chore(deps): bump actions/attest-build-provenance from 1.1.2 to 1.4.2 #62
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: GoReleaser | |
| on: | |
| push: | |
| pull_request: | |
| permissions: | |
| attestations: write | |
| contents: write | |
| id-token: write | |
| # packages: write | |
| # issues: write | |
| jobs: | |
| goreleaser: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - run: git fetch --force --tags | |
| - name: Read Go version from go.mod | |
| run: echo "CI_GO_VERSION=$(grep '^go ' go.mod | awk '{print $2}')" >> "${GITHUB_ENV}" | |
| - uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.CI_GO_VERSION }} | |
| cache: true | |
| - uses: anchore/sbom-action/download-syft@d94f46e13c6c62f59525ac9a1e147a99dc0b9bf5 # v0.17.0 | |
| # More assembly might be required: Docker logins, GPG, etc. It all depends on what is needed. | |
| - uses: goreleaser/goreleaser-action@d33b6f6aeabd7fed8bb3fbf32c4d890d29f48545 # v2 | |
| with: | |
| distribution: goreleaser | |
| version: "~> v2" | |
| args: release --clean ${{ (startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/pull/') || startsWith(github.ref, 'refs/tags/SNAP/')) && '--snapshot' || '' }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: dist-build-directory | |
| # ... would've been amazing if we could pack each binary separately. | |
| path: | |
| dist/* | |
| # Attest the binaries | |
| - uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2 | |
| if: "!startsWith(github.ref, 'refs/pull/')" # id-token cannot be given in `pull_request:` target | |
| with: | |
| subject-path: |- | |
| dist/junit2html_*/junit2html_* | |
| dist/junit2html_*/junit2html_* | |
| # Attest the SBOM | |
| - uses: actions/attest-sbom@6d7733f629ce1368bd053e269afa8041a98a2b98 # v1.3.3 | |
| if: "!startsWith(github.ref, 'refs/pull/')" # id-token cannot be given in `pull_request:` target | |
| with: | |
| subject-path: |- | |
| dist/junit2html_*.source.tar.gz | |
| sbom-path: "dist/source.sbom.spdx.json" |