Skip to content

Commit 78f491a

Browse files
haydentherapperhaydentherapper
authored
Update java build workflow (#228)
This updates the generation and upload of the provenance, which broke due to the actions/artifact-upload breaking change. We now generate a draft release first, then generate provenance and upload to the existing draft release. Signed-off-by: Hayden B <hblauzvern@google.com>
1 parent 6d5c983 commit 78f491a

File tree

1 file changed

+14
-16
lines changed

1 file changed

+14
-16
lines changed

.github/workflows/java-build-for-release.yml

Lines changed: 14 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -56,28 +56,12 @@ jobs:
5656
path: ./java/build/release/
5757
if-no-files-found: error
5858

59-
provenance:
60-
needs: [build, strip-tag]
61-
permissions:
62-
actions: read # To read the workflow path.
63-
id-token: write # To sign the provenance.
64-
contents: write
65-
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
66-
with:
67-
attestation-name: "protobuf-specs-${{ needs.strip-tag.outputs.version }}.attestation.intoto.jsonl"
68-
base64-subjects: "${{ needs.build.outputs.hashes }}"
69-
7059
create-release:
7160
runs-on: ubuntu-latest
7261
needs: [provenance, build]
7362
permissions:
7463
contents: write # To draft a release
7564
steps:
76-
- name: Download attestation
77-
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
78-
with:
79-
name: "${{ needs.provenance.outputs.attestation-name }}"
80-
path: ./release/
8165
- name: Download gradle release artifacts
8266
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
8367
with:
@@ -90,3 +74,17 @@ jobs:
9074
tag_name: ${{ github.ref_name }}
9175
files: ./release/*
9276
draft: true
77+
78+
provenance:
79+
needs: [build, strip-tag, create-release]
80+
permissions:
81+
actions: read # To read the workflow path.
82+
id-token: write # To sign the provenance.
83+
contents: write
84+
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
85+
with:
86+
attestation-name: "protobuf-specs-${{ needs.strip-tag.outputs.version }}.attestation.intoto.jsonl"
87+
upload-assets: true
88+
base64-subjects: "${{ needs.build.outputs.hashes }}"
89+
upload-tag-name: "${{ github.ref_name }}" # Upload to tag rather than generate a new release
90+
draft-release: true

0 commit comments

Comments
 (0)