chore(deps): update actions/attest-build-provenance action to v1.4.2 #26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create Github Release | |
| on: | |
| push: | |
| branches: | |
| - devel | |
| - RELEASE* | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| create-release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| outputs: | |
| tag_version: ${{ steps.create_release.outputs.tag_version }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get most recent tag | |
| id: get_tag | |
| run: echo "TAG_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1))" >> "$GITHUB_ENV" | |
| - name: Create Release | |
| id: create_release | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| run: | | |
| echo "Creating release for tag $TAG_VERSION" | |
| gh release create $TAG_VERSION --title "Release $TAG_VERSION" --notes "Release $TAG_VERSION" --target ${{ github.ref }} | |
| echo "tag_version=$TAG_VERSION" >> "$GITHUB_OUTPUT" | |
| create_release_artifacts: | |
| needs: [create-release] | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| r_version: ['release', 'devel'] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Install system dependencies | |
| run: | | |
| sudo apt-get update && \ | |
| sudo apt-get install -y \ | |
| libcurl4-openssl-dev libssl-dev \ | |
| libxml2-dev libgdal-dev libgit2-dev \ | |
| libudunits2-dev libharfbuzz-dev libfribidi-dev \ | |
| pandoc | |
| - name: Setup R | |
| uses: r-lib/actions/setup-r@e6be4b3706e0f39bc7a4cf4496a5f2c4cb840040 # v2.10.1 | |
| with: | |
| r-version: ${{ matrix.r_version }} | |
| use-public-rspm: true | |
| id: r | |
| - name: Install dependencies | |
| uses: r-lib/actions/setup-renv@e6be4b3706e0f39bc7a4cf4496a5f2c4cb840040 # v2.10.1 | |
| - name: Build Package | |
| run: R CMD build . | |
| - name: Rename Package | |
| run: echo "NEWNAME=$(./utilities/rename-package.R *.tar.gz)" >> "$GITHUB_ENV" | |
| - name: Attest builds | |
| id: attest_build | |
| uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2 | |
| with: | |
| subject-path: ${{ env.NEWNAME }} | |
| - name: debug | |
| run: | | |
| echo "R version: ${{ steps.r.outputs.installed-r-version }}" | |
| echo "Current Tag: ${{ needs.create-release.outputs.tag_version }}" | |
| echo "Release File Name: ${{ env.NEWNAME }}" | |
| echo "Bundle Path: ${{ steps.attest_build.outputs.bundle-path}}" | |
| - name: Move the attestation file | |
| run: mv ${{ steps.attest_build.outputs.bundle-path}} ${{ env.NEWNAME }}.jsonl | |
| - name: Upload Release Artifact | |
| env: | |
| RELEASE_TAG: ${{ needs.create-release.outputs.tag_version }} | |
| GH_TOKEN: ${{ github.token }} | |
| run: gh release upload ${{ env.RELEASE_TAG }} ${{ env.NEWNAME }} ${{ env.NEWNAME }}.jsonl |