Skip to content

add addestations to release builds #41

add addestations to release builds

add addestations to release builds #41

Workflow file for this run

name: build-release
on:
push:
branches: [ "main" ]
env:
CARGO_TERM_COLOR: always
# for attestations
permissions:
id-token: write
attestations: write
contents: read
jobs:
build:
strategy:
matrix:
os: [ubuntu, macos, windows]
runs-on: ${{ matrix.os }}-latest
steps:
- name: setup
shell: bash
run: |
if [[ "$RUNNER_OS" == Windows ]]; then
build_file_name=mdq.exe
else
build_file_name=mdq
fi
echo "BUILD_FILE_NAME=${build_file_name}" >> "$GITHUB_ENV"
env:
MATRIX_OS: ${{ matrix.os }}
- name: rustc version
run: rustc --version --verbose
- uses: actions/checkout@v4
- name: build
run: cargo build --release
- name: sha256sum
shell: bash
run: |
if [[ "$RUNNER_OS" == macOS ]]; then
function sha256sum() {
shasum -a 256 "$@"
}
fi
printf '::notice title=sha256sum %s (%s)::%s\n' "$BUILD_FILE_NAME" "$MATRIX_OS" "$(sha256sum "target/release/${BUILD_FILE_NAME}" | cut -f1 -d' ')"
env:
MATRIX_OS: ${{ matrix.os }}
- name: Attest Build Provenance
uses: actions/attest-build-provenance@v1
with:
subject-path: "target/release/${{ env.BUILD_FILE_NAME }}"
- name: mac installer
if: ${{ runner.os == 'macOS' }}
run: |
tmp_file="$(mktemp)"
cp scripts/installer.sh "$tmp_file"
base64 -b 72 -i target/release/mdq | sed 's/^/# /' >> "$tmp_file"
mv "$tmp_file" target/release/mdq-installer.sh
export BUILD_FILE_NAME=mdq-installer.sh
echo BUILD_FILE_NAME=mdq-installer.sh >> "$GITHUB_ENV"
printf '::notice title=sha256sum %s (%s)::%s\n' "$BUILD_FILE_NAME" "$MATRIX_OS" "$(shasum -a 256 "target/release/${BUILD_FILE_NAME}" | cut -f1 -d' ')"
env:
MATRIX_OS: ${{ matrix.os }}
- name: Attest Build Provenance (mac installer)
if: ${{ runner.os == 'macOS' }}
uses: actions/attest-build-provenance@v1
with:
subject-path: "target/release/${{ env.BUILD_FILE_NAME }}"
- name: upload
uses: actions/upload-artifact@v4
with:
if-no-files-found: error
name: mdq-${{ matrix.os }}
path: target/release/${{ env.BUILD_FILE_NAME }}