mirror of https://github.com/c-ares/c-ares.git
release automation (#906)
When a release is tagged, automatically build the release package and create a draft of the release. Since the build is automated we are also performing provenance as per [SLSA3](https://slsa.dev/) and uploading that as a release asset. This also fixes a couple of recent issues: * validation of the packaging itself was broken when we migrated from cirrus ci to github actions. * clang32 for msys2 has been deprecated causing building to fail. Authored-By: Brad House (@bradh352)pull/915/head
parent
35c0cdcbe5
commit
bbea2cd28e
3 changed files with 83 additions and 8 deletions
@ -0,0 +1,81 @@ |
||||
# Copyright (C) The c-ares project and its contributors |
||||
# SPDX-License-Identifier: MIT |
||||
name: Build Release Package |
||||
on: |
||||
push: |
||||
|
||||
concurrency: |
||||
group: ${{ github.ref }}-build-release-package |
||||
cancel-in-progress: true |
||||
|
||||
env: |
||||
TEST_FILTER: "--gtest_filter=-*LiveSearchTXT*:*LiveSearchANY*" |
||||
MAKE: make |
||||
|
||||
jobs: |
||||
build: |
||||
runs-on: ubuntu-latest |
||||
permissions: |
||||
contents: write |
||||
discussions: write |
||||
outputs: |
||||
hashes: ${{ steps.hash.outputs.hashes }} |
||||
version: ${{ steps.version.outputs.version }} |
||||
name: "build" |
||||
steps: |
||||
- name: Install packages |
||||
uses: awalsh128/cache-apt-pkgs-action@latest |
||||
with: |
||||
packages: autoconf automake libtool g++ libgmock-dev pkg-config gdb |
||||
version: 1.0 |
||||
- name: Checkout c-ares |
||||
uses: actions/checkout@v4 |
||||
- name: Get Tag version |
||||
id: version |
||||
run: | |
||||
version=`echo ${GITHUB_REF} | grep '^refs/tags/v' | sed -e 's|^refs/tags/v\(.*\)|\1|'` |
||||
if [ "$version" = "" ] ; then |
||||
version="prerelease" |
||||
fi |
||||
echo "version=${version}" >> "$GITHUB_OUTPUT" |
||||
- name: "build c-ares tarball" |
||||
run: | |
||||
autoreconf -fi |
||||
./configure |
||||
make dist |
||||
- name: Upload artifact |
||||
uses: actions/upload-artifact@v4 |
||||
with: |
||||
name: "c-ares-src-tarball" |
||||
path: 'c-ares-*.tar.gz' |
||||
if-no-files-found: error |
||||
overwrite: true |
||||
retention-days: 7 |
||||
- name: Upload Release |
||||
uses: softprops/action-gh-release@v2 |
||||
if: startsWith(github.ref, 'refs/tags/') |
||||
with: |
||||
body_path: RELEASE-NOTES.md |
||||
draft: true |
||||
make_latest: true |
||||
name: ${{ steps.version.outputs.version }} |
||||
files: c-ares-${{ steps.version.outputs.version }}.tar.gz |
||||
fail_on_unmatched_files: true |
||||
discussion_category_name: "Announcements" |
||||
- name: Generate subject |
||||
id: hash |
||||
run: | |
||||
set -euo pipefail |
||||
echo "hashes=$(sha256sum c-ares-*.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT" |
||||
|
||||
provenance: |
||||
needs: [build] |
||||
permissions: |
||||
actions: read # To read the workflow path. |
||||
id-token: write # To sign the provenance. |
||||
contents: write # To add assets to a release. |
||||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 |
||||
with: |
||||
base64-subjects: "${{ needs.build.outputs.hashes }}" |
||||
upload-assets: ${{ startsWith(github.ref, 'refs/tags/') }} |
||||
provenance-name: "c-ares-${{ needs.build.outputs.version }}.intoto.jsonl" |
Loading…
Reference in new issue