From bb72072ee74794b6b4b47825663a7a72ac003078 Mon Sep 17 00:00:00 2001
From: David Tolnay <dtolnay@gmail.com>
Date: Sun, 26 Jan 2025 13:20:09 -0800
Subject: [PATCH] Verify artifact attestations

---
 action.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/action.yml b/action.yml
index c5f9710..3ac992f 100644
--- a/action.yml
+++ b/action.yml
@@ -33,6 +33,11 @@ runs:
     - name: Verify gpg signature
       run: gpg --no-default-keyring --keyring ${{runner.temp}}/signing-key.gpg --trusted-key 830334D6A6010C41 --verify ${{runner.temp}}/${{steps.inputs.outputs.bin}}.sig ${{steps.cargo.outputs.dir}}/${{steps.inputs.outputs.bin}}
       shell: bash
+    - name: Verify artifact attestation
+      run: gh attestation verify --owner dtolnay ${{steps.cargo.outputs.dir}}/${{steps.inputs.outputs.bin}}
+      env:
+        GH_TOKEN: ${{github.token}}
+      shell: bash
     - name: Set executable bit
       run: chmod +x ${{steps.cargo.outputs.dir}}/${{steps.inputs.outputs.bin}}
       shell: bash