Skip to content

ci(release): add attestation permissions #17

ci(release): add attestation permissions

ci(release): add attestation permissions #17

Workflow file for this run

name: Release
on:
push:
tags: ["v*.*.*"]
jobs:
build:
permissions:
id-token: write
attestations: write
uses: ./.github/workflows/build.yml
crates-io:
name: crates.io
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
- name: Setup Rust cache
uses: Swatinem/rust-cache@v2
- name: Publish
run: cargo publish
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_API_TOKEN }}
github:
name: GitHub Releases
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install git-cliff
uses: taiki-e/install-action@git-cliff
- name: Download artifacts
id: download
uses: actions/download-artifact@v4
with:
path: /tmp/artifacts
- name: Prepare assets
env:
ARTIFACTS: ${{ steps.download.outputs.download-path }}
id: prepare
run: |
asset_path="/tmp/assets"
mkdir -p "$asset_path"
for artifact in "$ARTIFACTS"/*/; do
basename "$artifact" | \
xargs -I {} zip -jr "$asset_path"/{}.zip "$artifact"
done
- name: Generate changelog
run: git-cliff -o /tmp/changelog.md -l --strip all
- name: Create release
env:
GH_TOKEN: ${{ github.token }}
TAG: ${{ github.ref_name }}
run: |
gh release create --notes-file /tmp/changelog.md --draft --verify-tag "$TAG" /tmp/assets/*.zip