name: Release
on:
push:
tags:
- 'v*'
permissions:
contents: write
id-token: write
env:
ARTIFACT_NAME: molock
jobs:
build:
runs-on: ubuntu-latest
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- name: Build release binary
run: cargo build --release
- name: Create artifacts directory
run: mkdir -p release
- name: Copy binary
run: cp target/release/molock release/molock
- name: Create tarball
working-directory: release
run: |
tar -czf molock-${{ github.ref_name }}-x86_64-unknown-linux-gnu.tar.gz molock
- name: Generate hashes
id: hash
working-directory: release
run: |
echo "hashes=$(sha256sum *.tar.gz | base64 -w0)" >> $GITHUB_OUTPUT
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ env.ARTIFACT_NAME }}
path: release/*
create-release:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: ${{ env.ARTIFACT_NAME }}
path: release/
- name: Create GitHub Release and upload tarball
run: |
gh release create "${{ github.ref_name }}" \
--title "${{ github.ref_name }}" \
--generate-notes \
release/*.tar.gz
env:
GH_TOKEN: ${{ github.token }}
provenance:
needs: [build, create-release]
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0
with:
base64-subjects: "${{ needs.build.outputs.hashes }}"
permissions:
contents: write
id-token: write
actions: read