YuuMJ1997/clash-verge-rev
1
0
Fork 0
mirror of https://github.com/clash-verge-rev/clash-verge-rev.git synced 2026-04-13 05:20:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

为项目添加 github 的 Provenance 机制 (#6633)

Browse Source 
* ci: add github provenance attestations

* ci: disable updater metadata in dev workflow

* ci: add provenance smoke test workflow

* build: fallback to alpha release assets api

* ci: remove signing env from dev workflow

* ci: disable updater artifacts in linux dev validation

* ci: support alpha manual trigger tag input

* ci: remove provenance validation scaffolding

* ci: drop redundant provenance job permissions

* ci: limit provenance to release workflow
This commit is contained in:
HuangTao 2026-04-12 17:50:44 +08:00 committed by GitHub
parent 749b6c9e30
commit c358b917d6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
.github/workflows/release.yml vendored
View File

@ -240,6 +240,26 @@ jobs:
args: --target ${{ matrix.target }} args: --target ${{ matrix.target }}
includeUpdaterJson: true includeUpdaterJson: true
- name: Attest Windows bundles
if: matrix.os == 'windows-latest'
uses: actions/attest-build-provenance@v3
with:
subject-path: target/${{ matrix.target }}/release/bundle/nsis/*setup*
- name: Attest macOS bundles
if: matrix.os == 'macos-latest'
uses: actions/attest-build-provenance@v3
with:
subject-path: target/${{ matrix.target }}/release/bundle/dmg/*.dmg
- name: Attest Linux bundles
if: matrix.os == 'ubuntu-22.04'
uses: actions/attest-build-provenance@v3
with:
subject-path: |
target/${{ matrix.target }}/release/bundle/deb/*.deb
target/${{ matrix.target }}/release/bundle/rpm/*.rpm
release-for-linux-arm: release-for-linux-arm:
name: Release Build for Linux ARM name: Release Build for Linux ARM
needs: [check_tag_version] needs: [check_tag_version]
@ -367,6 +387,13 @@ jobs:
echo "VERSION=$(cat package.json | jq '.version' | tr -d '"')" >> $GITHUB_ENV echo "VERSION=$(cat package.json | jq '.version' | tr -d '"')" >> $GITHUB_ENV
echo "BUILDTIME=$(TZ=Asia/Shanghai date)" >> $GITHUB_ENV echo "BUILDTIME=$(TZ=Asia/Shanghai date)" >> $GITHUB_ENV
- name: Attest Linux bundles
uses: actions/attest-build-provenance@v3
with:
subject-path: |
target/${{ matrix.target }}/release/bundle/deb/*.deb
target/${{ matrix.target }}/release/bundle/rpm/*.rpm
- name: Upload Release - name: Upload Release
uses: softprops/action-gh-release@v2 uses: softprops/action-gh-release@v2
with: with:
@ -478,6 +505,11 @@ jobs:
Rename-Item $file.FullName $newName Rename-Item $file.FullName $newName
} }
- name: Attest Windows bundles
uses: actions/attest-build-provenance@v3
with:
subject-path: target/${{ matrix.target }}/release/bundle/nsis/*setup*
- name: Upload Release - name: Upload Release
uses: softprops/action-gh-release@v2 uses: softprops/action-gh-release@v2
with: with: