File tree Expand file tree Collapse file tree 1 file changed +15
-12
lines changed
Expand file tree Collapse file tree 1 file changed +15
-12
lines changed Original file line number Diff line number Diff line change @@ -2,10 +2,8 @@ name: "CD: Build & Publish"
22
33# TODO: Notify
44# TODO: Publish to PyPI
5- # TODO: Generate provenance/hashes
65
76on :
8- # TODO: Remove after finished; for testing purposes only
97 pull_request :
108 workflow_dispatch :
119 inputs :
6866 name : Build Artifacts
6967 runs-on : ubuntu-latest
7068 needs : [version]
69+ permissions :
70+ contents : read
71+ id-token : write
72+ attestations : write
7173 steps :
7274 - name : " [INIT] Checkout"
7375 uses : actions/checkout@v5
@@ -88,29 +90,32 @@ jobs:
8890
8991 - name : " [BUILD] Wheel"
9092 run : |
93+ mkdir -p dist
9194 nix build -L .#wheel
92- cp result/*.whl ./
95+ cp result/*.whl dist/
96+
9397
9498name : " [BUILD] Source dist"
9599 run : |
96100 nix build -L .#sdist
97- cp result/*.tar.gz . /
101+ cp result/*.tar.gz dist /
98102
99103name : " [CHANGELOG] Generate release notes"
100104 run : |
101105 nix develop --command git-cliff -c cliff.toml \
102106 --unreleased --verbose \
103- -o RELEASE_NOTES.md
107+ -o dist/ RELEASE_NOTES.md
104108
109+ name : " [VERIFY] Provenance"
110+ uses : actions/attest-build-provenance@v3
111+ with :
112+ subject-path : ' dist/*'
105113
106114 - name : " [UPLOAD] Artifacts"
107115 uses : actions/upload-artifact@v4
108116 with :
109117 name : dist-artifacts
110- path : |
111- *.whl
112- *.tar.gz
113- RELEASE_NOTES.md
118+ path : dist/
114119 if-no-files-found : error
115120
116121 github-release :
@@ -145,8 +150,6 @@ jobs:
145150 tag_name : ${{ steps.input.outputs.tag }}
146151 prerelease : ${{ steps.input.outputs.prerelease }}
147152 body_path : dist/RELEASE_NOTES.md
148- files : |
149- dist/*.whl
150- dist/*.tar.gz
153+ files : dist/*
151154 env :
152155 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
You can’t perform that action at this time.
0 commit comments