# GitHub Repository Code Signing and Attestation with Post-Quantum Cryptography > Automate post-quantum code signing and software supply chain attestation for GitHub repositories and release artifacts. This workflow asks the user which GitHub repository, branch, tag, or specific file they want to certify, downloads the content using the GitHub Repo Browser tool, and signs it with the Quantum-Safe File Attestation tool using ML-DSA-65 (Dilithium3) post-quantum digital signatures via hardware security module. Returns a verifiable attestation package containing a cryptographic manifest, digital signature, and verification bundle with a downloadable certificate link. Use cases include software release signing, open source distribution integrity, SBOM attestation, build artifact certification, code audit compliance evidence, CI/CD pipeline integrity verification, regulatory submission of source code, DevSecOps supply chain security, and tamper-proof repository snapshots for legal or IP protection. Content type: workflow Source URL: https://www.agentpmt.com/agent-workflow-skills/github-repository-code-signing-and-attestation-with-post-quantum-cryptography--69c9e9c394c1eacb907d4150 Markdown URL: https://www.agentpmt.com/api/agent/workflows/github-repository-code-signing-and-attestation-with-post-quantum-cryptography--69c9e9c394c1eacb907d4150?format=agent-md Updated: 2026-03-30T03:28:05.835Z Author: firef1ie --- Estimated time saved: 20 minutes. ## Tools - GitHub Repo Browser - Read Only - Quantum-Safe File Attestation ## Workflow Outline 1. Gather Repository Details: Prompt step. 2. Download from GitHub: Use the repository details gathered from the user. If the user specified a single file path, use the download_to_storage action with the owner, repo, and path. If the user wants t... 3. Prepare Attestation Input: Prompt step. 4. Create Quantum-Safe Attestation: Call the attest_artifact action with the file_id from the previous step. Set the artifact_name to the descriptive name prepared (e.g., 'owner/repo:path'). Include metadata with re... 5. Deliver Certificate to User: Prompt step.