From b335697b43907aba7d3efa703a848c76838985c3 Mon Sep 17 00:00:00 2001
From: tooomm <tooomm@users.noreply.github.com>
Date: Sat, 21 Feb 2026 15:39:48 +0100
Subject: [PATCH] CI: Fix artifact digest sha for attestation (#6614)

* Fix artifact digest sha for attestation

* linux, too

* Update desktop-build.yml
---
 .github/workflows/desktop-build.yml | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/desktop-build.yml b/.github/workflows/desktop-build.yml
index 684b375cc..45218fea4 100644
--- a/.github/workflows/desktop-build.yml
+++ b/.github/workflows/desktop-build.yml
@@ -220,13 +220,13 @@ jobs:
 
       - name: Upload to release
         id: upload_release
-        if: matrix.package != 'skip' && needs.configure.outputs.tag != null
+        if: needs.configure.outputs.tag != null && matrix.package != 'skip'
         shell: bash
         env:
           GH_TOKEN: ${{github.token}}
           tag_name: ${{needs.configure.outputs.tag}}
-          asset_path: ${{steps.build.outputs.path}}
           asset_name: ${{steps.build.outputs.name}}
+          asset_path: ${{steps.build.outputs.path}}
         run: gh release upload "$tag_name" "$asset_path#$asset_name"
 
       - name: Attest binary provenance
@@ -235,14 +235,15 @@ jobs:
         uses: actions/attest-build-provenance@v3
         with:
           subject-name: ${{steps.build.outputs.name}}
-          subject-digest: sha256:${{ steps.upload_artifact.outputs.artifact-digest }}
+          subject-path: ${{steps.build.outputs.path}}
+          show-summary: false
 
       - name: Verify binary attestation
         if: steps.attestation.outcome == 'success'
         shell: bash
         env:
           GH_TOKEN: ${{github.token}}
-        run: gh attestation verify ${{steps.build.outputs.path}} -R Cockatrice/Cockatrice
+        run: gh attestation verify ${{steps.build.outputs.path}} --repo Cockatrice/Cockatrice
 
   build-vcpkg:
     strategy:
@@ -528,8 +529,8 @@ jobs:
         env:
           GH_TOKEN: ${{github.token}}
           tag_name: ${{needs.configure.outputs.tag}}
-          asset_path: ${{steps.build.outputs.path}}
           asset_name: ${{steps.build.outputs.name}}
+          asset_path: ${{steps.build.outputs.path}}
         run: gh release upload "$tag_name" "$asset_path#$asset_name"
 
       - name: Attest binary provenance
@@ -538,11 +539,12 @@ jobs:
         uses: actions/attest-build-provenance@v3
         with:
           subject-name: ${{steps.build.outputs.name}}
-          subject-digest: sha256:${{ steps.upload_artifact.outputs.artifact-digest }}
+          subject-path: ${{steps.build.outputs.path}}
+          show-summary: false
 
       - name: Verify binary attestation
         if: steps.attestation.outcome == 'success'
         shell: bash
         env:
           GH_TOKEN: ${{github.token}}
-        run: gh attestation verify ${{steps.build.outputs.path}} -R Cockatrice/Cockatrice
+        run: gh attestation verify ${{steps.build.outputs.path}} --repo Cockatrice/Cockatrice