copy-release-assets.yml 1.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253
  1. name: Copy assets to the new release
  2. on:
  3. release:
  4. types: published
  5. env:
  6. GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  7. jobs:
  8. release:
  9. name: Copy release assets
  10. runs-on: ubuntu-latest
  11. permissions:
  12. contents: write # to upload assets to releases
  13. attestations: write # to upload assets attestation for build provenance
  14. id-token: write # grant additional permission to attestation action to mint the OIDC token permission
  15. steps:
  16. - uses: actions/checkout@v4
  17. with:
  18. fetch-depth: 0
  19. - name: Set tag names
  20. run: |
  21. echo "LATEST=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV
  22. echo "PREVIOUS=$(git describe --tags --abbrev=0 $(git describe --tags --abbrev=0)^)" >> $GITHUB_ENV
  23. - name: Download assets
  24. run: |
  25. mkdir release-assets && cd release-assets
  26. gh release download "$PREVIOUS"
  27. - name: Construct subject-path for attest
  28. if: github.repository == 'tldr-pages/tldr'
  29. id: construct-subject-path
  30. run: |
  31. zip_files=$(find release-assets -name '*.zip' -printf '%p,')
  32. pdf_files=$(find release-assets -name '*.pdf' -printf '%p,')
  33. subject_path="${zip_files::-1},${pdf_files::-1},release-assets/tldr.sha256sums"
  34. echo "subject_path=$subject_path" >> $GITHUB_ENV
  35. - name: Attest copied assets
  36. if: github.repository == 'tldr-pages/tldr'
  37. id: attest
  38. uses: actions/attest-build-provenance@v2
  39. with:
  40. subject-path: ${{ env.subject_path }}
  41. - name: Upload assets
  42. if: github.repository == 'tldr-pages/tldr'
  43. working-directory: release-assets
  44. run: gh release upload "$LATEST" -- *