Attest built artifacts

### What's needed?

GitHub has a [new option to add artifact attestation](https://github.blog/changelog/2024-05-02-artifact-attestations-public-beta/) to establish provenance for builds and we should use it.

### Proposed solution

Add an extra step to attest the generated files:

```yaml
- name: Generate artifact attestation
  uses: actions/attest-build-provenance@v1
  with:
    subject-path: 'PATH/TO/ARTIFACT'
```

### Use cases

* Generated docs
* Generated Python wheels and source distribution files

### Alternatives and workarounds

_No response_

### Additional context

* https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds
* https://newsblur.com/site/8683141/github-blog

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Attest built artifacts #267

What's needed?

Proposed solution

Use cases

Alternatives and workarounds

Additional context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Attest built artifacts #267

Description

What's needed?

Proposed solution

Use cases

Alternatives and workarounds

Additional context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions