KSXGitHub · KSXGitHub · Apr 8, 2026 · Apr 8, 2026 · Apr 8, 2026 · Apr 8, 2026
diff --git a/template/parallel-disk-usage-bin/PKGBUILD b/template/parallel-disk-usage-bin/PKGBUILD
@@ -16,6 +16,27 @@ sha1sums=(
   SKIP                          # for the license file
 )
 
+prepare() {
+  if ! command -v gh > /dev/null 2>&1; then
+    warning 'GitHub CLI (gh) not found, skipping provenance verification.'
+    plain 'hint: install the github-cli package to enable cryptographic verification of release artifacts.'
+    return 0
+  fi
+
+  if ! gh auth status > /dev/null 2>&1; then
+    warning 'gh is not authenticated, skipping provenance verification.'
+    plain 'hint: run `gh auth login` (or set GH_TOKEN) to enable cryptographic verification of release artifacts.'
+    return 0
+  fi
+
+  msg2 'Verifying build provenance with gh attestation...'
+  local _repo='KSXGitHub/parallel-disk-usage'
+  gh attestation verify --repo "$_repo" "pdu-$_checksum"
+  gh attestation verify --repo "$_repo" "completion.$pkgver.bash"
+  gh attestation verify --repo "$_repo" "completion.$pkgver.fish"
+  gh attestation verify --repo "$_repo" "completion.$pkgver.zsh"
+}
+
 package() {
   install -Dm755 "pdu-$_checksum" "$pkgdir/usr/bin/pdu"
   install -Dm644 README.md "$pkgdir/usr/share/doc/$pkgname/README.md"