Fix missing Linux ARM64 attestations. (#222) #43
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - v[0-9]+.[0-9]+.[0-9]+ | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: The tag to manually run a deploy for. | |
| required: true | |
| jobs: | |
| org-check: | |
| name: Check GitHub Organization | |
| if: ${{ github.repository_owner == 'a-scie' }} | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Noop | |
| run: "true" | |
| determine-tag: | |
| name: Determine the release tag to operate against. | |
| needs: org-check | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| release-tag: ${{ steps.determine-tag.outputs.release-tag }} | |
| release-version: ${{ steps.determine-tag.outputs.release-version }} | |
| steps: | |
| - name: Determine Tag | |
| id: determine-tag | |
| run: | | |
| if [[ -n "${{ github.event.inputs.tag }}" ]]; then | |
| RELEASE_TAG=${{ github.event.inputs.tag }} | |
| else | |
| RELEASE_TAG=${GITHUB_REF#refs/tags/} | |
| fi | |
| if [[ "${RELEASE_TAG}" =~ ^v[0-9]+.[0-9]+.[0-9]+$ ]]; then | |
| echo "release-tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT | |
| echo "release-version=${RELEASE_TAG#v}" >> $GITHUB_OUTPUT | |
| else | |
| echo "::error::Release tag '${RELEASE_TAG}' must match 'v\d+.\d+.\d+'." | |
| exit 1 | |
| fi | |
| github-release: | |
| name: (${{ matrix.os }}) Create Github Release | |
| needs: determine-tag | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| # N.B.: macos-12 is the oldest non-deprecated Intel Mac runner and macos-14 is the oldest | |
| # non-deprecated ARM Mac runner. | |
| os: [ ubuntu-22.04, linux-arm64, macos-12, macos-14, windows-2022 ] | |
| environment: Release | |
| permissions: | |
| id-token: write | |
| attestations: write | |
| contents: write | |
| discussions: write | |
| steps: | |
| - name: Checkout scie-jump ${{ needs.determine-tag.outputs.release-tag }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ needs.determine-tag.outputs.release-tag }} | |
| - name: Package scie-jump ${{ needs.determine-tag.outputs.release-tag }} binary | |
| if: ${{ matrix.os != 'ubuntu-22.04' && matrix.os != 'linux-arm64' }} | |
| run: cargo run -p package -- dist | |
| - name: Package scie-jump ${{ needs.determine-tag.outputs.release-tag }} binary | |
| if: ${{ matrix.os == 'ubuntu-22.04' || matrix.os == 'linux-arm64' }} | |
| run: | | |
| docker run --rm \ | |
| -v $PWD:/code \ | |
| -w /code \ | |
| rust:1.79.0-alpine3.20 \ | |
| sh -c " | |
| apk add musl-dev && | |
| addgroup -g $(id -g) build && | |
| adduser -u $(id -u) -G build -D -H build && | |
| su build -c 'cargo run -p package -- dist' | |
| " | |
| - name: Generate scie-jump ${{ needs.determine-tag.outputs.release-tag }} artifact attestations | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-path: dist/scie-jump* | |
| - name: Prepare Changelog | |
| id: prepare-changelog | |
| uses: a-scie/actions/[email protected] | |
| with: | |
| changelog-file: ${{ github.workspace }}/CHANGES.md | |
| version: ${{ needs.determine-tag.outputs.release-version }} | |
| setup-python: ${{ matrix.os != 'linux-arm64' }} | |
| - name: Create ${{ needs.determine-tag.outputs.release-tag }} Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ needs.determine-tag.outputs.release-tag }} | |
| name: scie-jump ${{ needs.determine-tag.outputs.release-version }} | |
| body_path: ${{ steps.prepare-changelog.outputs.changelog-file }} | |
| draft: false | |
| prerelease: false | |
| files: dist/scie-jump* | |
| fail_on_unmatched_files: true | |
| discussion_category_name: Announcements |