funkemunky/packages
1
0
Fork 0
mirror of https://github.com/terrapkg/packages.git synced 2026-05-31 09:01:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add build attestation (#10978)

Browse Source 
* feat: add build attestation

* chore: Update to v4.1.0

Signed-off-by: Kyle Gospodnetich <me@kylegospodneti.ch>

* feat: Update to v4.1.0

Signed-off-by: Kyle Gospodnetich <me@kylegospodneti.ch>

---------

Signed-off-by: Kyle Gospodnetich <me@kylegospodneti.ch>
This commit is contained in:
Kyle Gospodnetich
2026-04-04 23:55:53 -07:00
committed by GitHub
parent b4d9d689db
commit 779d744af4
4 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/autobuild.yml
+3
View File
@@ -3,6 +3,9 @@
name: Automatically build packages
permissions:
contents: read
attestations: write
artifact-metadata: write
id-token: write
on:
push:
paths:
.github/workflows/bootstrap.yml
+10
View File
@@ -1,6 +1,9 @@
name: Bootstrap Andaman and Subatomic
permissions:
contents: read
attestations: write
artifact-metadata: write
id-token: write
on:
workflow_dispatch:
@@ -79,3 +82,10 @@ jobs:
--server https://subatomic.fyralabs.com \
--token ${{ secrets.SUBATOMIC_TOKEN }} \
terra${{ matrix.version }}-source anda-build/rpm/srpm/*
- name: Attest build provenance
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
with:
subject-path: |
anda-build/rpm/rpms/*
anda-build/rpm/srpm/*
.github/workflows/build.yml
+3
View File
@@ -1,6 +1,9 @@
name: Manual Builds
permissions:
contents: read
attestations: write
artifact-metadata: write
id-token: write
on:
workflow_dispatch:
inputs:
.github/workflows/json-build.yml
+11
View File
@@ -1,6 +1,9 @@
name: JSON Build
permissions:
contents: read
attestations: write
artifact-metadata: write
id-token: write
on:
workflow_call:
inputs:
@@ -125,6 +128,14 @@ jobs:
--token ${{ secrets.SUBATOMIC_TOKEN }} \
terra${{ matrix.version }}${{ matrix.pkg.labels['subrepo'] && '-$subrepo' || '' }}-source anda-build/rpm/srpm/*
- name: Attest build provenance
if: inputs.publish
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
with:
subject-path: |
anda-build/rpm/rpms/*
anda-build/rpm/srpm/*
- name: Notify Madoguchi (Success)
if: inputs.publish && success()
run: ./.github/workflows/mg.sh true "${{matrix.pkg.pkg}}" "${{matrix.version}}" "${{matrix.pkg.arch}}" "${{github.run_id}}" "${{secrets.MADOGUCHI_JWT}}" "$GITHUB_SHA"