fix flakey tests (#35) #27
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| tags: | |
| - "*" | |
| permissions: {} | |
| jobs: | |
| release: | |
| if: github.repository == 'github/gh-combine' | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-latest | |
| outputs: | |
| artifact-id: ${{ steps.upload-artifact.outputs.artifact-id }} | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: setup go | |
| uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # pin@v5 | |
| with: | |
| go-version-file: "go.mod" | |
| cache: false | |
| - name: goreleaser | |
| uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # pin@v6 | |
| with: | |
| args: release --clean | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: upload artifact | |
| uses: actions/upload-artifact@4.6.2 | |
| id: upload-artifact | |
| with: | |
| path: dist/ | |
| sign: | |
| needs: release | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| attestations: write | |
| contents: read | |
| steps: | |
| - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 | |
| with: | |
| artifact-ids: ${{ needs.release.outputs.artifact-id }} | |
| - name: attest build provenance | |
| uses: actions/attest-build-provenance@v2.3.0 | |
| with: | |
| subject-path: "." | |
| verify: | |
| permissions: {} | |
| runs-on: ubuntu-latest | |
| needs: [release, sign] | |
| steps: | |
| - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 | |
| with: | |
| artifact-ids: ${{ needs.release.outputs.artifact-id }} | |
| - name: verify | |
| env: | |
| OWNER: ${{ github.repository_owner }} | |
| REPO: ${{ github.event.repository.name }} | |
| ARTIFACT_PATH: "." | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| echo "Scanning for files in $ARTIFACT_PATH" | |
| # Find all regular files in the artifact path recursively | |
| find "$ARTIFACT_PATH" -type f | while read -r file; do | |
| echo "Verifying file: $file" | |
| # Log the command that will be executed | |
| echo "Executing command: gh attestation verify \"$file\" --repo ${OWNER}/${REPO} --signer-workflow ${OWNER}/${REPO}/.github/workflows/release.yml" | |
| # Run the command | |
| gh attestation verify "$file" --repo ${OWNER}/${REPO} --signer-workflow ${OWNER}/${REPO}/.github/workflows/release.yml | |
| done |