Closes:#173
Test
I pushed a tag v0.1.2-0 to the fork repositoryhttps://github.com/suzuki-shunsuke/github-mcp-server and confirmed attestations were generated.
https://github.com/suzuki-shunsuke/github-mcp-server/actions/runs/14326892487/job/40153957850
https://github.com/suzuki-shunsuke/github-mcp-server/attestations/6157885
gh release download -R suzuki-shunsuke/github-mcp-server v0.1.2-0whileread -r asset;doecho"$asset" gh attestation verify"$asset" \ -R suzuki-shunsuke/github-mcp-server \ --signer-workflow suzuki-shunsuke/github-mcp-server/.github/workflows/goreleaser.ymldone<<(ls)
Result
github-mcp-server_0.1.2-0_checksums.txtLoaded digest sha256:6aa7d0c3c21532ed26b2685bc2cbe4275390b949e2b0402e259ccca9bbc32165 for file://github-mcp-server_0.1.2-0_checksums.txtLoaded 1 attestation from GitHub APIThe following policy criteria will be enforced:- Predicate type must match:................ https://slsa.dev/provenance/v1- Source Repository Owner URI must match:... https://github.com/suzuki-shunsuke- Source Repository URI must match:......... https://github.com/suzuki-shunsuke/github-mcp-server- Subject Alternative Name must match regex: ^https://github.com/suzuki-shunsuke/github-mcp-server/.github/workflows/goreleaser.yml- OIDC Issuer must match:................... https://token.actions.githubusercontent.com✓ Verification succeeded!The following 1 attestation matched the policy criteria- Attestation #1 - Build repo:..... suzuki-shunsuke/github-mcp-server - Build workflow:. .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0 - Signer repo:.... suzuki-shunsuke/github-mcp-server - Signer workflow: .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0github-mcp-server_Darwin_arm64.tar.gzLoaded digest sha256:5e1ddf9643eef2a665e0941d1158e9c20866cce60ea9de72f7434e1a030e0f99 for file://github-mcp-server_Darwin_arm64.tar.gzLoaded 1 attestation from GitHub APIThe following policy criteria will be enforced:- Predicate type must match:................ https://slsa.dev/provenance/v1- Source Repository Owner URI must match:... https://github.com/suzuki-shunsuke- Source Repository URI must match:......... https://github.com/suzuki-shunsuke/github-mcp-server- Subject Alternative Name must match regex: ^https://github.com/suzuki-shunsuke/github-mcp-server/.github/workflows/goreleaser.yml- OIDC Issuer must match:................... https://token.actions.githubusercontent.com✓ Verification succeeded!The following 1 attestation matched the policy criteria- Attestation #1 - Build repo:..... suzuki-shunsuke/github-mcp-server - Build workflow:. .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0 - Signer repo:.... suzuki-shunsuke/github-mcp-server - Signer workflow: .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0github-mcp-server_Darwin_x86_64.tar.gzLoaded digest sha256:0b0966754489a66c42b307fcc6aa2b66a6f75be2ea5f7d0375a3b52f555f7ad1 for file://github-mcp-server_Darwin_x86_64.tar.gzLoaded 1 attestation from GitHub APIThe following policy criteria will be enforced:- Predicate type must match:................ https://slsa.dev/provenance/v1- Source Repository Owner URI must match:... https://github.com/suzuki-shunsuke- Source Repository URI must match:......... https://github.com/suzuki-shunsuke/github-mcp-server- Subject Alternative Name must match regex: ^https://github.com/suzuki-shunsuke/github-mcp-server/.github/workflows/goreleaser.yml- OIDC Issuer must match:................... https://token.actions.githubusercontent.com✓ Verification succeeded!The following 1 attestation matched the policy criteria- Attestation #1 - Build repo:..... suzuki-shunsuke/github-mcp-server - Build workflow:. .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0 - Signer repo:.... suzuki-shunsuke/github-mcp-server - Signer workflow: .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0github-mcp-server_Linux_arm64.tar.gzLoaded digest sha256:9041a5241f5fc50917a135896e3938407523ac77581ac5cf737c82ebf1918de2 for file://github-mcp-server_Linux_arm64.tar.gzLoaded 1 attestation from GitHub APIThe following policy criteria will be enforced:- Predicate type must match:................ https://slsa.dev/provenance/v1- Source Repository Owner URI must match:... https://github.com/suzuki-shunsuke- Source Repository URI must match:......... https://github.com/suzuki-shunsuke/github-mcp-server- Subject Alternative Name must match regex: ^https://github.com/suzuki-shunsuke/github-mcp-server/.github/workflows/goreleaser.yml- OIDC Issuer must match:................... https://token.actions.githubusercontent.com✓ Verification succeeded!The following 1 attestation matched the policy criteria- Attestation #1 - Build repo:..... suzuki-shunsuke/github-mcp-server - Build workflow:. .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0 - Signer repo:.... suzuki-shunsuke/github-mcp-server - Signer workflow: .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0github-mcp-server_Linux_i386.tar.gzLoaded digest sha256:1e403adddc50d5dfa4de8f5a8cb6fc233609fd5117dffe02e5556f90db35f080 for file://github-mcp-server_Linux_i386.tar.gzLoaded 1 attestation from GitHub APIThe following policy criteria will be enforced:- Predicate type must match:................ https://slsa.dev/provenance/v1- Source Repository Owner URI must match:... https://github.com/suzuki-shunsuke- Source Repository URI must match:......... https://github.com/suzuki-shunsuke/github-mcp-server- Subject Alternative Name must match regex: ^https://github.com/suzuki-shunsuke/github-mcp-server/.github/workflows/goreleaser.yml- OIDC Issuer must match:................... https://token.actions.githubusercontent.com✓ Verification succeeded!The following 1 attestation matched the policy criteria- Attestation #1 - Build repo:..... suzuki-shunsuke/github-mcp-server - Build workflow:. .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0 - Signer repo:.... suzuki-shunsuke/github-mcp-server - Signer workflow: .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0github-mcp-server_Linux_x86_64.tar.gzLoaded digest sha256:5a61ef459e5898673ca60a63e4fdb314069f4d6bf5a84ffcd5df6327cfc08138 for file://github-mcp-server_Linux_x86_64.tar.gzLoaded 1 attestation from GitHub APIThe following policy criteria will be enforced:- Predicate type must match:................ https://slsa.dev/provenance/v1- Source Repository Owner URI must match:... https://github.com/suzuki-shunsuke- Source Repository URI must match:......... https://github.com/suzuki-shunsuke/github-mcp-server- Subject Alternative Name must match regex: ^https://github.com/suzuki-shunsuke/github-mcp-server/.github/workflows/goreleaser.yml- OIDC Issuer must match:................... https://token.actions.githubusercontent.com✓ Verification succeeded!The following 1 attestation matched the policy criteria- Attestation #1 - Build repo:..... suzuki-shunsuke/github-mcp-server - Build workflow:. .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0 - Signer repo:.... suzuki-shunsuke/github-mcp-server - Signer workflow: .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0github-mcp-server_Windows_arm64.zipLoaded digest sha256:e417ac4d61363dff027dfa33dbda35064e4ac4b55f42aa1ce30a14c665463226 for file://github-mcp-server_Windows_arm64.zipLoaded 1 attestation from GitHub APIThe following policy criteria will be enforced:- Predicate type must match:................ https://slsa.dev/provenance/v1- Source Repository Owner URI must match:... https://github.com/suzuki-shunsuke- Source Repository URI must match:......... https://github.com/suzuki-shunsuke/github-mcp-server- Subject Alternative Name must match regex: ^https://github.com/suzuki-shunsuke/github-mcp-server/.github/workflows/goreleaser.yml- OIDC Issuer must match:................... https://token.actions.githubusercontent.com✓ Verification succeeded!The following 1 attestation matched the policy criteria- Attestation #1 - Build repo:..... suzuki-shunsuke/github-mcp-server - Build workflow:. .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0 - Signer repo:.... suzuki-shunsuke/github-mcp-server - Signer workflow: .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0github-mcp-server_Windows_i386.zipLoaded digest sha256:5909afabcfc4a09070ac358cc0e702cc212142ff8058770bb617c45ea5cce7d5 for file://github-mcp-server_Windows_i386.zipLoaded 1 attestation from GitHub APIThe following policy criteria will be enforced:- Predicate type must match:................ https://slsa.dev/provenance/v1- Source Repository Owner URI must match:... https://github.com/suzuki-shunsuke- Source Repository URI must match:......... https://github.com/suzuki-shunsuke/github-mcp-server- Subject Alternative Name must match regex: ^https://github.com/suzuki-shunsuke/github-mcp-server/.github/workflows/goreleaser.yml- OIDC Issuer must match:................... https://token.actions.githubusercontent.com✓ Verification succeeded!The following 1 attestation matched the policy criteria- Attestation #1 - Build repo:..... suzuki-shunsuke/github-mcp-server - Build workflow:. .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0 - Signer repo:.... suzuki-shunsuke/github-mcp-server - Signer workflow: .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0github-mcp-server_Windows_x86_64.zipLoaded digest sha256:127dc1d04cbdae292dc6540963d3e0fa4e4468c8f37b66436c5dd853f07420ea for file://github-mcp-server_Windows_x86_64.zipLoaded 1 attestation from GitHub APIThe following policy criteria will be enforced:- Predicate type must match:................ https://slsa.dev/provenance/v1- Source Repository Owner URI must match:... https://github.com/suzuki-shunsuke- Source Repository URI must match:......... https://github.com/suzuki-shunsuke/github-mcp-server- Subject Alternative Name must match regex: ^https://github.com/suzuki-shunsuke/github-mcp-server/.github/workflows/goreleaser.yml- OIDC Issuer must match:................... https://token.actions.githubusercontent.com✓ Verification succeeded!The following 1 attestation matched the policy criteria- Attestation #1 - Build repo:..... suzuki-shunsuke/github-mcp-server - Build workflow:. .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0 - Signer repo:.... suzuki-shunsuke/github-mcp-server - Signer workflow: .github/workflows/goreleaser.yml@refs/tags/v0.1.2-0
Note
Uh oh!
There was an error while loading.Please reload this page.
Closes:#173
Test
I pushed a tag v0.1.2-0 to the fork repositoryhttps://github.com/suzuki-shunsuke/github-mcp-server and confirmed attestations were generated.
https://github.com/suzuki-shunsuke/github-mcp-server/actions/runs/14326892487/job/40153957850
https://github.com/suzuki-shunsuke/github-mcp-server/attestations/6157885
Result
Note