mirror of
https://github.com/slsa-framework/slsa-verifier.git
synced 2026-05-09 01:56:52 +00:00
59 lines
1.6 KiB
YAML
59 lines
1.6 KiB
YAML
name: Verifier releaser
|
|
|
|
on:
|
|
# For manual tests.
|
|
workflow_dispatch:
|
|
push:
|
|
tags:
|
|
- "*" # triggers only if push new tag version, like `0.8.4`.
|
|
# Run daily as a dry-run/test.
|
|
schedule:
|
|
- cron: '0 1 * * *'
|
|
|
|
permissions: read-all
|
|
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
ISSUE_REPOSITORY: slsa-framework/slsa-verifier
|
|
|
|
jobs:
|
|
# Generate ldflags dynamically.
|
|
args:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
version: ${{ steps.ldflags.outputs.version }}
|
|
steps:
|
|
- id: checkout
|
|
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
|
|
with:
|
|
fetch-depth: 0
|
|
- id: ldflags
|
|
run: |
|
|
echo "::set-output name=version::$(git describe --tags --always --dirty | cut -c2-)"
|
|
|
|
builder:
|
|
permissions:
|
|
actions: read # For the detection of GitHub Actions environment.
|
|
id-token: write # For signing.
|
|
contents: write # For asset uploads.
|
|
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.2.1
|
|
with:
|
|
go-version: 1.18
|
|
config-file: .github/config-release.yml
|
|
compile-builder: true
|
|
evaluated-envs: "VERSION:${{needs.args.outputs.version}}"
|
|
|
|
# In case this fails, e.g. build configuration changes, file an issue in slsa-verifier
|
|
if-failed:
|
|
runs-on: ubuntu-latest
|
|
needs: [builder]
|
|
if: always() && needs.builder.result == 'failure'
|
|
steps:
|
|
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
|
|
with:
|
|
repository: slsa-framework/example-package
|
|
- run: |
|
|
set -euo pipefail
|
|
|
|
./.github/workflows/scripts/e2e-report-failure.sh
|