Merge pull request #5 from atsign-foundation/cpswan-tarball-workflow #1

Workflow file for this run

.github/workflows/tarball.yaml at 0d6ecc4

	name: UUID4_tarball

	on:
	push:
	tags:
	- "v..*"

	permissions: # added using https://github.com/step-security/secure-repo
	contents: read

	jobs:
	source_tarball:
	name: Generate source tarball
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
	- name: Create tarball
	run: \|
	mkdir tarball
	tar -cvzf tarball/uuid4-${{ github.ref_name }}.tar.gz example/ \
	include/ src/ CHANGELOG.md CMakeLists.txt idf_component.yml \
	LICENSE README.md
	- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
	with:
	name: uuid4-src-${{github.ref_name}}-${{github.run_number}}-${{github.run_attempt}}
	path: ./tarball/uuid4-${{ github.ref_name }}.tar.gz

	github-release:
	name: >-
	Upload artifacts and generate checksums for provenance
	needs: [source_tarball]
	runs-on: ubuntu-latest
	outputs:
	hashes: ${{ steps.hash.outputs.hashes }}
	permissions:
	contents: write # IMPORTANT: mandatory for making GitHub Releases
	id-token: write # IMPORTANT: mandatory for sigstore
	attestations: write
	steps:
	- name: Download all the tarballs
	uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
	with:
	path: tarballs/
	- name: Move packages for signing
	run: \|
	cd tarballs
	mv /.tar.gz .
	rm -Rf -- */
	- name: Generate SHA256 checksums
	working-directory: tarballs
	run: sha256sum * > checksums.txt
	- name: Upload artifacts to GitHub Release
	env:
	GITHUB_TOKEN: ${{ github.token }}
	run: >-
	gh release upload '${{ github.ref_name }}' tarballs/** --repo '${{
	github.repository }}'
	- id: hash
	name: Pass artifact hashes for SLSA provenance
	working-directory: tarballs
	run: \|
	echo "hashes=$(cat checksums.txt \| base64 -w0)" >> "$GITHUB_OUTPUT"
	- uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
	with:
	subject-path: "tarballs/**"

	provenance:
	needs: [github-release]
	permissions:
	actions: read # Needed for detection of GitHub Actions environment.
	id-token: write # Needed for provenance signing and ID
	contents: write # Needed for release uploads
	uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 # 5a775b367a56d5bd118a224a811bba288150a563
	with:
	base64-subjects: "${{ needs.github-release.outputs.hashes }}"
	upload-assets: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #5 from atsign-foundation/cpswan-tarball-workflow #1

Workflow file

Merge pull request #5 from atsign-foundation/cpswan-tarball-workflow #1

Jobs

Run details

Workflow file for this run