How to vouch for a workflow or job

Log in with the Login with GitHub button above to create attestations directly from this dashboard, or use the REST API with a GitHub personal access token that has at minimum read:org scope.

User-tier attestation (entire workflow)

curl -X POST https://your-api.example.com/api/v1/attestations \
  -H "Authorization: Bearer <your-github-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "repository":     "owner/repo",
    "workflow_path":  ".github/workflows/ci.yml",
    "tier":           "user",
    "org_affiliation": "AMD",
    "notes":          "rocMinductor 4xl python 3.8 nightly test suite",
    "expiry_days":    180
  }'

Organization-tier attestation (single job)

curl -X POST https://your-api.example.com/api/v1/attestations \
  -H "Authorization: Bearer <your-github-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "repository":      "owner/repo",
    "workflow_path":   ".github/workflows/ci.yml",
    "job_name":        "python-test-38",
    "tier":            "organization",
    "org_github_login": "my-github-org",
    "org_affiliation": "AMD",
    "notes":           "Owned by GPU software team"
  }'

Update gate mode for a repository (admins only)

curl -X PUT https://your-api.example.com/api/v1/repositories/owner/repo/config \
  -H "Authorization: Bearer <your-github-token>" \
  -H "Content-Type: application/json" \
  -d '{ "mode": "block", "expiry_days": 90 }'

Gate modes: audit (warn, don't block — default) or block (fail the check run, blocking merges when configured as a required status check).