Fix github attestations of releases (#16530)

2025-11-18 19:21:46 +00:00 · 2025-10-30 22:31:19 -04:00 · 2025-10-30 22:31:19 -04:00 · d71ae61c0b
commit d71ae61c0b
parent 0adb444806
2 changed files with 7 additions and 7 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -68,7 +68,7 @@ jobs:
        # we specify bash to get pipefail; it guards against the `curl` command
        # failing. otherwise `sh` won't catch that `curl` returned non-0
        shell: bash
-        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.30.1/cargo-dist-installer.sh | sh"
+        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.30.2/cargo-dist-installer.sh | sh"
      - name: Cache dist
        uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
        with:
@ -175,10 +175,6 @@ jobs:
    runs-on: "depot-ubuntu-latest-4"
    outputs:
      val: ${{ steps.host.outputs.manifest }}
-    permissions:
-      "attestations": "write"
-      "contents": "write"
-      "id-token": "write"
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
        with:
@ -237,6 +233,10 @@ jobs:
    # "host" however must run to completion, no skipping allowed!
    if: ${{ always() && needs.host.result == 'success' && (needs.custom-publish-pypi.result == 'skipped' || needs.custom-publish-pypi.result == 'success') }}
    runs-on: "depot-ubuntu-latest-4"
+    permissions:
+      "attestations": "write"
+      "contents": "write"
+      "id-token": "write"
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
--- a/dist-workspace.toml
+++ b/dist-workspace.toml
@ -4,7 +4,7 @@ members = ["cargo:."]
 # Config for 'dist'
 [dist]
 # The preferred dist version to use in CI (Cargo.toml SemVer syntax)
-cargo-dist-version = "0.30.1"
+cargo-dist-version = "0.30.2"
 # Whether to consider the binaries in a package for distribution (defaults true)
 dist = false
 # CI backends to support
@ -49,7 +49,7 @@ github-release = "announce"
 # Whether to enable GitHub Attestations
 github-attestations = true
 # When to generate GitHub Attestations
-github-attestations-phase = "host"
+github-attestations-phase = "announce"
 # Patterns to attest when creating attestations for release artifacts
 github-attestations-filters = ["*.json", "*.sh", "*.ps1", "*.zip", "*.tar.gz"]
 # Whether CI should include auto-generated code to build local artifacts