mirror of https://github.com/c-ares/c-ares.git
release automation (#906)
When a release is tagged, automatically build the release package and create a draft of the release. Since the build is automated we are also performing provenance as per [SLSA3](https://slsa.dev/) and uploading that as a release asset. This also fixes a couple of recent issues: * validation of the packaging itself was broken when we migrated from cirrus ci to github actions. * clang32 for msys2 has been deprecated causing building to fail. Authored-By: Brad House (@bradh352)v1.34
Brad House
4 months ago
parent
21343d7d32
commit
a5e2761e9b
3 changed files with 83 additions and 8 deletions
@ -0,0 +1,81 @@ |
|||||||
|
# Copyright (C) The c-ares project and its contributors |
||||||
|
# SPDX-License-Identifier: MIT |
||||||
|
name: Build Release Package |
||||||
|
on: |
||||||
|
push: |
||||||
|
|
||||||
|
concurrency: |
||||||
|
group: ${{ github.ref }}-build-release-package |
||||||
|
cancel-in-progress: true |
||||||
|
|
||||||
|
env: |
||||||
|
TEST_FILTER: "--gtest_filter=-*LiveSearchTXT*:*LiveSearchANY*" |
||||||
|
MAKE: make |
||||||
|
|
||||||
|
jobs: |
||||||
|
build: |
||||||
|
runs-on: ubuntu-latest |
||||||
|
permissions: |
||||||
|
contents: write |
||||||
|
discussions: write |
||||||
|
outputs: |
||||||
|
hashes: ${{ steps.hash.outputs.hashes }} |
||||||
|
version: ${{ steps.version.outputs.version }} |
||||||
|
name: "build" |
||||||
|
steps: |
||||||
|
- name: Install packages |
||||||
|
uses: awalsh128/cache-apt-pkgs-action@latest |
||||||
|
with: |
||||||
|
packages: autoconf automake libtool g++ libgmock-dev pkg-config gdb |
||||||
|
version: 1.0 |
||||||
|
- name: Checkout c-ares |
||||||
|
uses: actions/checkout@v4 |
||||||
|
- name: Get Tag version |
||||||
|
id: version |
||||||
|
run: | |
||||||
|
version=`echo ${GITHUB_REF} | grep '^refs/tags/v' | sed -e 's|^refs/tags/v\(.*\)|\1|'` |
||||||
|
if [ "$version" = "" ] ; then |
||||||
|
version="prerelease" |
||||||
|
fi |
||||||
|
echo "version=${version}" >> "$GITHUB_OUTPUT" |
||||||
|
- name: "build c-ares tarball" |
||||||
|
run: | |
||||||
|
autoreconf -fi |
||||||
|
./configure |
||||||
|
make dist |
||||||
|
- name: Upload artifact |
||||||
|
uses: actions/upload-artifact@v4 |
||||||
|
with: |
||||||
|
name: "c-ares-src-tarball" |
||||||
|
path: 'c-ares-*.tar.gz' |
||||||
|
if-no-files-found: error |
||||||
|
overwrite: true |
||||||
|
retention-days: 7 |
||||||
|
- name: Upload Release |
||||||
|
uses: softprops/action-gh-release@v2 |
||||||
|
if: startsWith(github.ref, 'refs/tags/') |
||||||
|
with: |
||||||
|
body_path: RELEASE-NOTES.md |
||||||
|
draft: true |
||||||
|
make_latest: true |
||||||
|
name: ${{ steps.version.outputs.version }} |
||||||
|
files: c-ares-${{ steps.version.outputs.version }}.tar.gz |
||||||
|
fail_on_unmatched_files: true |
||||||
|
discussion_category_name: "Announcements" |
||||||
|
- name: Generate subject |
||||||
|
id: hash |
||||||
|
run: | |
||||||
|
set -euo pipefail |
||||||
|
echo "hashes=$(sha256sum c-ares-*.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT" |
||||||
|
|
||||||
|
provenance: |
||||||
|
needs: [build] |
||||||
|
permissions: |
||||||
|
actions: read # To read the workflow path. |
||||||
|
id-token: write # To sign the provenance. |
||||||
|
contents: write # To add assets to a release. |
||||||
|
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 |
||||||
|
with: |
||||||
|
base64-subjects: "${{ needs.build.outputs.hashes }}" |
||||||
|
upload-assets: ${{ startsWith(github.ref, 'refs/tags/') }} |
||||||
|
provenance-name: "c-ares-${{ needs.build.outputs.version }}.intoto.jsonl" |
||||||
Loading…
Reference in new issue