shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: add build provenance attestation for release binaries (#24345)

Browse Source
This commit is contained in:
Atif Ali
2026-04-15 17:44:25 +05:00
committed by GitHub
parent f8d521d527
commit d0c9571f62
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/release.yaml
+19
View File
@@ -488,6 +488,22 @@ jobs:
subject-digest: ${{ steps.docker_digests.outputs.latest_digest }}
push-to-registry: true
- name: GitHub Attestation for release binaries
id: attest_binaries
if: ${{ !inputs.dry_run }}
continue-on-error: true
uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-path: |
./build/*.tar.gz
./build/*.zip
./build/*.deb
./build/*.rpm
./build/*.apk
./build/*_installer.exe
./build/*_helm_*.tgz
./build/provisioner_helm_*.tgz
# Report attestation failures but don't fail the workflow
- name: Check attestation status
if: ${{ !inputs.dry_run }}
@@ -501,6 +517,9 @@ jobs:
if [[ "${{ steps.attest_latest.outcome }}" == "failure" && "${{ steps.attest_latest.conclusion }}" != "skipped" ]]; then
echo "::warning::GitHub attestation for latest image failed"
fi
if [[ "${{ steps.attest_binaries.outcome }}" == "failure" && "${{ steps.attest_binaries.conclusion }}" != "skipped" ]]; then
echo "::warning::GitHub attestation for release binaries failed"
fi
- name: Generate offline docs
run: |