add attest-build-provenance action (#35)

Author: tk3fftk

.github/workflows/goreleaser.yaml

@@ -7,7 +7,9 @@ on:
       - "*"
 
 permissions:
-  contents: write
+  id-token: write # for attestations
+  contents: write # for update release assets
+  attestations: write # for attestations
 
 jobs:
   goreleaser:
@@ -27,3 +29,8 @@ jobs:
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: "dist/**/tfustomize*"
+          subject-name: "tk3fftk/tfustomize"