Skip to content

Commit

Permalink
Upload attestations to GitHub (#76)
Browse files Browse the repository at this point in the history
* Add the distributionManagement back to the pom

* Upload attestations to GitHub
  • Loading branch information
hfhbd authored Sep 29, 2024
1 parent acf894a commit 02d6147
Show file tree
Hide file tree
Showing 5 changed files with 65 additions and 1 deletion.
3 changes: 2 additions & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ jobs:
contents: read
packages: write
id-token: write
attestations: write

env:
GRADLE_OPTS: -Dorg.gradle.caching=true
Expand All @@ -29,7 +30,7 @@ jobs:
java-version: 21
- uses: gradle/actions/setup-gradle@v4
- name: Release maven artifacts
run: ./gradlew -Pversion=$version publish
run: ./gradlew -Pversion=$version publish uploadSignaturesToGitHub
env:
ORG_GRADLE_PROJECT_GitHubPackagesUsername: ${{ github.actor }}
ORG_GRADLE_PROJECT_GitHubPackagesPassword: ${{ github.token }}
1 change: 1 addition & 0 deletions gradle/build-logic/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ plugins {
dependencies {
implementation(libs.plugins.kotlin.jvm.dep)
implementation(libs.plugins.sigstore.dep)
implementation(libs.ktor.client.cio)
}

val Provider<PluginDependency>.dep: Provider<String> get() = map { "${it.pluginId}:${it.pluginId}.gradle.plugin:${it.version}" }
53 changes: 53 additions & 0 deletions gradle/build-logic/src/main/kotlin/UploadSignatures.kt
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
import io.ktor.client.*
import io.ktor.client.engine.cio.*
import io.ktor.client.plugins.*
import io.ktor.client.request.*
import io.ktor.http.*
import kotlinx.coroutines.runBlocking
import org.gradle.api.DefaultTask
import org.gradle.api.credentials.PasswordCredentials
import org.gradle.api.file.ConfigurableFileCollection
import org.gradle.api.provider.Property
import org.gradle.api.tasks.*
import org.gradle.kotlin.dsl.credentials
import org.gradle.work.DisableCachingByDefault

@DisableCachingByDefault(because = "Remote operation")
abstract class UploadSignatures : DefaultTask() {
@get:InputFiles
@get:PathSensitive(PathSensitivity.NONE)
abstract val signatures: ConfigurableFileCollection

@get:Input
abstract val githubApiUrl: Property<String>

@get:Input
val githubCredentials = project.providers.credentials(PasswordCredentials::class, "GitHubPackages")

@get:Input
abstract val githubRepository: Property<String>


@TaskAction
internal fun uploadSignatures(): Unit = runBlocking {
HttpClient(CIO) {
defaultRequest {
url.takeFrom(githubApiUrl.get())
accept(ContentType.parse("application/vnd.github+json"))
bearerAuth(githubCredentials.get().password!!)
}
}.use { client ->
for (file in signatures) {
client.post(
"/repos/${githubRepository.get()}/attestations"
) {
//language=json
val bundle = """
{ "bundle": ${file.readText()} }
""".trimIndent()
setBody(bundle)
}
}
}
}
}
6 changes: 6 additions & 0 deletions gradle/build-logic/src/main/kotlin/setup.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -54,3 +54,9 @@ tasks.withType(SigstoreSignFilesTask::class).configureEach {
languageVersion.set(JavaLanguageVersion.of(21))
})
}

tasks.register("uploadSignaturesToGitHub", UploadSignatures::class) {
signatures.from(tasks.withType(SigstoreSignFilesTask::class))
githubApiUrl = providers.environmentVariable("GITHUB_API_URL")
githubRepository = providers.environmentVariable("GITHUB_REPOSITORY")
}
3 changes: 3 additions & 0 deletions gradle/libs.versions.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
[versions]
kotlin = "2.1.0-Beta1"

[libraries]
ktor-client-cio = { module = "io.ktor:ktor-client-cio", version = "2.3.8" }

[plugins]
kotlin-jvm = { id = "org.jetbrains.kotlin.jvm", version.ref = "kotlin" }
sigstore = { id = "dev.sigstore.sign", version = "1.0.0" }

0 comments on commit 02d6147

Please sign in to comment.