mirror of
				https://github.com/maxgoedjen/secretive.git
				synced 2025-10-26 13:00:58 +00:00 
			
		
		
		
	Release and attestation tweaks (#616)
* Abs path * Write. * Pass attestation. * Attest nightly
This commit is contained in:
		
							parent
							
								
									8adb4423ac
								
							
						
					
					
						commit
						d36537b919
					
				
							
								
								
									
										2
									
								
								.github/templates/release.md
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.github/templates/release.md
									
									
									
									
										vendored
									
									
								
							| @ -13,4 +13,4 @@ Update description | ||||
| https://github.com/maxgoedjen/secretive/actions/runs/RUN_ID | ||||
| 
 | ||||
| ## Attestation | ||||
| https://github.com/maxgoedjen/secretive/actions/runs/RUN_ID | ||||
| https://github.com/maxgoedjen/secretive/attestations/ATTESTATION_ID | ||||
|  | ||||
							
								
								
									
										13
									
								
								.github/workflows/nightly.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										13
									
								
								.github/workflows/nightly.yml
									
									
									
									
										vendored
									
									
								
							| @ -39,14 +39,11 @@ jobs: | ||||
|         APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | ||||
|         APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | ||||
|       run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip | ||||
|     - name: Document SHAs | ||||
|       run: | | ||||
|             echo "sha-512:" | ||||
|             shasum -a 512 Secretive.zip | ||||
|             shasum -a 512 Archive.zip | ||||
|             echo "sha-256:" | ||||
|             shasum -a 256 Secretive.zip | ||||
|             shasum -a 256 Archive.zip | ||||
|     - name: Attest | ||||
|       id: attest | ||||
|       uses: actions/attest-build-provenance@v2 | ||||
|       with: | ||||
|         subject-path: 'Secretive.zip' | ||||
|     - name: Upload App to Artifacts | ||||
|       uses: actions/upload-artifact@v4 | ||||
|       with: | ||||
|  | ||||
							
								
								
									
										11
									
								
								.github/workflows/release.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										11
									
								
								.github/workflows/release.yml
									
									
									
									
										vendored
									
									
								
							| @ -29,7 +29,7 @@ jobs: | ||||
|     runs-on: macos-15 | ||||
|     permissions: | ||||
|       id-token: write | ||||
|       contents: read | ||||
|       contents: write | ||||
|       attestations: write | ||||
|     timeout-minutes: 10 | ||||
|     steps: | ||||
| @ -65,18 +65,23 @@ jobs: | ||||
|         APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | ||||
|         APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | ||||
|       run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip | ||||
|     - name: Attest  | ||||
|     - name: Attest | ||||
|       id: attest | ||||
|       uses: actions/attest-build-provenance@v2 | ||||
|       with: | ||||
|         subject-path: 'Secretive.zip, Xcode_Archive.zip' | ||||
|     - name: Create Release | ||||
|       run: | | ||||
|             gh release create $TAG_NAME -d -F templates/release.md | ||||
|             sed -i.tmp "s/RUN_ID/$RUN_ID/g" .github/templates/release.md | ||||
|             sed -i.tmp "s/ATTESTATION_ID/$ATTESTATION_ID/g" .github/templates/release.md | ||||
|             gh release create $TAG_NAME -d -F .github/templates/release.md | ||||
|             gh release upload Secretive.zip | ||||
|             gh release upload Xcode_Archive.zip | ||||
|       env: | ||||
|         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||||
|         TAG_NAME: ${{ github.ref }} | ||||
|         RUN_ID: ${{ github.run_id }} | ||||
|         ATTESTATION_ID: ${{ steps.attest.outputs.attestation-id }} | ||||
|     - name: Upload App to Artifacts | ||||
|       uses: actions/upload-artifact@v4 | ||||
|       with: | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user