build(deps): bump actions/attest-build-provenance from 1 to 2 #216
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Go | |
on: | |
push: | |
branches: [ "main" ] | |
pull_request: | |
branches: [ "main" ] | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/vanilla-os/pico:main | |
permissions: | |
contents: write # to upload assets to releases | |
attestations: write # to upload assets attestation for build provenance | |
id-token: write # grant additional permission to attestation action to mint the OIDC token permission | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.22 | |
- name: Install build dependencies | |
run: | | |
apt-get update | |
apt-get install -y pkg-config build-essential | |
- name: Build | |
run: go build -o vso -ldflags="-X 'main.Version=${{ github.sha }}'" | |
- name: Check for missing strings | |
uses: vanilla-os/missing-strings-golang-action@v0.1.0 | |
- name: Compress | |
run: tar -czvf vso.tar.gz vso | |
- name: Compress-manpage | |
run: tar -czvf vso-man.tar.gz man/vso.1 | |
- name: Calculate and Save Checksums | |
run: | | |
sha256sum vso.tar.gz >> checksums.txt | |
sha256sum vso-man.tar.gz >> checksums.txt | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: vso | |
path: | | |
checksums.txt | |
vso.tar.gz | |
vso-man.tar.gz | |
- uses: softprops/action-gh-release@v2 | |
if: github.ref == 'refs/heads/main' | |
with: | |
token: "${{ secrets.GITHUB_TOKEN }}" | |
tag_name: "continuous" | |
prerelease: true | |
name: "Continuous Build" | |
files: | | |
checksums.txt | |
vso.tar.gz | |
vso-man.tar.gz |