ci: handle provenance for built artifacts

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax 2024-01-12 11:30:32 +01:00
parent f4a3149a2f
commit f09bf31f3e
No known key found for this signature in database
GPG key ID: ADE44D8C9D44FBE4

View file

@ -102,7 +102,6 @@ jobs:
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- -
name: Log in to GitHub Container registry name: Log in to GitHub Container registry
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
@ -111,16 +110,27 @@ jobs:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- -
name: Build artifacts name: Build artifacts
uses: docker/bake-action@v4 uses: docker/bake-action@v4
with: with:
targets: artifact-all targets: artifact-all
- -
name: Move artifacts name: Rename provenance
run: |
for pdir in ./bin/*/; do
(
cd "$pdir"
binname=$(find . -name '*.tar.gz')
filename=$(basename "${binname%.tar.gz}")
mv "provenance.json" "${filename}.provenance.json"
)
done
-
name: Move and list artifacts
run: | run: |
mv ./bin/**/* ./bin/ mv ./bin/**/* ./bin/
tree -nh ./bin
- -
name: Upload artifacts name: Upload artifacts
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
@ -145,6 +155,7 @@ jobs:
draft: true draft: true
files: | files: |
bin/*.tar.gz bin/*.tar.gz
bin/*.provenance.json
bin/*.sha256 bin/*.sha256
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}