Skip to content

Bump actions/attest-build-provenance from 1.4.4 to 2.0.1 in the github-actions group #232

Bump actions/attest-build-provenance from 1.4.4 to 2.0.1 in the github-actions group

Bump actions/attest-build-provenance from 1.4.4 to 2.0.1 in the github-actions group #232

Workflow file for this run

name: Always be deploying
on:
pull_request:
paths-ignore:
- 'README.md'
- '.editorconfig'
push:
paths-ignore:
- 'README.md'
- '.editorconfig'
branches:
- main
tags:
- "*.*.*"
permissions:
contents: read
env:
ARTIFACTS: 'build/output/*.nupkg'
jobs:
test-windows:
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- run: |
git fetch --prune --unshallow --tags
echo exit code $?
git tag --list
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
global-json-file: ./global.json
- name: Build
run: build.bat build -s true
shell: cmd
- name: Test
run: build.bat test -s true
shell: cmd
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- run: |
git fetch --prune --unshallow --tags
echo exit code $?
git tag --list
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
global-json-file: ./global.json
- name: Build
run: ./build.sh build -s true
- name: Test
run: ./build.sh test -s true
- name: Generate local nuget packages
run: ./build.sh generatepackages -s true
- name: "Validate *.npkg files"
run: ./build.sh validatepackages -s true
- name: "Inspect public API changes"
run: ./build.sh generateapichanges -s true
- uses: actions/upload-artifact@v4
with:
name: build
path: build/output/
release-canary:
runs-on: ubuntu-latest
if: github.event_name == 'push' && startswith(github.ref, 'refs/heads')
needs: [ build ]
permissions:
attestations: write
contents: write
id-token: write
packages: write
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: build
path: build/output
- uses: actions/attest-build-provenance@c4fbc648846ca6f503a13a2281a5e7b98aa57202 # v2.0.1
with:
subject-path: '${{ github.workspace }}/${{ env.ARTIFACTS }}'
- name: publish canary packages github package repository
shell: bash
timeout-minutes: 2
continue-on-error: true
run: |
until dotnet nuget push '${{ env.ARTIFACTS }}' -k ${{secrets.GITHUB_TOKEN}} --skip-duplicate --no-symbols -s https://nuget.pkg.github.com/elastic/index.json; do echo "Retrying"; sleep 1; done;
# Github packages requires authentication, this is likely going away in the future so for now we publish to feedz.io
- name: Publish canary packages to feedz.io
run: dotnet nuget push '${{ env.ARTIFACTS }}' -k ${{secrets.FEEDZ_IO_API_KEY}} -s https://f.feedz.io/elastic/all/nuget/index.json --skip-duplicate --no-symbols
release:
runs-on: ubuntu-latest
if: github.event_name == 'push' && startswith(github.ref, 'refs/tags')
needs: [ build ]
permissions:
attestations: write
contents: write
id-token: write
issues: write
packages: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: actions/download-artifact@v4
with:
name: build
path: build/output
- name: Generate release notes for tag
run: ./build.sh generatereleasenotes -s true --token ${{secrets.GITHUB_TOKEN}}
- name: Create or update release for tag on github
run: ./build.sh createreleaseongithub -s true --token ${{secrets.GITHUB_TOKEN}}
- uses: actions/attest-build-provenance@c4fbc648846ca6f503a13a2281a5e7b98aa57202 # v2.0.1
with:
subject-path: '${{ github.workspace }}/${{ env.ARTIFACTS }}'
- name: Release to nuget.org
run: dotnet nuget push '${{ env.ARTIFACTS }}' -k ${{secrets.NUGET_API_KEY}} -s https://api.nuget.org/v3/index.json --skip-duplicate --no-symbols