From af945192453bbe042ab62be0f6232db5abb5767f Mon Sep 17 00:00:00 2001
From: Quinten Stokkink <goqs@hotmail.com>
Date: Fri, 25 Oct 2024 10:32:28 +0200
Subject: [PATCH] Use authentihash

---
 .github/workflows/build.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 17edfdc..9537e3f 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -18,10 +18,20 @@ jobs:
           call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
           cl .\hello.cpp
           .\hello.exe
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+      - name: Install lief
+        run: |
+          pip install lief
+          python -c "import lief, binascii; print('DIGEST=' + binascii.hexlify(lief.parse('hello.exe').authentihash_sha256).decode())" >> $GITHUB_ENV
+      - name: Double check DIGEST
+        run: echo $DIGEST
       - name: Attest
         uses: actions/attest@v1
         with:
-          subject-path: 'hello.exe'
+          subject-name: 'hello.exe'
+          subject-digest: sha256:$DIGEST
           predicate-type: 'https://in-toto.io/attestation/release/v0.1'
           predicate: '{"purl": "git+https://github.com/qstokkink/testghattestations.git@1","releaseId": "1"}'
       - name: Upload Artifacts