funkemunky/packages
1
0
Fork 0
mirror of https://github.com/terrapkg/packages.git synced 2026-06-11 22:20:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

[f43] chore: Backport build attestations (#12033)

Browse Source
This commit is contained in:
Gilver
2026-05-07 01:12:19 -05:00
committed by GitHub
parent 385bb8f9e0
commit 886a9b8a35
4 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/autobuild.yml
+3
View File
@@ -3,6 +3,9 @@
name: Automatically build packages
permissions:
contents: read
attestations: write
artifact-metadata: write
id-token: write
on:
push:
paths:
.github/workflows/bootstrap.yml
+10
View File
@@ -1,6 +1,9 @@
name: Bootstrap Andaman and Subatomic
permissions:
contents: read
attestations: write
artifact-metadata: write
id-token: write
on:
workflow_dispatch:
@@ -85,3 +88,10 @@ jobs:
-H "Authorization: Bearer ${{ secrets.MADOGUCHI_JWT }}" \
-H "Content-Type: application/json" \
-d '{"link":"https://repos.fyralabs.com/terra'${{ matrix.version }}'/","gh":"https://github.com/terrapkg/packages/tree/f'${{ matrix.version }}'"}' --fail-with-body
- name: Attest build provenance
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
with:
subject-path: |
anda-build/rpm/rpms/*
anda-build/rpm/srpm/*
.github/workflows/build.yml
+3
View File
@@ -1,6 +1,9 @@
name: Manual Builds
permissions:
contents: read
attestations: write
artifact-metadata: write
id-token: write
on:
workflow_dispatch:
inputs:
.github/workflows/json-build.yml
+11
View File
@@ -1,6 +1,9 @@
name: JSON Build
permissions:
contents: read
attestations: write
artifact-metadata: write
id-token: write
on:
workflow_call:
inputs:
@@ -125,6 +128,14 @@ jobs:
--token ${{ secrets.SUBATOMIC_TOKEN }} \
terra${{ matrix.version }}${{ matrix.pkg.labels['subrepo'] && '-$subrepo' || '' }}-source anda-build/rpm/srpm/*
- name: Attest build provenance
if: inputs.publish
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
with:
subject-path: |
anda-build/rpm/rpms/*
anda-build/rpm/srpm/*
- name: Notify Madoguchi (Success)
if: inputs.publish && success()
run: ./.github/workflows/mg.sh true "${{matrix.pkg.pkg}}" "${{matrix.version}}" "${{matrix.pkg.arch}}" "${{github.run_id}}" "${{secrets.MADOGUCHI_JWT}}" "$GITHUB_SHA"