From 70d5f228ba29b54cb561b1eea845a848159d3e38 Mon Sep 17 00:00:00 2001
From: Felix Moessbauer <felix.moessbauer@siemens.com>
Date: Mon, 18 Nov 2024 15:52:58 +0100
Subject: [PATCH] ci: attest build only on push

When running the build for external PRs, we do not have access to
secrets (for good reason). By that, we also cannot perform the
attestation step. Just skip it in these cases.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 .github/workflows/build.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index af055d9..43862e4 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -94,6 +94,7 @@ jobs:
 
       - name: attest extension artifacts
         uses: actions/attest-build-provenance@v1
+        if: github.event_name == 'push'
         with:
           subject-path: |
             build/Linux-Entra-SSO-v*