external/secretive
1
0
Fork 0
mirror of https://github.com/maxgoedjen/secretive.git synced 2025-08-26 23:20:57 +00:00
Code Issues Projects Releases Wiki Activity

Release and attestation tweaks (#616)

Browse Source 
* Abs path

* Write.

* Pass attestation.

* Attest nightly
This commit is contained in:
Max Goedjen 2025-08-19 23:27:58 -07:00 committed by GitHub
parent 8adb4423ac
commit d36537b919
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/templates/release.md vendored
View File

@ -13,4 +13,4 @@ Update description
https://github.com/maxgoedjen/secretive/actions/runs/RUN_ID https://github.com/maxgoedjen/secretive/actions/runs/RUN_ID
## Attestation ## Attestation
https://github.com/maxgoedjen/secretive/actions/runs/RUN_ID https://github.com/maxgoedjen/secretive/attestations/ATTESTATION_ID

13
.github/workflows/nightly.yml vendored
View File

@ -39,14 +39,11 @@ jobs:
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip
- name: Document SHAs - name: Attest
run: | id: attest
echo "sha-512:" uses: actions/attest-build-provenance@v2
shasum -a 512 Secretive.zip with:
shasum -a 512 Archive.zip subject-path: 'Secretive.zip'
echo "sha-256:"
shasum -a 256 Secretive.zip
shasum -a 256 Archive.zip
- name: Upload App to Artifacts - name: Upload App to Artifacts
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with:

11
.github/workflows/release.yml vendored
View File

@ -29,7 +29,7 @@ jobs:
runs-on: macos-15 runs-on: macos-15
permissions: permissions:
id-token: write id-token: write
contents: read contents: write
attestations: write attestations: write
timeout-minutes: 10 timeout-minutes: 10
steps: steps:
@ -65,18 +65,23 @@ jobs:
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip
- name: Attest - name: Attest
id: attest
uses: actions/attest-build-provenance@v2 uses: actions/attest-build-provenance@v2
with: with:
subject-path: 'Secretive.zip, Xcode_Archive.zip' subject-path: 'Secretive.zip, Xcode_Archive.zip'
- name: Create Release - name: Create Release
run: | run: |
gh release create $TAG_NAME -d -F templates/release.md sed -i.tmp "s/RUN_ID/$RUN_ID/g" .github/templates/release.md
sed -i.tmp "s/ATTESTATION_ID/$ATTESTATION_ID/g" .github/templates/release.md
gh release create $TAG_NAME -d -F .github/templates/release.md
gh release upload Secretive.zip gh release upload Secretive.zip
gh release upload Xcode_Archive.zip gh release upload Xcode_Archive.zip
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG_NAME: ${{ github.ref }} TAG_NAME: ${{ github.ref }}
RUN_ID: ${{ github.run_id }}
ATTESTATION_ID: ${{ steps.attest.outputs.attestation-id }}
- name: Upload App to Artifacts - name: Upload App to Artifacts
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with: