Update common files (#316)

micronaut-projects · May 22, 2023 · 35573d1 · 35573d1
1 parent a726015
commit 35573d1
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 164 deletions.
diff --git a/.github/workflows/files-sync.yml b/.github/workflows/files-sync.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -57,14 +57,14 @@ jobs:
       - name: Generate subject
         id: hash
         run: |
-          # Find the relevant published artifacts in the local repository.
-          ARTIFACTS=$(find  build/repo/${{ steps.publish.outputs.group }}/*/${{ steps.publish.outputs.version }}/* \
-              -regextype sed -regex '\(.*\.jar\|.*\.pom\|.*\.module\|.*\.toml\)')
+          # Find the artifact JAR and POM files in the local repository.
+          ARTIFACTS=$(find build/repo/${{ steps.publish.outputs.group }}/*/${{ steps.publish.outputs.version }}/* \
+              -type f \( \( -iname "*.jar" -not -iname "*-javadoc.jar" -not -iname "*-sources.jar" \) -or -iname "*.pom" \))
           # Compute the hashes for the artifacts.
           # Set the hash as job output for debugging.
           echo "artifacts-sha256=$(sha256sum $ARTIFACTS | base64 -w0)" >> "$GITHUB_OUTPUT"
           # Store the hash in a file, which is uploaded as a workflow artifact.
-          echo $(sha256sum $ARTIFACTS | base64 -w0) > artifacts-sha256
+          sha256sum $ARTIFACTS | base64 -w0 > artifacts-sha256
       - name: Upload build artifacts
         uses: actions/upload-artifact@v3
         with:
@@ -149,14 +149,14 @@ jobs:
       actions: read # To read the workflow path.
       id-token: write # To sign the provenance.
       contents: write # To add assets to a release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.5.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0
     with:
       base64-subjects: "${{ needs.provenance-subject.outputs.artifacts-sha256 }}"
       upload-assets: true # Upload to a new release.
       compile-generator: true # Build the generator from source.
 
   github_release:
-    needs: [release]
+    needs: [release, provenance]
     runs-on: ubuntu-latest
     if: startsWith(github.ref, 'refs/tags/')
     steps:
@@ -169,7 +169,9 @@ jobs:
           path: build/repo
       - name: Create artifacts archive
         shell: bash
-        run: find build/repo -regextype sed -regex '\(.*\.jar\|.*\.pom\|.*\.module\|.*\.toml\)' | xargs zip artifacts.zip
+        run: |
+          find build/repo -type f \( \( -iname "*.jar" -not -iname "*-javadoc.jar" -not \
+              -iname "*-sources.jar" \) -or -iname "*.pom" \) | xargs zip artifacts.zip
       - name: Upload assets
         # Upload the artifacts to the existing release. Note that the SLSA provenance will
         # attest to each artifact file and not the aggregated ZIP file.