Skip to content

Commit db31e8e

Browse files
robjtederobjtede
committed
ci: align deploy workflow with inspect-cert-chain
1 parent e590e4b commit db31e8e

1 file changed

Lines changed: 15 additions & 19 deletions

File tree

.github/workflows/deploy.yml

Lines changed: 15 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ on:
66

77
permissions:
88
contents: write
9+
id-token: write
10+
attestations: write
911

1012
env:
1113
CARGO_INCREMENTAL: 0
@@ -30,10 +32,10 @@ jobs:
3032
- { os: macos-latest, target: x86_64-apple-darwin }
3133
- { os: ubuntu-latest, target: aarch64-unknown-linux-gnu }
3234
- { os: ubuntu-latest, target: aarch64-unknown-linux-musl }
33-
- { os: ubuntu-latest, target: x86_64-unknown-freebsd }
35+
# - { os: ubuntu-latest, target: x86_64-unknown-freebsd }
3436
- { os: ubuntu-latest, target: x86_64-unknown-linux-gnu }
3537
- { os: ubuntu-latest, target: x86_64-unknown-linux-musl }
36-
- { os: windows-latest, target: aarch64-pc-windows-msvc }
38+
# - { os: windows-latest, target: aarch64-pc-windows-msvc }
3739
- { os: windows-latest, target: x86_64-pc-windows-msvc }
3840

3941
name: Deploy (${{ matrix.target }})
@@ -42,41 +44,35 @@ jobs:
4244
timeout-minutes: 60
4345

4446
steps:
45-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
47+
- uses: actions/checkout@v6
48+
49+
- name: Install nasm
50+
if: matrix.os == 'windows-latest'
51+
uses: ilammy/setup-nasm@v1.5.2
4652

4753
- name: Install Rust
48-
uses: actions-rust-lang/setup-rust-toolchain@a0b538fa0b742a6aa35d6e2c169b4bd06d225a98 # v1.15.3
54+
uses: actions-rust-lang/setup-rust-toolchain@v1.15.3
4955
with:
5056
cache: false
5157

52-
# TODO: see if this is needed after next deploy
53-
# - if: startsWith(matrix.os, 'ubuntu') && !endsWith(matrix.target, '-musl')
54-
- uses: taiki-e/setup-cross-toolchain-action@b8d1a322a6009a2b7220f53996695778eef89b41 # v1.38.0
58+
- uses: taiki-e/setup-cross-toolchain-action@v1.38.0
5559
with:
5660
target: ${{ matrix.target }}
5761

58-
# TODO: see if this is needed after next deploy
59-
# - if: endsWith(matrix.target, '-musl')
60-
# uses: taiki-e/install-action@v2.23.1
61-
# with:
62-
# tool: cross
63-
6462
# TODO: see if this is needed after next deploy
6563
# - if: endsWith(matrix.target, 'windows-msvc')
6664
# run: echo "RUSTFLAGS=${RUSTFLAGS} -C target-feature=+crt-static" >> "${GITHUB_ENV}"
6765

6866
- name: Build and upload to release
6967
id: upload-release
70-
uses: taiki-e/upload-rust-binary-action@f391289bcff6a7f36b6301c0a74199657bbb4561 # v1.28.0
68+
uses: taiki-e/upload-rust-binary-action@v1.27.0
7169
with:
7270
bin: protobug
7371
target: ${{ matrix.target }}
74-
tar: all
75-
zip: all
76-
checksum: sha256,sha512
72+
checksum: sha256
7773
token: ${{ secrets.GITHUB_TOKEN }}
7874

7975
- name: Generate artifact attestation
80-
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
76+
uses: actions/attest-build-provenance@v4
8177
with:
82-
subject-path: ${{ steps.upload-release.outputs.zip }}
78+
subject-path: "${{ steps.upload-release.outputs.archive }}.*"

0 commit comments

Comments
 (0)