diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 82a35f05d..79ef72e69 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,6 +15,8 @@ jobs:
   build:
     permissions:
       contents: write # for actions/create-release to create a release
+      id-token: write # for actions/attest-build-provenance to create a attestation certificate
+      attestations: write # for actions/attest-build-provenance to upload the attestation
     name: Upload Release Asset
     runs-on: ubuntu-latest
     steps:
@@ -41,6 +43,11 @@ jobs:
       - name: Build phar file
         run: "php -d phar.readonly=0 bin/compile"
 
+      - name: Generate build provenance attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-path: '${{ github.workspace }}/composer.phar'
+
       - name: Create release
         id: create_release
         uses: actions/create-release@v1