[ITSEC-2280] Add contracts folder to be attested (#249)

* ITSEC-2280 Add Dependency Review job; Add SBOM signing. * ITSEC-2280 Update CODEOWNERS to include Product Security on .github * ITSEC-2280: Fix the dependency review action Signed-off-by: immutable-art <[email protected]> * ITSEC-2280 Update permissions for GH attestations Signed-off-by: immutable-art <[email protected]> * ITSEC-2280: Add 'contracts' for artifact signing Signed-off-by: immutable-art <[email protected]> --------- Signed-off-by: immutable-art <[email protected]>
immutable · Oct 16, 2024 · 5e55aec · 5e55aec
1 parent 5049da5
commit 5e55aec
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       id-token: write # Required for GitHub Attestation
-      attestations: write # Required for GitHub Attestation
+      attestations: write # Required for GitHub Attestation 
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -64,7 +64,9 @@ jobs:
       - name: Generate SDK attestation
         uses: actions/attest-build-provenance@v1
         with:
-          subject-path: './dist'
+          subject-path: |
+            dist
+            contracts
   
       - name: Publish package
         uses: JS-DevTools/npm-publish@v1