.

2025-10-12 06:00:56 +00:00 · 2025-09-27 17:56:27 -07:00 · 2025-09-27 17:56:27 -07:00 · 2c659493e9
commit 2c659493e9
parent 7f28e7fe79
2 changed files with 11 additions and 9 deletions
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@ -53,8 +53,6 @@ jobs:
      run: |
            curl -L -H "Authorization: Bearer $GITHUB_TOKEN" -L \
            https://api.github.com/repos/maxgoedjen/secretive/actions/artifacts/$ZIP_ID/zip > Secretive.zip
-    - name: SHA Zipped Artifact
-      run: shasum -a 256 Secretive.zip
    - name: Notarize
      env: 
        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -32,6 +32,7 @@ jobs:
      id-token: write
      contents: write
      attestations: write
+      actions: read
    runs-on: macos-26
    timeout-minutes: 10
    steps:
@ -69,8 +70,11 @@ jobs:
    - name: Download Zipped Artifact
      id: download
      env: 
-        ZIP_URL: ${{ steps.upload.outputs.artifact-url }}
-      run: curl -L $ZIP_URL > Secretive.zip
+        ZIP_ID: ${{ steps.upload.outputs.artifact-id }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+            curl -L -H "Authorization: Bearer $GITHUB_TOKEN" -L \
+            https://api.github.com/repos/maxgoedjen/secretive/actions/artifacts/$ZIP_ID/zip > Secretive.zip
    - name: Notarize
      env: 
        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
@ -83,13 +87,13 @@ jobs:
        subject-name: "Secretive.zip"
        subject-digest: sha256:${{ steps.upload.outputs.artifact-digest }}
    - name: Create Release
-      run: |
-            sed -i.tmp "s/RUN_ID/$RUN_ID/g" .github/templates/release.md
-            sed -i.tmp "s/ATTESTATION_ID/$ATTESTATION_ID/g" .github/templates/release.md
-            gh release create $TAG_NAME -d -F .github/templates/release.md
-            gh release upload $TAG_NAME Secretive.zip
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        TAG_NAME: ${{ github.ref }}
        RUN_ID: ${{ github.run_id }}
        ATTESTATION_ID: ${{ steps.attest.outputs.attestation-id }}
+      run: |
+            sed -i.tmp "s/RUN_ID/$RUN_ID/g" .github/templates/release.md
+            sed -i.tmp "s/ATTESTATION_ID/$ATTESTATION_ID/g" .github/templates/release.md
+            gh release create $TAG_NAME -d -F .github/templates/release.md
+            gh release upload $TAG_NAME Secretive.zip