2023-09-18 20:50:14 +02:00
|
|
|
name: Draft Release
|
2023-09-18 20:47:16 +02:00
|
|
|
|
|
|
|
on:
|
|
|
|
push:
|
|
|
|
tags: '[0-9]+.[0-9]?[0-9]?[0-9]?.?[0-9]+'
|
|
|
|
|
|
|
|
jobs:
|
2023-09-18 20:50:14 +02:00
|
|
|
draft:
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- name: Fetch changelog from tag
|
2023-09-22 13:33:49 +02:00
|
|
|
uses: actions/checkout@v4
|
2023-09-18 20:50:14 +02:00
|
|
|
with:
|
|
|
|
sparse-checkout: CHANGELOG.md
|
|
|
|
sparse-checkout-cone-mode: false
|
|
|
|
|
|
|
|
- name: Extract latest changelog entry and attach it to draft
|
|
|
|
uses: taiki-e/create-gh-release-action@v1
|
|
|
|
with:
|
|
|
|
changelog: CHANGELOG.md
|
|
|
|
draft: true
|
|
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
|
2023-09-18 20:47:16 +02:00
|
|
|
release:
|
|
|
|
outputs:
|
|
|
|
hashes: ${{ steps.hash.outputs.hashes }}
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- name: Collect artifacts
|
|
|
|
run: |
|
|
|
|
wget -q https://github.com/PrivateBin/PrivateBin/archive/refs/tags/${GITHUB_REF_NAME}.tar.gz
|
|
|
|
wget -q https://github.com/PrivateBin/PrivateBin/archive/refs/tags/${GITHUB_REF_NAME}.zip
|
|
|
|
|
|
|
|
- name: Generate hashes
|
|
|
|
shell: bash
|
|
|
|
id: hash
|
2023-12-09 10:50:49 +01:00
|
|
|
run: echo "hashes=$(sha256sum ${GITHUB_REF_NAME}.* | base64 -w0)" >> "$GITHUB_OUTPUT"
|
2023-09-18 20:47:16 +02:00
|
|
|
|
|
|
|
provenance:
|
|
|
|
needs:
|
|
|
|
- release
|
|
|
|
permissions:
|
|
|
|
actions: read
|
|
|
|
id-token: write
|
|
|
|
contents: write
|
2024-03-21 12:46:25 +01:00
|
|
|
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
|
2023-09-18 20:47:16 +02:00
|
|
|
with:
|
|
|
|
base64-subjects: "${{ needs.release.outputs.hashes }}"
|
|
|
|
draft-release: true
|
|
|
|
upload-assets: true
|