BUILD-9447 Enable provenance attestation generation

SamirM-BE · SamirM-BE · commit 623f542ef9e7 · 2025-11-10T09:23:28.000+01:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -18,12 +18,14 @@ jobs:
     permissions:
       id-token: write
       contents: write
+      attestations: write
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - uses: SonarSource/ci-github-actions/build-poetry@master # dogfood
         with:
           sonar-platform: sqc-eu
           deploy-pull-request: true
+          provenance: 'true'
 
   promote:
     needs:
diff --git a/README.md b/README.md
@@ -1,3 +1,13 @@
 # sonar-dummy-python-oss
 
 A sample python project used for testing purposes.
+
+## Artifact Verification
+
+Provenance attestations are available at: <https://github.com/SonarSource/sonar-dummy-python-oss/attestations>
+
+To verify an artifact:
+
+```bash
+gh attestation verify <artifact-file> --repo SonarSource/sonar-dummy-python-oss
+```
