tldr/.github/workflows/copy-release-assets.yml

54 lines
1.7 KiB
YAML

name: Copy assets to the new release
on:
release:
types: published
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
release:
name: Copy release assets
runs-on: ubuntu-latest
permissions:
contents: write # to upload assets to releases
attestations: write # to upload assets attestation for build provenance
id-token: write # grant additional permission to attestation action to mint the OIDC token permission
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set tag names
run: |
echo "LATEST=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV
echo "PREVIOUS=$(git describe --tags --abbrev=0 $(git describe --tags --abbrev=0)^)" >> $GITHUB_ENV
- name: Download assets
run: |
mkdir release-assets && cd release-assets
gh release download "$PREVIOUS"
- name: Construct subject-path for attest
if: github.repository == 'tldr-pages/tldr'
id: construct-subject-path
run: |
zip_files=$(find release-assets -name '*.zip' -printf '%p,')
pdf_files=$(find release-assets -name '*.pdf' -printf '%p,')
subject_path="${zip_files::-1},${pdf_files::-1},release-assets/tldr.sha256sums"
echo "subject_path=$subject_path" >> $GITHUB_ENV
- name: Attest copied assets
if: github.repository == 'tldr-pages/tldr'
id: attest
uses: actions/attest-build-provenance@v1
with:
subject-path: ${{ env.subject_path }}
- name: Upload assets
if: github.repository == 'tldr-pages/tldr'
working-directory: release-assets
run: gh release upload "$LATEST" -- *