|
25 | 25 | cancel-in-progress: false |
26 | 26 | permissions: |
27 | 27 | contents: write # Needed to create a release |
| 28 | + id-token: write # Needed to attest build provenance |
| 29 | + attestations: write # Needed to attest build provenance |
28 | 30 |
|
29 | 31 | steps: |
30 | 32 | - name: "Checkout sources" |
|
50 | 52 | subject-path: "${{ steps.build.outputs.ZIP_FOLDER }}/*.zip" |
51 | 53 | show-summary: false |
52 | 54 | - name: "ZIP info" |
| 55 | + id: "info" |
53 | 56 | run: | |
54 | 57 | # Retrieve informations... |
55 | 58 | ZIP_FOLDER='${{ steps.build.outputs.ZIP_FOLDER }}' |
|
73 | 76 | printf '%s\n' "::notice::MD5: ${ZIP_MD5:-Missing}" |
74 | 77 | printf '%s\n' "::notice::Attestation: ${ZIP_ATTESTATION:-Missing}" |
75 | 78 | : "${ZIP_FOLDER:?}" || exit "${?}" |
| 79 | + # Preparing attestation file... |
| 80 | + old_attest_file='${{ steps.attest.outputs.bundle-path }}' |
| 81 | + if test -n "${old_attest_file?}"; then |
| 82 | + new_attest_file="./.tmp/release-$(basename -- "${old_attest_file:?}")" || exit "${?}" |
| 83 | + mkdir -p -- './.tmp' || exit "${?}" |
| 84 | + cp -f -T -- "${old_attest_file:?}" "${new_attest_file:?}" || exit "${?}" |
| 85 | + printf 'ZIP_ATTESTATION_FILE=%s\n' "${new_attest_file:?}" 1>> "${GITHUB_OUTPUT?}" |
| 86 | + fi |
76 | 87 | - name: "Create release" |
77 | 88 | uses: softprops/action-gh-release@v2 |
78 | 89 | if: "${{ github.run_attempt == '1' && steps.build.outputs.ZIP_IS_ALPHA == 'false' && steps.build.outputs.ZIP_BUILD_TYPE_SUPPORTED == 'true' }}" |
|
85 | 96 | generate_release_notes: true |
86 | 97 | draft: false |
87 | 98 | overwrite_files: false |
88 | | - preserve_order: true |
89 | 99 | files: | |
90 | 100 | ${{ steps.build.outputs.ZIP_FOLDER }}/*.zip* |
91 | | - ${{ steps.attest.outputs.bundle-path }} |
| 101 | + ${{ steps.info.outputs.ZIP_ATTESTATION_FILE }} |
92 | 102 | fail_on_unmatched_files: true |
0 commit comments