diff options
| author | Clement Tsang <34804052+ClementTsang@users.noreply.github.com> | 2024-05-03 11:37:16 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-03 11:37:16 -0400 |
| commit | d53725bbfc9acd76902ac22602f4ff2cd18e57fc (patch) | |
| tree | fe95e402a3f120150e096a22a244ba4aa37d7384 | |
| parent | 2b819a30972448292c8dfd8fdeb7cf16e4716969 (diff) | |
ci: try attestations for binaries (#1455)nightly
* ci: try attestations for binaries
* add additional attestation steps
| -rw-r--r-- | .github/workflows/build_releases.yml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/.github/workflows/build_releases.yml b/.github/workflows/build_releases.yml index d86b0627..ddea91bd 100644 --- a/.github/workflows/build_releases.yml +++ b/.github/workflows/build_releases.yml @@ -27,6 +27,11 @@ env: COMPLETION_DIR: "target/tmp/bottom/completion/" MANPAGE_DIR: "target/tmp/bottom/manpage/" +permissions: + id-token: write + contents: read + attestations: write + # TODO: Maybe add retry job in case of timeouts? jobs: build-binaries: @@ -177,6 +182,11 @@ jobs: tar -czvf bottom_${{ matrix.info.target }}${{ matrix.info.suffix }}.tar.gz btm completion echo "ASSET=bottom_${{ matrix.info.target }}${{ matrix.info.suffix }}.tar.gz" >> $GITHUB_ENV + - name: Generate artifact attestation for file + uses: actions/attest-build-provenance@v1 + with: + subject-path: ${{ env.ASSET }} + - name: Create release directory for artifact, move file shell: bash run: | @@ -245,6 +255,11 @@ jobs: cargo wix init cargo wix + - name: Generate artifact attestation for file + uses: actions/attest-build-provenance@v1 + with: + subject-path: "bottom_x86_64_installer.msi" + - name: Create release directory for artifact, move files shell: bash run: | @@ -284,6 +299,11 @@ jobs: fi python ./scripts/cirrus/build.py "$BRANCH" "release/" "${{ inputs.caller }}" + - name: Generate artifact attestation for file + uses: actions/attest-build-provenance@v1 + with: + subject-path: "release/**/*.tar.gz" + - name: Save release as artifact uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 with: @@ -400,6 +420,11 @@ jobs: sudo chown $USER ./target/${{ matrix.info.target }}/debian/ 2>/dev/null || true rm -r ./target/${{ matrix.info.target }}/debian/ + - name: Generate artifact attestation for file + uses: actions/attest-build-provenance@v1 + with: + subject-path: ${{ steps.verify.outputs.DEB_FILE }} + - name: Create release directory for artifact, move file shell: bash run: | @@ -485,6 +510,11 @@ jobs: sudo chown $USER ./target/${{ matrix.info.target }}/generate-rpm/ 2>/dev/null || true rm -r ./target/${{ matrix.info.target }}/generate-rpm/ + - name: Generate artifact attestation for file + uses: actions/attest-build-provenance@v1 + with: + subject-path: ${{ steps.verify.outputs.RPM_FILE }} + - name: Create release directory for artifact, move file shell: bash run: | |