Skip to content

BUILD-9447 Generation attestation for build actions#69

Merged
SamirM-BE merged 1 commit intomasterfrom
feat/smarini/BUILD-9447
Nov 10, 2025
Merged

BUILD-9447 Generation attestation for build actions#69
SamirM-BE merged 1 commit intomasterfrom
feat/smarini/BUILD-9447

Conversation

@SamirM-BE
Copy link
Copy Markdown
Contributor

@SamirM-BE SamirM-BE commented Oct 23, 2025
edited by atlassian bot
Loading

@SamirM-BE SamirM-BE force-pushed the feat/smarini/BUILD-9447 branch from d7e8193 to b5cd0a7 Compare October 26, 2025 17:57
@SamirM-BE SamirM-BE force-pushed the feat/smarini/BUILD-9447 branch from b5cd0a7 to 057b7fa Compare November 6, 2025 13:13
@SamirM-BE SamirM-BE mentioned this pull request Nov 7, 2025
Merged
@SamirM-BE SamirM-BE force-pushed the feat/smarini/BUILD-9447 branch from 057b7fa to 94531ab Compare November 7, 2025 12:10
@SamirM-BE SamirM-BE marked this pull request as ready for review November 7, 2025 12:36
@SamirM-BE SamirM-BE requested a review from a team as a code owner November 7, 2025 12:36
Copilot AI review requested due to automatic review settings November 7, 2025 12:36
Copilot AI reviewed Nov 7, 2025
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enables build attestation for GitHub Actions workflows by adding the necessary permissions and configuration to generate provenance attestations for build artifacts.

Key Changes:

  • Added attestations: write permission to the build job
  • Enabled provenance generation in the build-poetry action

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@SamirM-BE SamirM-BE force-pushed the feat/smarini/BUILD-9447 branch from 94531ab to 33cb59f Compare November 10, 2025 07:00
@SamirM-BE SamirM-BE force-pushed the feat/smarini/BUILD-9447 branch from 33cb59f to 0b90734 Compare November 10, 2025 07:03
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Nov 10, 2025

SonarQube reviewer guide

Summary: Enables artifact attestation and provenance verification for CI/CD builds.

Review Focus: Verify the attestations permission is correct and the provenance flag works with the SonarSource action.

Start review at: .github/workflows/build.yml. This contains the core functionality changes that enable provenance generation during builds.

💬 Please send your feedback

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 Dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@SamirM-BE SamirM-BE merged commit 623f542 into master Nov 10, 2025
6 checks passed
@SamirM-BE SamirM-BE deleted the feat/smarini/BUILD-9447 branch November 10, 2025 08:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@hedinasr hedinasr hedinasr approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SamirM-BE @hedinasr