-
Notifications
You must be signed in to change notification settings - Fork 5
119 lines (115 loc) · 4.77 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# brian's standard GitHub Actions release config for Perl 5 modules
# version 20240710.001
# https://github.com/briandfoy/github_workflows
# https://github.com/features/actions
# This file is licensed under the Artistic License 2.0
#
# This action builds a Perl distribution and adds it as a release
# on GitHub. This does not upload to PAUSE, but that wouldn't be
# that hard, but that doesn't fit with my workflow since this part
# happens after everything else has succeeded.
#
# This requires that you configure a repository secret named
# RELEASE_ACTION_TOKEN with a GitHub Personal Access Token
# that has "read and write" permissions on Repository/Contents
name: release
# https://github.com/actions/checkout/issues/1590
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
permissions:
contents: write
id-token: write
attestations: write
on:
push:
# tag a release commit with "release-....". This workflow then runs
# whenever it sees that tag, and doesn't run for other commits.
tags:
- 'release-*'
# With workflow_dispatch, you can trigger this manually. This is
# especially handy when you want to re-run a job that failed because
# the token had expired. Update the GitHub secret and re-run on the
# same commit.
workflow_dispatch:
jobs:
perl:
# We need a GitHub secret, so create an Environment named "release"
# * Go to Settings > Environment (repo settings, not account settings)
# * Make an environment named "release"
# * Add a secret named "RELEASE_ACTION_TOKEN" with a GitHub token with repo permissions
# If you use a different token name, update "RELEASE_ACTION_TOKEN" in the last
# step in this job.
environment: release
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- ubuntu-20.04
perl-version:
- 'latest'
container:
image: perl:${{ matrix.perl-version }}
steps:
- uses: actions/checkout@v3
# Some older versions of Perl have trouble with hostnames in certs. I
# haven't figured out why.
- name: Setup environment
run: |
echo "PERL_LWP_SSL_VERIFY_HOSTNAME=0" >> $GITHUB_ENV
# I had some problems with openssl on Ubuntu, so I punted by installing
# cpanm first, which is easy. I can install IO::Socket::SSL with that,
# then switch back to cpan. I didn't explore this further, but what you
# see here hasn't caused problems for me.
#
# Need HTTP::Tiny 0.055 or later. Probably don't need it at all since I'm
# not using cpan here.
#
# Test::Manifest is there because it's a thing I do. If you are writing
# modules and don't know what it is, you don't need it.
- name: Install cpanm and multiple modules
run: |
curl -L https://cpanmin.us | perl - App::cpanminus
cpanm --notest IO::Socket::SSL HTTP::Tiny ExtUtils::MakeMaker Test::Manifest
# Install the dependencies, again not testing them. This installs the
# module in the current directory, so we end up installing the module,
# but that's not a big deal.
- name: Install dependencies
run: |
cpanm --notest --installdeps --with-suggests --with-recommends .
# This makes the distribution and tests it, but assumes by the time we
# got here, everything else was already tested.
- name: Create distro
run: |
perl Makefile.PL
make disttest
make dist 2>/dev/null | grep Created | awk '{ print "ASSET_NAME=" $2 }' >> $GITHUB_ENV
- name: version
run: |
perl -le '($name) = $ARGV[0] =~ m/(.*?).tar.gz/; print qq(name=$name)' *.tar.gz >> $GITHUB_OUTPUT
id: version
- name: Changes extract
run: |
perl -00 -lne 'next unless /\A\d+\.\d+(_\d+)?/; print; last' Changes > Changes-latest
cat Changes-latest
id: extract
# https://cli.github.com/manual/gh_attestation_verify
# DISTRO_FILE is the .tar.gz in the release
# GITHUB_ACCOUNT is the github name of the releaser
# gh auth login
# gh attestation verify DISTRO_FILE --owner GITHUB_ACCOUNT
- name: Generate artifact attestation
id: attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: ${{ env.ASSET_NAME }}
- name: upload
uses: softprops/action-gh-release@v1
with:
body_path: Changes-latest
draft: false
prerelease: false
name: ${{ steps.version.outputs.name }}
files: |
${{ env.ASSET_NAME }}
${{ steps.attestation.outputs.bundle-path }}
token: ${{ secrets.RELEASE_ACTION_TOKEN }}