Skip to content

Commit cd420b0

Browse files
authored
chore: fix release workflow, add sign workflow (#1663)
1 parent 6fbff4c commit cd420b0

File tree

2 files changed

+68
-6
lines changed

2 files changed

+68
-6
lines changed

.github/workflows/publish.yml

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -76,14 +76,13 @@ jobs:
7676
inputs: >-
7777
./dist/*.tar.gz
7878
./dist/*.whl
79-
- name: Create GitHub Release
79+
- name: Ensure GitHub Release exists (no-op if already exists)
8080
env:
8181
GITHUB_TOKEN: ${{ github.token }}
82-
run: >-
83-
gh release create
84-
'${{ github.ref_name }}'
85-
--repo '${{ github.repository }}'
86-
--notes ""
82+
run: |
83+
# If a release for this tag already exists (e.g., created via GH UI), skip creation.
84+
gh release view '${{ github.ref_name }}' --repo '${{ github.repository }}' >/dev/null 2>&1 || \
85+
gh release create '${{ github.ref_name }}' --repo '${{ github.repository }}' --notes ""
8786
- name: Upload artifact signatures to GitHub Release
8887
env:
8988
GITHUB_TOKEN: ${{ github.token }}
Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,63 @@
1+
name: Sign existing release assets 🔐
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
tag:
7+
description: Git tag of the existing release
8+
required: true
9+
type: string
10+
11+
permissions:
12+
contents: write
13+
id-token: write
14+
15+
jobs:
16+
sign-and-upload:
17+
name: Sign and upload Sigstore bundles for release assets
18+
runs-on: ubuntu-latest
19+
steps:
20+
- name: Create dist directory
21+
run: mkdir -p dist
22+
23+
- name: Download assets from GitHub Release
24+
env:
25+
GITHUB_TOKEN: ${{ github.token }}
26+
run: >-
27+
gh release download
28+
'${{ inputs.tag }}'
29+
--repo '${{ github.repository }}'
30+
-D dist/
31+
32+
- name: List downloaded files
33+
run: ls -lah dist || true
34+
35+
- name: Collect files to sign
36+
id: find
37+
shell: bash
38+
run: |
39+
shopt -s nullglob
40+
files=(dist/*.whl dist/*.tar.gz)
41+
if [ ${#files[@]} -eq 0 ]; then
42+
echo "No distribution files found in dist/." >&2
43+
exit 1
44+
fi
45+
printf '%s\n' "${files[@]}"
46+
{
47+
echo 'files<<EOF'
48+
printf '%s\n' "${files[@]}"
49+
echo 'EOF'
50+
} >> "$GITHUB_OUTPUT"
51+
52+
- name: Sign assets with Sigstore
53+
uses: sigstore/gh-action-sigstore-python@v3.0.0
54+
with:
55+
inputs: ${{ steps.find.outputs.files }}
56+
57+
- name: Upload signatures to GitHub Release
58+
env:
59+
GITHUB_TOKEN: ${{ github.token }}
60+
run: >-
61+
gh release upload
62+
'${{ inputs.tag }}' dist/**/*.sigstore.json
63+
--repo '${{ github.repository }}'

0 commit comments

Comments
 (0)