Skip to content

Commit

Permalink
feat: add build provenance attestation to workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
MasterLaplace committed Nov 8, 2024
1 parent ea1bb21 commit e3041ca
Show file tree
Hide file tree
Showing 4 changed files with 29 additions and 2 deletions.
8 changes: 8 additions & 0 deletions .github/workflows/create_release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ on:

permissions:
contents: write
id-token: write

jobs:
bump_version_and_create_release:
Expand All @@ -31,6 +32,13 @@ jobs:
run: |
python3 Scripts/increment_version.py ${{ steps.test_tag_version.outputs.new_tag }}
- name: Attest Build Provenance
uses: actions/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
subject-name: "Flakkari Version Bump"
subject-path: "Scripts/increment_version.py"

- name: Set up Git and Push changes
env:
github_token: ${{ secrets.GITHUB_TOKEN }}
Expand Down
10 changes: 10 additions & 0 deletions .github/workflows/deploy_doxygen_page.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ on:
milestone:
types: [closed]

permissions:
id-token: write

jobs:
generate:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -33,6 +36,13 @@ jobs:
- name: Create .nojekyll file
run: touch docs/html/.nojekyll

- name: Attest Build Provenance
uses: actions/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
subject-name: "Flakkari Doxygen Documentation"
subject-path: "docs/html"

- name: Deploy
uses: peaceiris/actions-gh-pages@v4
with:
Expand Down
10 changes: 10 additions & 0 deletions .github/workflows/linter.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ on:
- 'ga-ignore-**'
- 'gh-pages'

permissions:
id-token: write

jobs:
lint_code:
name: Lint with clang-format
Expand All @@ -21,6 +24,13 @@ jobs:
git ls-files -z "*.cpp" "*.hpp" | while IFS= read -rd '' f; do tail -c1 < "$f" | read -r _ || echo >> "$f"; done
find . -iname '*.hpp' -o -iname '*.cpp' | xargs clang-format -i
- name: Attest Build Provenance
uses: actions/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
subject-name: "Flakkari Linter"
subject-path: "."

- name: Set up Git and Push changes
env:
github_token: ${{ secrets.GITHUB_TOKEN }}
Expand Down
3 changes: 1 addition & 2 deletions Flakkari/core.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,7 @@ int main(int ac, const char *av[])
if (std::string(e.what()) != "exit")
return FLAKKARI_LOG_FATAL(e.what()), 84;
}
catch (...)
{
catch (...) {
return FLAKKARI_LOG_FATAL("Unknown error"), 84;
}
return 0;
Expand Down

0 comments on commit e3041ca

Please sign in to comment.