Skip to content

Handle signals with kqueue #54

Handle signals with kqueue

Handle signals with kqueue #54

Workflow file for this run

# Forked from https://github.com/reproducible-containers/repro-get/blob/v0.2.1/.github/workflows/release.yml
# Forked from https://github.com/containerd/nerdctl/blob/v0.8.1/.github/workflows/release.yml
# Apache License 2.0
name: Release
on:
push:
branches:
- 'master'
tags:
- 'v*'
pull_request:
branches:
- 'master'
permissions:
contents: read
jobs:
release:
name: Release
runs-on: macos-15
# The maximum access is "read" for PRs from public forked repos
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
permissions:
contents: write # for releases
id-token: write # for provenances
attestations: write # for provenances
timeout-minutes: 20
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
# https://github.com/reproducible-containers/repro-get/issues/3
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: "Install dependencies"
# diffoscope: For `make test.repro`
run: brew install diffoscope
- name: "Test reproducibility"
run: |
make test.repro
git clean -xfd
- name: "Make artifacts"
run: make artifacts
- name: "SHA256SUMS"
run: |
cat _artifacts/SHA256SUMS
- name: "The sha256sum of the SHA256SUMS file"
run: |
(cd _artifacts; shasum -a 256 SHA256SUMS)
- name: "Prepare the release note"
run: |
shasha=$(shasum -a 256 _artifacts/SHA256SUMS | awk '{print $1}')
version="VERSION"
[[ $GITHUB_REF == refs/tags/v* ]] && version="${GITHUB_REF#refs/tags/v}"
cat <<-EOF | tee /tmp/release-note.txt
(Changes to be documented)
- - -
The binaries were built automatically on GitHub Actions.
The build log is available for 90 days: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
The sha256sum of the SHA256SUMS file itself is \`${shasha}\` .
The [GitHub Artifact Attestations](https://cli.github.com/manual/gh_attestation_verify) can be verified by running:
\`\`\`
gh attestation verify socket_vmnet-${version}-arm64.tar.gz --owner lima-vm
gh attestation verify socket_vmnet-${version}-x86_64.tar.gz --owner lima-vm
\`\`\`
EOF
- uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
with:
subject-path: _artifacts/*
- name: "Create release"
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
tag="${GITHUB_REF##*/}"
gh release create -F /tmp/release-note.txt --draft --title "${tag}" "${tag}" _artifacts/*