Skip to content

Add artifact attestation to firmware build workflow#15

Merged
SierraJC merged 4 commits into
mainfrom
copilot/add-artifact-attestations
May 6, 2026
Merged

Add artifact attestation to firmware build workflow#15
SierraJC merged 4 commits into
mainfrom
copilot/add-artifact-attestations

Conversation

Copilot AI commented May 6, 2026

Copy link
Copy Markdown

Summary

Adds a firmware attestation step to the build workflow using actions/attest-build-provenance, and gates the publish job on attestation succeeding.

Changes

  • Added attest job that downloads the built firmware artifacts and generates build provenance attestations using actions/attest-build-provenance@v4.1.0 (pinned to commit SHA)
  • Updated publish job condition from always() && !cancelled() to needs.attest.result == 'success', so publishing only occurs when both build and attest succeed
  • All new actions are pinned to commit SHAs for supply-chain security

Copilot AI and others added 4 commits May 5, 2026 23:42
Agent-Logs-Url: https://github.com/SierraJC/qmk_userspace/sessions/c7ebe4f2-ff38-4735-9c3e-fc74325088be

Co-authored-by: SierraJC <7351311+SierraJC@users.noreply.github.com>
Agent-Logs-Url: https://github.com/SierraJC/qmk_userspace/sessions/c7ebe4f2-ff38-4735-9c3e-fc74325088be

Co-authored-by: SierraJC <7351311+SierraJC@users.noreply.github.com>
Agent-Logs-Url: https://github.com/SierraJC/qmk_userspace/sessions/5d352f4e-c262-4249-b01b-1dcfa7aab35d

Co-authored-by: SierraJC <7351311+SierraJC@users.noreply.github.com>
Copilot AI requested a review from SierraJC May 6, 2026 00:12
@SierraJC SierraJC marked this pull request as ready for review May 6, 2026 00:15
@SierraJC SierraJC merged commit 7eb07c6 into main May 6, 2026
5 checks passed
@SierraJC SierraJC deleted the copilot/add-artifact-attestations branch May 6, 2026 00:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants