From 58ee7a09a5ccd33bd581c3c7e7a719e2b369229a Mon Sep 17 00:00:00 2001 From: vickunwu <31735039+vickunwu@users.noreply.github.com> Date: Thu, 16 Jan 2025 14:23:39 +0800 Subject: [PATCH] Add attestation for binary zip --- .github/workflows/ci.yml | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f33642873..d9f206199 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -80,9 +80,6 @@ jobs: - name: Log In to DockerHub uses: docker/login-action@v3 - env: - dockerhub: ${{secrets.DOCKERHUB_USERNAME}}${{secrets.DOCKERHUB_TOKEN}} - if: ${{ env.dockerhub != '' }} with: username: ${{secrets.DOCKERHUB_USERNAME}} password: ${{secrets.DOCKERHUB_TOKEN}} @@ -128,7 +125,7 @@ jobs: skip-extraction: ${{ steps.cargo-cache.outputs.cache-hit }} && ${{ steps.apt-cache.outputs.cache-hit }} - name: Build Artifact - uses: docker/bake-action@v5 + uses: docker/bake-action@v6 env: TARGET: ${{matrix.target}} DOCKER_BUILD_RECORD_UPLOAD: false @@ -136,6 +133,7 @@ jobs: BUILD_ENV: ${{matrix.build_env}} ZIG_VERSION: ${{ steps.zig-version.outputs.zig_version }} with: + source: . files: | ./docker-bake.hcl ${{ steps.meta.outputs.bake-file }} @@ -226,6 +224,10 @@ jobs: release: name: Release + permissions: + id-token: write + contents: read + attestations: write if: github.event_name == 'push' || inputs.Release needs: [linux, windows, macos] runs-on: ubuntu-latest @@ -260,6 +262,13 @@ jobs: compress_files "$dir_name" done + - name: Attest + uses: actions/attest-build-provenance@v2 + with: + subject-path: | + ./archive/**/*.tar.gz + ./archive/**/*.zip + - name: Release uses: softprops/action-gh-release@v2 with: