From 6e3642f1639c94ceaefa2039268e54ed346d71fd Mon Sep 17 00:00:00 2001 From: tsteven4 <13596209+tsteven4@users.noreply.github.com> Date: Sun, 10 Nov 2024 14:33:59 -0700 Subject: [PATCH] Attestation (#1376) * try attestation on windows continuous releases. * add attestation for macos, linux continuous releases. --- .github/workflows/macos.yml | 11 ++++++++++- .github/workflows/ubuntu.yml | 10 ++++++++++ .github/workflows/windows.yml | 10 ++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 998c82702..5954a2845 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -13,6 +13,10 @@ on: jobs: macos: name: macOS Build + permissions: + id-token: write + contents: read + attestations: write runs-on: ${{ matrix.os }} strategy: fail-fast: false @@ -94,6 +98,12 @@ jobs: sudo xcode-select --switch /Applications/Xcode_${{ matrix.XCODE_VERSION }}.app ./tools/ci_script_osx.sh . ${{ matrix.QT_VERSION }} ${{ matrix.GENERATOR }} + - name: Generate artifact attestation + if: ( github.event_name == 'push' ) && ( github.ref == 'refs/heads/master' ) && matrix.RELEASE + uses: actions/attest-build-provenance@v1 + with: + subject-path: 'gui/GPSBabel-*.dmg' + - name: Deploy # This only handles continous releases now, for other events artifacts may be saved in # the 'Upload Artifacts' step. @@ -102,7 +112,6 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} RELEASE_NAME: Continuous-${{ runner.os }} run: | - echo GITHUB_REF: $GITHUB_REF ./tools/uploadtool/upload_github.sh gui/GPSBabel-*.dmg - name: 'Upload Artifacts' diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml index 6f28d773e..973a12cfd 100644 --- a/.github/workflows/ubuntu.yml +++ b/.github/workflows/ubuntu.yml @@ -86,6 +86,10 @@ jobs: snap: name: snap Build + permissions: + id-token: write + contents: read + attestations: write runs-on: ubuntu-latest outputs: snap-file: ${{ steps.build-snap.outputs.snap }} @@ -106,6 +110,12 @@ jobs: /snap/bin/gpsbabel -D3 || true ./testo -p /snap/bin/gpsbabel + - name: Generate artifact attestation + if: ( github.event_name == 'push' ) && ( github.ref == 'refs/heads/master' ) + uses: actions/attest-build-provenance@v1 + with: + subject-path: ${{ steps.build-snap.outputs.snap }} + - name: Deploy # This only handles continous releases now, for other events artifacts may be saved in # the 'Upload Artifacts' step. diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 6b9d5d932..bac4c141e 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -14,6 +14,10 @@ jobs: windows: name: windows Build + permissions: + id-token: write + contents: read + attestations: write runs-on: ${{ matrix.os }} strategy: fail-fast: false @@ -98,6 +102,12 @@ jobs: PNAME=./bld/gui/package/gpsbabel.exe GBTEMP=./gbtemp ./testo 2>&1 PNAME=./bld/gui/package/gpsbabel.exe GBTEMP=./gbtemp ./test_encoding_utf8 2>&1 + - name: Generate artifact attestation + if: ( github.event_name == 'push' ) && ( github.ref == 'refs/heads/master' ) && matrix.RELEASE + uses: actions/attest-build-provenance@v1 + with: + subject-path: 'bld/gui/GPSBabel-*-Setup.exe' + - name: Deploy # This only handles continous releases now, for other events artifacts may be saved in # the 'Upload Artifacts' step.