55on :
66 push :
77 branches : [ 1.4-maint ]
8+ tags :
9+ - ' 1.*'
810 paths :
911 - ' **.py'
1012 - ' **.pyx'
4042 - uses : actions/checkout@v4
4143 - uses : chartboost/ruff-action@v1
4244
43- pytest :
4445
45- needs : lint
46+ posix_tests :
47+
48+ needs : [lint]
49+ permissions :
50+ contents : read
51+ id-token : write
52+ attestations : write
4653 strategy :
4754 fail-fast : false
4855 # noinspection YAMLSchemaValidation
8087 fetch-depth : 0
8188 fetch-tags : true
8289
83- - name : Detect if commit is tagged
84- id : detect_tag
85- run : |
86- tag="$(git describe --exact-match --tags HEAD 2>/dev/null || true)"
87- # If HEAD is a merge commit, the PR head is usually the second parent (HEAD^2).
88- if [ -z "$tag" ] && git rev-parse -q --verify HEAD^2 >/dev/null 2>&1; then
89- tag="$(git describe --exact-match --tags HEAD^2 2>/dev/null || true)"
90- fi
91- echo "Found tag: ${tag}"
92- echo "tagged=$tag" >> "$GITHUB_OUTPUT"
93-
94- name : Check out exact tag
95- if : ${{ steps.detect_tag.outputs.tagged }}
96- uses : actions/checkout@v4
97- with :
98- ref : ${{ steps.detect_tag.outputs.tagged }}
99- fetch-depth : 0
100- fetch-tags : true
101-
10290 - name : Set up Python ${{ matrix.python-version }}
10391 uses : actions/setup-python@v5
10492 with :
@@ -151,14 +139,14 @@ jobs:
151139 env_vars : OS, python
152140
153141 - name : Build Borg fat binaries (${{ matrix.binary }})
154- if : ${{ matrix.binary && steps.detect_tag.outputs.tagged }}
142+ if : ${{ matrix.binary && startsWith(github.ref, 'refs/tags/') }}
155143 run : |
156144 pip install 'pyinstaller==6.14.2'
157145 mkdir -p dist/binary
158146 pyinstaller --clean --distpath=dist/binary scripts/borg.exe.spec
159147
160148name : Smoke-test the built binary (${{ matrix.binary }})
161- if : ${{ matrix.binary && steps.detect_tag.outputs.tagged }}
149+ if : ${{ matrix.binary && startsWith(github.ref, 'refs/tags/') }}
162150 run : |
163151 pushd dist/binary
164152 echo "single-file binary"
@@ -171,7 +159,7 @@ jobs:
171159 popd
172160
173161name : Prepare binaries (${{ matrix.binary }})
174- if : ${{ matrix.binary && steps.detect_tag.outputs.tagged }}
162+ if : ${{ matrix.binary && startsWith(github.ref, 'refs/tags/') }}
175163 run : |
176164 mkdir -p artifacts
177165 if [ -f dist/binary/borg.exe ]; then
@@ -183,8 +171,14 @@ jobs:
183171 echo "binary files"
184172 ls -l artifacts/
185173
174+ name : Attest binaries provenance (${{ matrix.binary }})
175+ if : ${{ matrix.binary && startsWith(github.ref, 'refs/tags/') }}
176+ uses : actions/attest-build-provenance@v3
177+ with :
178+ subject-path : ' artifacts/*'
179+
186180 - name : Upload binaries (${{ matrix.binary }})
187- if : ${{ matrix.binary && steps.detect_tag.outputs.tagged }}
181+ if : ${{ matrix.binary && startsWith(github.ref, 'refs/tags/') }}
188182 uses : actions/upload-artifact@v4
189183 with :
190184 name : ${{ matrix.binary }}
0 commit comments