Skip to content

Commit 6d468b7

Browse files
authored
prevent attestation pollution (#1567)
1 parent d3ac74b commit 6d468b7

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

.github/workflows/package.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,7 @@ jobs:
7171
run: cmake --build "$BUILD_DIR" --target package
7272

7373
- name: Generate artifact attestation
74+
if: github.ref_type == 'tag'
7475
uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
7576
with:
7677
subject-path: "${{ env.BUILD_DIR }}/*.tar.gz,${{ env.BUILD_DIR }}/*.deb,${{ env.BUILD_DIR }}/*.rpm"
@@ -113,6 +114,7 @@ jobs:
113114
cmake --build "$BUILD_DIR" --target package
114115
115116
- name: Generate artifact attestation
117+
if: github.ref_type == 'tag'
116118
uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
117119
with:
118120
subject-path: "${{ env.BUILD_DIR }}/*.tar.gz"
@@ -156,6 +158,7 @@ jobs:
156158
run: cmake --build "$BUILD_DIR" --target package
157159

158160
- name: Generate artifact attestation
161+
if: github.ref_type == 'tag'
159162
uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
160163
with:
161164
subject-path: "${{ env.BUILD_DIR }}/*.tar.gz,${{ env.BUILD_DIR }}/*.pkg"
@@ -226,6 +229,7 @@ jobs:
226229
run: cmake --build "$BUILD_DIR" --target package
227230

228231
- name: Generate artifact attestation
232+
if: github.ref_type == 'tag'
229233
uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
230234
with:
231235
subject-path: "${{ env.BUILD_DIR }}/*.zip"
@@ -275,6 +279,7 @@ jobs:
275279
run: cmake --build "$env:BUILD_DIR" --config ${{ matrix.configuration }} --target package
276280

277281
- name: Generate artifact attestation
282+
if: github.ref_type == 'tag'
278283
uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
279284
with:
280285
subject-path: "${{ env.BUILD_DIR }}/*.zip"
@@ -365,6 +370,7 @@ jobs:
365370
tar cvf "${PACKAGE_DIR}.tar.gz" "${PACKAGE_DIR}"
366371
367372
- name: Generate artifact attestation
373+
if: github.ref_type == 'tag'
368374
uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
369375
with:
370376
subject-path: "${{ env.PACKAGE_DIR }}.tar.gz"

0 commit comments

Comments
 (0)