diff --git a/.github/workflows/build_pull_request.yml b/.github/workflows/build_pull_request.yml index 536b6614a7..492c28ec25 100644 --- a/.github/workflows/build_pull_request.yml +++ b/.github/workflows/build_pull_request.yml @@ -13,14 +13,12 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - with: - fetch-depth: 0 - name: Setup Java uses: actions/setup-java@v4 with: - distribution: "temurin" - java-version: "17" + distribution: 'temurin' + java-version: '17' - name: Cache Gradle uses: burrunan/gradle-cache-action@v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 83c1a310ff..19e6e85c97 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,24 +13,21 @@ jobs: permissions: contents: write packages: write + id-token: write + attestations: write runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - with: - # Make sure the release step uses its own credentials: - # https://github.com/cycjimmy/semantic-release-action#private-packages - persist-credentials: false - fetch-depth: 0 - name: Setup Java uses: actions/setup-java@v4 with: - distribution: "temurin" - java-version: "17" + distribution: 'temurin' + java-version: '17' - name: Cache Gradle - uses: burrunan/gradle-cache-action@v2 + uses: burrunan/gradle-cache-action@v3 - name: Build env: @@ -40,7 +37,7 @@ jobs: - name: Setup Node.js uses: actions/setup-node@v4 with: - node-version: "lts/*" + node-version: 'lts/*' cache: 'npm' - name: Install dependencies @@ -54,6 +51,14 @@ jobs: fingerprint: ${{ vars.GPG_FINGERPRINT }} - name: Release + uses: cycjimmy/semantic-release-action@v4 + id: release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: npm exec semantic-release + + - name: Attest + if: steps.release.outputs.new_release_published == 'true' + uses: actions/attest-build-provenance@v2 + with: + subject-name: 'Patches ${{ steps.release.outputs.new_release_git_tag }}' + subject-path: patches/build/libs/patches-*.rvp diff --git a/.releaserc b/.releaserc index 19eb00e819..5c242908b4 100644 --- a/.releaserc +++ b/.releaserc @@ -23,7 +23,7 @@ "assets": [ "README.md", "CHANGELOG.md", - "gradle.properties", + "gradle.properties" ], "message": "chore: Release v${nextRelease.version} [skip ci]\n\n${nextRelease.notes}" } @@ -36,14 +36,14 @@ "path": "patches/build/libs/patches-!(*sources*|*javadoc*).rvp?(.asc)" } ], - successComment: false + "successComment": false } ], [ "@saithodev/semantic-release-backmerge", { - backmergeBranches: [{"from": "main", "to": "dev"}], - clearWorkspace: true + "backmergeBranches": [{"from": "main", "to": "dev"}], + "clearWorkspace": true } ] ] diff --git a/README.md b/README.md index 8158173521..ae418d8506 100644 --- a/README.md +++ b/README.md @@ -81,10 +81,12 @@ To start using this template, follow these steps: and the [About](patches/build.gradle.kts#L5-L11)) 3. Update dependencies in the [libs.versions.toml](gradle/libs.versions.toml) file 4. [Create a pass-phrased GPG master key and subkey](https://mikeross.xyz/create-gpg-key-pair-with-subkeys/) - 1. Add the private key as a secret named [GPG_PRIVATE_KEY](.github/workflows/release.yml#L52) to your repository - 2. Add the passphrase as a secret named [GPG_PASSPHRASE](.github/workflows/release.yml#L53) to your repository - 3. Add the fingerprint of the GPG subkey as a secret named [GPG_FINGERPRINT](.github/workflows/release.yml#L54) to your repository -5. Set up the [README.md](README.md) file[^1] (e.g, title, description, license, summary of the patches +5. Add the following GitHub secrets: + 1. [GPG_PRIVATE_KEY](.github/workflows/release.yml#L52): The ASCII-armored GPG key + 2. [GPG_PASSPHRASE](.github/workflows/release.yml#L53): The passphrase for the GPG key +6. Add the following GitHub variables: + 1. [GPG_FINGERPRINT](.github/workflows/release.yml#L54): The fingerprint of the GPG key +7. Set up the [README.md](README.md) file[^1] (e.g, title, description, license, summary of the patches that are included in the repository), the [issue templates](.github/ISSUE_TEMPLATE)[^2] and the [contribution guidelines](CONTRIBUTING.md)[^3] 🎉 You are now ready to start creating patches!