[Feature] Attest Builds #340
Description
In a previous issue Immutable releases have been enabled : #339.
Note about immutable releases: You may want to replace the AButler/upload-release-assets action to directly using the CLI to create a draft release. As once a Immutable release is out, if the workflow failed, you cannot fix it anymore. See https://cli.github.com/manual/gh_release_create. You may need to pass your GITHUB.TOKEN in the environment of the CLI.
However, immutable releases still creates a small gap where assets can be replaced during the draft state. This is why, during the build workflow, you should also create a single attestation for all of the files that have been built. For more information, see this guide. This way users will be able to compare the SHA256 hash of the files in the attestation to the release assets SHA256. You need to add a new action along with the full path or a glob path of the files that need to be in the attestation.