From 0086ea6edf39faaac3d369b6b3288749b99c18ad Mon Sep 17 00:00:00 2001
From: Anichitei Ionel-Cristinel <49393881+ianichitei@users.noreply.github.com>
Date: Wed, 8 May 2024 10:25:53 +0300
Subject: [PATCH] ci: Attest provenance for each build artefact, not just the
 archives

---
 .github/workflows/ci.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3c0deb6..a2b7f8a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -98,9 +98,11 @@ jobs:
         tar.exe -acf x86-windows-release.zip bin\Win32\Release
     - name: Attest Build Provenance
       if: ${{ github.event_name == 'release' }}
-      uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0
+      uses: actions/attest-build-provenance@v1.1.0
       with:
-        subject-path: '*-windows-release.zip'
+        subject-path: |
+          'bin/**/Release/*'
+          '*-windows-release.zip'
     - name: Release
       if: ${{ github.event_name == 'release' }}
       uses: AButler/upload-release-assets@v2.0.2