POST /repos/{owner}/{repo}/attestations
Store an artifact attestation and associate it with a repository.
The authenticated user must have write permission to the repository and, if using a fine-grained access token, the attestations:write permission is required.
Artifact attestations are meant to be created using the attest action. For more information, see our guide on using artifact attestations to establish a build's provenance.
Servers
- https://api.github.com
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
repo |
String | Yes |
The name of the repository without the |
owner |
String | Yes |
The account owner of the repository. The name is not case sensitive. |
Request headers
| Name | Type | Required | Description |
|---|---|---|---|
Content-Type |
String | Yes |
The media type of the request body.
Default value: "application/json" |
Request body fields
| Name | Type | Required | Description |
|---|---|---|---|
bundle |
Object | Yes |
The attestation's Sigstore Bundle. Refer to the Sigstore Bundle Specification for more information. |
bundle.verificationMaterial |
Object | No | |
bundle.mediaType |
String | No | |
bundle.dsseEnvelope |
Object | No |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.