Attest build provenance in release workflow (#109)

* Attest build provenance in release workflow

Also fix release workflow formatting

* Fix workflow permissions

* Revert formatting and remove extraneous content permissions
This commit is contained in:
GameFuzzy 2024-08-09 07:43:47 +02:00 committed by GitHub
parent e864f62aef
commit 2a2ed62898
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -17,6 +17,9 @@ jobs:
- target: Release_English_winxp
- target: Release_Chinese_winxp
- target: Release_Russian_winxp
permissions:
id-token: write
attestations: write
steps:
- name: Checkout code
uses: actions/checkout@v4
@ -36,6 +39,10 @@ jobs:
- name: Pack
run: python build.py pack
- name: Generate attestation for artifact
uses: actions/attest-build-provenance@v1
with:
subject-path: builds/${{ matrix.target }}.zip
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
@ -60,6 +67,9 @@ jobs:
- cmd: plg64
qtarch: win64_msvc2019_64
target: plugin64
permissions:
id-token: write
attestations: write
steps:
- name: Checkout code
uses: actions/checkout@v4
@ -82,6 +92,11 @@ jobs:
- name: Pack
run: python build.py pack
- name: Generate attestation for artifact
uses: actions/attest-build-provenance@v1
with:
subject-path: builds/${{ matrix.target }}.zip
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
@ -102,6 +117,9 @@ jobs:
- target: Release_English
- target: Release_Chinese
- target: Release_Russian
permissions:
id-token: write
attestations: write
steps:
- name: Checkout code
uses: actions/checkout@v4
@ -120,6 +138,10 @@ jobs:
- name: Pack
run: python build.py pack
- name: Generate attestation for artifact
uses: actions/attest-build-provenance@v1
with:
subject-path: builds/${{ matrix.target }}.zip
- name: Upload artifact
uses: actions/upload-artifact@v4
with: