Add permissions for attestation

Signed-off-by: Taylor Smock <[email protected]>

.github/workflows/ant.yml

@@ -84,6 +84,9 @@ jobs:
     needs: [josm-build, create_tag]
     outputs:
       plugin_directory: ${{ steps.version.outputs.plugin_directory }}
+    permissions:
+      id-token: write
+      attestations: write
     steps:
     - uses: JOSM/JOSMPluginAction/actions/setup-ant@v2
       with:
@@ -113,6 +116,15 @@ jobs:
         cd $GITHUB_WORKSPACE/josm/plugins/${{ github.event.repository.name }}
         ant -noinput -buildfile build.xml -Dplugin.version=${{ steps.version.outputs.version }}
 
+    - name: Perform attestation (jar)
+      uses: actions/attest-build-provenance@v1
+      with:
+        subject-path: josm/dist/${{ inputs.plugin-jar-name }}.jar
+    - name: Perform attestation (sources)
+      uses: actions/attest-build-provenance@v1
+      with:
+        subject-path: josm/dist/${{ inputs.plugin-jar-name }}-sources.jar
+
     - name: Upload plugin build
       id: cache-plugin-build
       uses: actions/upload-artifact@v4

README.md

@@ -42,6 +42,9 @@ on:
 
 jobs:
   call-workflow:
+    permissions:
+      id-token: write
+      attestations: write
     uses: JOSM/JOSMPluginAction/.github/workflows/ant.yml@v2
 ```