diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 9eba158..22f962a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -54,6 +54,8 @@ jobs: id-token: write # Required for OIDC token (NuGet trusted publishing) contents: read actions: read # Required for actions/download-artifact + attestations: write + artifact-metadata: write steps: - name: Download artifact from build job @@ -67,6 +69,12 @@ jobs: with: user: ${{ secrets.NUGET_USER }} # nuget.org profile name (NOT email) + - name: Attest NuGet packages (best effort) + continue-on-error: true + uses: actions/attest@v4 + with: + subject-path: '${{ github.workspace }}/*.nupkg' + - name: Push NuGet run: | $tagVersion = "${{ github.ref }}".substring(11)