Add Artifact Attestations to Workflow Add SLSA build-provenance attestations to existing GitHub Actions workflows for Docker container images. Steps 0. Find existing workflow files in that contain or similar steps. Note that composite actions may be used — read both the composite action and the calling workflow simultaneously. 1. Enable OIDC & Attestations permissions In each workflow's top-level block, grant both the OIDC token and attestations write privileges: 2. Log in to container registries Ensure authentication steps exist for each registry you'll attest against. Judge whether there ar…