-
Notifications
You must be signed in to change notification settings - Fork 0
114 lines (105 loc) · 3.39 KB
/
build-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
name: Tag and Build Release
on:
workflow_dispatch:
inputs:
release_version:
description: new release version
required: true
default: (for example, 0.1.0)
jobs:
checks:
runs-on: ubuntu-latest
steps:
- name: Check inputs
run: |
if [[ ! "${{ github.event.inputs.release_version }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo 'version "${{ github.event.inputs.release_version }}" not in ###.###.### format'
exit 1
fi
#ci:
#uses: ./.github/workflows/ci.yaml
create-tag:
#needs: [checks, ci]
needs: [checks]
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: tag
uses: actions/github-script@v5
with:
script: |
github.rest.git.createRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: "refs/tags/v${{ github.event.inputs.release_version }}",
sha: context.sha
})
build:
runs-on: ubuntu-latest
needs: [create-tag]
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
steps:
- name: checkout tag
uses: actions/checkout@v3
with:
ref: "refs/tags/v${{ github.event.inputs.release_version }}"
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
java-version: 11
distribution: 'temurin'
- name: Build project
run: |
# this is a special gradle task for building release bundles see build.gradle.kts
# override the version in gradle.properties
./gradlew clean createReleaseBundle -Pversion=${{ github.event.inputs.release_version }}
- name: Hash Artifacts
id: hash
run: |
cd build/release
echo "::set-output name=hashes::$(sha256sum ./* | base64 -w0)"
sha256sum ./*
- name: Upload build artifacts
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
with:
name: project-release-artifacts
path: ./build/release/
if-no-files-found: error
provenance:
needs: [build]
permissions:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.0
with:
base64-subjects: "${{ needs.build.outputs.hashes }}"
create-release:
runs-on: ubuntu-latest
needs: [provenance, build]
permissions:
contents: write
steps:
- name: Download attestation
uses: actions/download-artifact@v3
with:
name: "${{ needs.provenance.outputs.attestation-name }}"
path: ./release/
- name: Download gradle release artifacts
uses: actions/download-artifact@v3
with:
name: project-release-artifacts
path: ./release/
- name: ls
run: |
pwd
find .
- name: Create draft release
uses: softprops/action-gh-release@v1
with:
tag_name: v${{ github.event.inputs.release_version }}
body: See [CHANGELOG.md](https://github.com/$GITHUB_REPOSITORY/CHANGELOG.md) for more details.
files: ./release/*
draft: true