diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2f2d541..49f5e83 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,6 +17,9 @@ jobs:
           - target: Release_English_winxp
           - target: Release_Chinese_winxp
           - target: Release_Russian_winxp
+    permissions:
+      id-token: write
+      attestations: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -36,6 +39,10 @@ jobs:
       - name: Pack
         run: python build.py pack
 
+      - name: Generate attestation for artifact
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: builds/${{ matrix.target }}.zip
       - name: Upload artifact
         uses: actions/upload-artifact@v4
         with:
@@ -60,6 +67,9 @@ jobs:
           - cmd: plg64
             qtarch: win64_msvc2019_64
             target: plugin64
+    permissions:
+      id-token: write
+      attestations: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -82,6 +92,11 @@ jobs:
 
       - name: Pack
         run: python build.py pack
+
+      - name: Generate attestation for artifact
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: builds/${{ matrix.target }}.zip
       - name: Upload artifact
         uses: actions/upload-artifact@v4
         with:
@@ -102,6 +117,9 @@ jobs:
           - target: Release_English
           - target: Release_Chinese
           - target: Release_Russian
+    permissions:
+      id-token: write
+      attestations: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -120,6 +138,10 @@ jobs:
       - name: Pack
         run: python build.py pack
 
+      - name: Generate attestation for artifact
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: builds/${{ matrix.target }}.zip
       - name: Upload artifact
         uses: actions/upload-artifact@v4
         with: