Fix missing Linux ARM64 attestations. (#196) #26
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - v[0-9]+.[0-9]+.[0-9]+ | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: The tag to manually run a deploy for. | |
| required: true | |
| jobs: | |
| org-check: | |
| name: Check GitHub Organization | |
| if: ${{ github.repository_owner == 'a-scie' }} | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Noop | |
| run: "true" | |
| determine-tag: | |
| name: Determine the release tag to operate against. | |
| needs: org-check | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| release-tag: ${{ steps.determine-tag.outputs.release-tag }} | |
| release-version: ${{ steps.determine-tag.outputs.release-version }} | |
| steps: | |
| - name: Determine Tag | |
| id: determine-tag | |
| run: | | |
| if [[ -n "${{ github.event.inputs.tag }}" ]]; then | |
| RELEASE_TAG=${{ github.event.inputs.tag }} | |
| else | |
| RELEASE_TAG=${GITHUB_REF#refs/tags/} | |
| fi | |
| if [[ "${RELEASE_TAG}" =~ ^v[0-9]+.[0-9]+.[0-9]+$ ]]; then | |
| echo "release-tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT | |
| echo "release-version=${RELEASE_TAG#v}" >> $GITHUB_OUTPUT | |
| else | |
| echo "::error::Release tag '${RELEASE_TAG}' must match 'v\d+.\d+.\d+'." | |
| exit 1 | |
| fi | |
| github-release: | |
| name: (${{ matrix.os }}) Create Github Release | |
| needs: determine-tag | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| # N.B.: macos-12 is the oldest non-deprecated Intel Mac runner and macos-14 is the oldest | |
| # non-deprecated ARM Mac runner. | |
| os: [ ubuntu-22.04, linux-arm64, macos-12, macos-14, windows-2022 ] | |
| environment: Release | |
| permissions: | |
| id-token: write | |
| attestations: write | |
| contents: write | |
| discussions: write | |
| steps: | |
| - name: Checkout ptex ${{ needs.determine-tag.outputs.release-tag }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ needs.determine-tag.outputs.release-tag }} | |
| - name: Package ptex ${{ needs.determine-tag.outputs.release-tag }} binary | |
| if: ${{ matrix.os != 'ubuntu-22.04' && matrix.os != 'linux-arm64' }} | |
| run: cargo run -p package | |
| - name: Package ptex ${{ needs.determine-tag.outputs.release-tag }} binary | |
| if: ${{ matrix.os == 'ubuntu-22.04' || matrix.os == 'linux-arm64' }} | |
| run: | | |
| docker run --rm \ | |
| -v $PWD:/code \ | |
| -w /code \ | |
| rust:1.79.0-alpine3.20 \ | |
| sh -c " | |
| apk add cmake make musl-dev perl && | |
| addgroup -g $(id -g) build && | |
| adduser -u $(id -u) -G build -D -H build && | |
| su build -c 'cargo run -p package -- dist' | |
| " | |
| - name: Generate ptex ${{ needs.determine-tag.outputs.release-tag }} artifact attestations | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-path: dist/ptex* | |
| - name: Prepare Changelog | |
| id: prepare-changelog | |
| uses: a-scie/actions/[email protected] | |
| with: | |
| changelog-file: ${{ github.workspace }}/CHANGES.md | |
| version: ${{ needs.determine-tag.outputs.release-version }} | |
| setup-python: ${{ matrix.os != 'linux-arm64' }} | |
| - name: Create ${{ needs.determine-tag.outputs.release-tag }} Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ needs.determine-tag.outputs.release-tag }} | |
| name: ptex ${{ needs.determine-tag.outputs.release-version }} | |
| body_path: ${{ steps.prepare-changelog.outputs.changelog-file }} | |
| draft: false | |
| prerelease: false | |
| files: dist/ptex* | |
| fail_on_unmatched_files: true | |
| discussion_category_name: Announcements |