feat: add error logging for preheat failures and fix peer selection l… #468

Workflow file for this run

.github/workflows/release.yml at a3fa07b

	name: Release

	on:
	push:
	tags:
	- v*

	permissions:
	contents: read

	jobs:
	goreleaser:
	permissions:
	contents: write
	runs-on: ubuntu-latest
	timeout-minutes: 60
	outputs:
	hashes: ${{ steps.hash.outputs.hashes }}
	tag_name: ${{ steps.tag.outputs.tag_name }}
	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
	with:
	fetch-depth: 0
	submodules: recursive

	- name: Setup Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
	with:
	go-version-file: go.mod

	- name: Check GoReleaser config
	uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552
	with:
	version: latest
	args: check

	- name: Run GoReleaser
	uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552
	id: run-goreleaser
	with:
	version: latest
	args: release
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Generate subject
	id: hash
	env:
	ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}"
	run: \|
	set -euo pipefail
	hashes=$(echo $ARTIFACTS \| jq --raw-output '.[] \| {name, "digest": (.extra.Digest // .extra.Checksum)} \| select(.digest) \| {digest} + {name} \| join(" ") \| sub("^sha256:";"")' \| base64 -w0)
	if test "$hashes" = ""; then # goreleaser < v1.13.0
	checksum_file=$(echo "$ARTIFACTS" \| jq -r '.[] \| select (.type=="Checksum") \| .path')
	hashes=$(cat $checksum_file \| base64 -w0)
	fi
	echo "hashes=$hashes" >> $GITHUB_OUTPUT

	- name: Set tag output
	id: tag
	run: echo "tag_name=${GITHUB_REF#refs/*/}" >> "$GITHUB_OUTPUT"

	provenance:
	needs: [goreleaser]
	permissions:
	id-token: write
	contents: write
	actions: read
	uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0
	with:
	base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"

	upload-provenance:
	needs: [goreleaser, provenance]
	permissions:
	contents: write
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
	with:
	fetch-depth: 0
	submodules: recursive

	- name: Download SLSA provenance artifacts
	uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
	with:
	name: multiple.intoto.jsonl
	path: artifacts

	- name: Upload SLSA Provenance Attestation to Release
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	TAG_NAME: ${{ needs.goreleaser.outputs.tag_name }}
	run: \|
	set -euxo pipefail
	ARTIFACT_PATH="artifacts/multiple.intoto.jsonl"
	gh release upload "$TAG_NAME" "$ARTIFACT_PATH" --clobber

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: add error logging for preheat failures and fix peer selection l… #468

Workflow file

feat: add error logging for preheat failures and fix peer selection l… #468

Uh oh!

Jobs

Run details

Workflow file for this run