mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-04 04:41:35 +00:00
actions: GH Attestation for GAM executables and packages
https://github.blog/changelog/2024-05-02-artifact-attestations-public-beta/ attest that GAM was built on GitHub actions to help end users validate they're running a legit GAM binary.
This commit is contained in:
19
.github/workflows/build.yml
vendored
19
.github/workflows/build.yml
vendored
@@ -9,6 +9,7 @@ on:
|
|||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
id-token: write
|
id-token: write
|
||||||
|
attestations: write
|
||||||
|
|
||||||
defaults:
|
defaults:
|
||||||
run:
|
run:
|
||||||
@@ -546,6 +547,9 @@ jobs:
|
|||||||
export gam="${gampath}/gam"
|
export gam="${gampath}/gam"
|
||||||
echo "gampath=${gampath}" >> $GITHUB_ENV
|
echo "gampath=${gampath}" >> $GITHUB_ENV
|
||||||
echo "gam=${gam}" >> $GITHUB_ENV
|
echo "gam=${gam}" >> $GITHUB_ENV
|
||||||
|
if [[ "${RUNNER_OS}" == "Windows" ]]; then
|
||||||
|
gam=$(cygpath -w "$gam")
|
||||||
|
fi
|
||||||
echo -e "GAM: ${gam}\nGAMPATH: ${gampath}"
|
echo -e "GAM: ${gam}\nGAMPATH: ${gampath}"
|
||||||
# TEMP force everything back to one file.
|
# TEMP force everything back to one file.
|
||||||
export PYINSTALLER_BUILD_ONEFILE="yes"
|
export PYINSTALLER_BUILD_ONEFILE="yes"
|
||||||
@@ -596,6 +600,12 @@ jobs:
|
|||||||
echo "GAM Version ${GAMVERSION}"
|
echo "GAM Version ${GAMVERSION}"
|
||||||
echo "GAMVERSION=${GAMVERSION}" >> $GITHUB_ENV
|
echo "GAMVERSION=${GAMVERSION}" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
- name: Attest Binary Provenance
|
||||||
|
uses: actions/attest-build-provenance@v1
|
||||||
|
if: matrix.goal == 'build'
|
||||||
|
with:
|
||||||
|
subject-path: ${{ env.gam }}
|
||||||
|
|
||||||
- name: Linux/MacOS package
|
- name: Linux/MacOS package
|
||||||
if: runner.os != 'Windows' && matrix.goal == 'build'
|
if: runner.os != 'Windows' && matrix.goal == 'build'
|
||||||
run: |
|
run: |
|
||||||
@@ -852,6 +862,15 @@ jobs:
|
|||||||
fi
|
fi
|
||||||
tar cJvvf cache.tar.xz $tar_folders
|
tar cJvvf cache.tar.xz $tar_folders
|
||||||
|
|
||||||
|
- name: Attest Build Archive Provenance
|
||||||
|
uses: actions/attest-build-provenance@v1
|
||||||
|
if: (github.event_name == 'push' || github.event_name == 'schedule') && matrix.goal == 'build'
|
||||||
|
with:
|
||||||
|
subject-path: |
|
||||||
|
gam*.tar.xz
|
||||||
|
gam*.zip
|
||||||
|
gam*.msi
|
||||||
|
|
||||||
- name: Archive production artifacts
|
- name: Archive production artifacts
|
||||||
uses: actions/upload-artifact@v4
|
uses: actions/upload-artifact@v4
|
||||||
if: (github.event_name == 'push' || github.event_name == 'schedule') && matrix.goal != 'test'
|
if: (github.event_name == 'push' || github.event_name == 'schedule') && matrix.goal != 'test'
|
||||||
|
|||||||
Reference in New Issue
Block a user