Skip to content

Commit

Permalink
Replace cosign with GitHub Artifact Attestation
Browse files Browse the repository at this point in the history
  • Loading branch information
@btj
btj authored Jan 7, 2025
1 parent c9dfc3b commit aefd343
Showing 1 changed file with 22 additions and 35 deletions.
57 changes: 22 additions & 35 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@ env:

permissions:
id-token: write
contents: write
attestations: write

jobs:
MacOS:
runs-on: macos-13
steps:
- name: Install cosign
uses: sigstore/[email protected]
- uses: actions/checkout@v3
- name: Create package name
run: |
Expand Down Expand Up @@ -43,23 +43,20 @@ jobs:
- name: Produce shasum 256
run: |
shasum -a 256 ${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}.tar.gz > ${{ runner.temp }}/${{ env.SHASUM_FILE }}
- name: Sign artifact
run: |
cd ${{ runner.temp }}
cosign sign-blob -y ${{ env.PACKAGE_NAME }}-${{ runner.os }}.tar.gz --bundle ${{ env.PACKAGE_NAME }}-${{ runner.os }}.tar.gz.signature
- uses: actions/[email protected]
with:
name: vf-llvm-clang-${{ runner.os }}
path: |
${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}.tar.gz
${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}.tar.gz.signature
${{ runner.temp }}/${{ env.SHASUM_FILE }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v2
with:
subject-path: ${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}.tar.gz

MacOS_AArch64:
runs-on: macos-14
steps:
- name: Install cosign
uses: sigstore/[email protected]
- uses: actions/checkout@v3
- name: Create package name
run: |
Expand Down Expand Up @@ -87,23 +84,20 @@ jobs:
- name: Produce shasum 256
run: |
shasum -a 256 ${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}-aarch64.tar.gz > ${{ runner.temp }}/${{ env.SHASUM_FILE }}
- name: Sign artifact
run: |
cd ${{ runner.temp }}
cosign sign-blob -y ${{ env.PACKAGE_NAME }}-${{ runner.os }}-aarch64.tar.gz --bundle ${{ env.PACKAGE_NAME }}-${{ runner.os }}.tar.gz.signature
- uses: actions/[email protected]
with:
name: vf-llvm-clang-${{ runner.os }}
path: |
${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}-aarch64.tar.gz
${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}-aarch64.tar.gz.signature
${{ runner.temp }}/${{ env.SHASUM_FILE }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v2
with:
subject-path: ${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}-aarch64.tar.gz

Linux:
runs-on: ubuntu-20.04
steps:
- name: Install cosign
uses: sigstore/[email protected]
- uses: actions/checkout@v3
- name: Create package name
run: |
Expand Down Expand Up @@ -131,17 +125,16 @@ jobs:
- name: Produce shasum 256
run: |
shasum -a 256 ${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}.tar.gz > ${{ runner.temp }}/${{ env.SHASUM_FILE }}
- name: Sign artifact
run: |
cd ${{ runner.temp }}
cosign sign-blob -y ${{ env.PACKAGE_NAME }}-${{ runner.os }}.tar.gz --bundle ${{ env.PACKAGE_NAME }}-${{ runner.os }}.tar.gz.signature
- uses: actions/[email protected]
with:
name: vf-llvm-clang-${{ runner.os }}
path: |
${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}.tar.gz
${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}.tar.gz.signature
${{ runner.temp }}/${{ env.SHASUM_FILE }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v2
with:
subject-path: ${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}.tar.gz

MinGW:
runs-on: windows-2019
Expand All @@ -151,8 +144,6 @@ jobs:
- x86_64
- i686
steps:
- name: Install cosign
uses: sigstore/[email protected]
- run: |
git config --global core.autocrlf input
- uses: actions/checkout@v3
Expand Down Expand Up @@ -191,17 +182,16 @@ jobs:
- name: Produce shasum 256
run: |
Get-FileHash -PATH "${{ runner.temp }}\${{ env.PACKAGE_NAME }}-${{ runner.os }}-MinGW-${{ matrix.cc_prefix }}.tar.gz" -Algorithm SHA256 | Out-File -FilePath ${{ runner.temp }}/${{ env.SHASUM_FILE }} -Encoding utf8
- name: Sign artifact
run: |
cd ${{ runner.temp }}
cosign sign-blob -y ${{ env.PACKAGE_NAME }}-${{ runner.os }}-MinGW-${{ matrix.cc_prefix }}.tar.gz --bundle ${{ env.PACKAGE_NAME }}-${{ runner.os }}-MinGW-${{ matrix.cc_prefix }}.tar.gz.signature
- uses: actions/[email protected]
with:
name: vf-llvm-clang-${{ runner.os }}-MinGW-${{ matrix.cc_prefix }}
path: |
${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}-MinGW-${{ matrix.cc_prefix }}.tar.gz
${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}-MinGW-${{ matrix.cc_prefix }}.tar.gz.signature
${{ runner.temp }}/${{ env.SHASUM_FILE }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v2
with:
subject-path: ${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}-MinGW-${{ matrix.cc_prefix }}.tar.gz

MSVC:
runs-on: windows-2019
Expand All @@ -211,8 +201,6 @@ jobs:
- 'Win32'
- 'x64'
steps:
- name: Install cosign
uses: sigstore/[email protected]
- uses: actions/checkout@v3
- name: Create package name
run: |
Expand Down Expand Up @@ -243,14 +231,13 @@ jobs:
- name: Produce shasum 256
run: |
Get-FileHash -PATH "${{ runner.temp }}\${{ env.PACKAGE_NAME }}-${{ runner.os }}-MSVC-${{ matrix.arch }}.tar.gz" -Algorithm SHA256 | Out-File -FilePath ${{ runner.temp }}/${{ env.SHASUM_FILE }} -Encoding utf8
- name: Sign artifact
run: |
cd ${{ runner.temp }}
cosign sign-blob -y ${{ env.PACKAGE_NAME }}-${{ runner.os }}-MSVC-${{ matrix.arch }}.tar.gz --bundle ${{ env.PACKAGE_NAME }}-${{ runner.os }}-MSVC-${{ matrix.arch }}.tar.gz.signature
- uses: actions/[email protected]
with:
name: vf-llvm-clang-${{ runner.os }}-MSVC-${{ matrix.arch }}
path: |
${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}-MSVC-${{ matrix.arch }}.tar.gz
${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}-MSVC-${{ matrix.arch }}.tar.gz.signature
${{ runner.temp }}/${{ env.SHASUM_FILE }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v2
with:
subject-path: ${{ runner.temp }}/${{ env.PACKAGE_NAME }}-${{ runner.os }}-MSVC-${{ matrix.arch }}.tar.gz

0 comments on commit aefd343

Please sign in to comment.