Skip to content
Run Release Release

chore(deps): update actions/attest-build-provenance action to v3.2.0 … #455

Sign in to view logs

chore(deps): update actions/attest-build-provenance action to v3.2.0 …

chore(deps): update actions/attest-build-provenance action to v3.2.0 … #455

Workflow file for this run

.github/workflows/release.yml at 4401e9d
name: Run Release Release
on:
push:
branches:
- main
permissions:
contents: write
pull-requests: write
jobs:
release-please:
permissions:
id-token: write # for googleapis/release-please-action to create release tag
contents: write # for googleapis/release-please-action to create release commit
pull-requests: write # for googleapis/release-please-action to create release PR
runs-on: ubuntu-latest
steps:
- uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4
id: release
with:
token: ${{secrets.RELEASE_PLEASE_ACTION_TOKEN}}
outputs:
release_created: ${{ steps.release.outputs.release_created }}
release_tag_name: ${{ steps.release.outputs.tag_name }}
release:
environment: publish
runs-on: ubuntu-latest
needs: release-please
permissions:
id-token: write # enable GitHub OIDC token issuance for this job (NuGet login)
contents: write # for SBOM release
attestations: write # for actions/attest-sbom to create attestation
packages: read # for internal nuget reading
if: ${{ fromJSON(needs.release-please.outputs.release_created || false) }}
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
fetch-depth: 0
- name: Setup .NET SDK
uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5
with:
global-json-file: global.json
- name: Cache NuGet packages
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', 'Directory.Packages.props', 'global.json') }}
restore-keys: |
${{ runner.os }}-nuget-
- name: Install dependencies
run: dotnet restore
- name: Pack
run: dotnet pack -c Release --no-restore
# Get a short-lived NuGet API key
- name: NuGet login (OIDC → temp API key)
uses: NuGet/login@d22cc5f58ff5b88bf9bd452535b4335137e24544 # v1
id: login
with:
user: ${{secrets.NUGET_USER}}
- name: Publish to Nuget
run: dotnet nuget push "src/**/*.nupkg" --api-key "${{ steps.login.outputs.NUGET_API_KEY }}" --source https://api.nuget.org/v3/index.json
- name: Generate artifact attestation
uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
with:
subject-path: "src/**/*.nupkg"
# Process OpenFeature project
- name: Generate and Attest SBOM for OpenFeature
uses: ./.github/actions/sbom-generator
with:
github-token: ${{secrets.GITHUB_TOKEN}}
project-name: OpenFeature
release-tag: ${{ needs.release-please.outputs.release_tag_name }}
# Process OpenFeature.Hosting project
- name: Generate and Attest SBOM for OpenFeature.Hosting
uses: ./.github/actions/sbom-generator
with:
github-token: ${{secrets.GITHUB_TOKEN}}
project-name: OpenFeature.Hosting
release-tag: ${{ needs.release-please.outputs.release_tag_name }}
# Process OpenFeature.Providers.MultiProvider project
- name: Generate and Attest SBOM for OpenFeature.Providers.MultiProvider
uses: ./.github/actions/sbom-generator
with:
github-token: ${{secrets.GITHUB_TOKEN}}
project-name: OpenFeature.Providers.MultiProvider
release-tag: ${{ needs.release-please.outputs.release_tag_name }}