.name }}-sbom.spdx.json"
+      - uses: actions/attest-sbom@v1
+        with:
+          subject-path: |
+            target/${{ matrix.target }}/release/${{ matrix.package }}*(?<!\.d)(?<!\.pdb)
+          sbom-path: "${{ matrix.package }}-${{ matrix.name }}-sbom.spdx.json"
+          push-to-registry: false
       - name: Upload build artifact
         uses: actions/upload-artifact@v4
         with: