mirror of
https://github.com/astral-sh/uv
synced 2026-01-22 22:10:11 -05:00
f3d3203734
## Summary Similar to https://github.com/astral-sh/uv/pull/8685, this adds attestations for uv release artifacts. The changes on this PR would add attestations for * `dist-manifest.json` * `uv-installer.ps1` * `uv-installer.sh` * All `*.tar.gz` and `*.zip` uv binary files ## Test Plan ~(clarifying note: I'm aware this file is managed cargo dist and this will not work without allow-dirty at this time)~ ~Currently cargo dist targets generation in `build_local_artifacts` which is not used here, plus we'd ideally want to attest the GH downloads / artifacts.~ (edit: fixed by https://github.com/axodotdev/cargo-dist/pull/2000) At a glance, this release workflow seems to work successfully: e.g. Example Run: https://github.com/samypr100/uv/actions/runs/13229100555 e.g. Example Release: https://github.com/samypr100/uv/releases/tag/0.5.29 --------- Co-authored-by: Aria Desires <aria.desires@gmail.com>