From 1521d8645bac8d69ff063950770a36218e7d482e Mon Sep 17 00:00:00 2001
From: Quinten Stokkink <goqs@hotmail.com>
Date: Fri, 25 Oct 2024 10:32:28 +0200
Subject: [PATCH] Use authentihash

---
 .github/workflows/build.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 17edfdc..68a4e3e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -18,10 +18,18 @@ jobs:
           call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
           cl .\hello.cpp
           .\hello.exe
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+      - name: Install lief
+        run: |
+          pip install lief
+          python -c "import lief, binascii; print('DIGEST=' + binascii.hexlify(lief.parse('hello.exe').authentihash_sha256))" >> $GITHUB_ENV
       - name: Attest
         uses: actions/attest@v1
         with:
-          subject-path: 'hello.exe'
+          subject-name: 'hello.exe'
+          subject-digest: "sha256:${DIGEST}"
           predicate-type: 'https://in-toto.io/attestation/release/v0.1'
           predicate: '{"purl": "git+https://github.com/qstokkink/testghattestations.git@1","releaseId": "1"}'
       - name: Upload Artifacts