[PATCH] review and improve build GHA workflow (- WIP #265 -)

 * this work is realted to the GHA #265

Changes in file .github/workflows/CI-BUILD.yml:
 * testing out build artifacts in prep for GHA #338
 * reviewed for GHA #265

Changes in file tests/check_cc_lines:
 * related work

Author: reactive-firewall

.github/workflows/CI-BUILD.yml

@@ -33,6 +33,8 @@ jobs:
       statuses: write
       packages: none
       pull-requests: read
+      id-token: write
+      attestations: write
       security-events: none
     if: ${{ !cancelled() && (github.repository == 'reactive-firewall/multicast') }}
     runs-on: ubuntu-latest
@@ -42,6 +44,7 @@ jobs:
         shell: bash
     env:
       LANG: "en_US.UTF-8"
+      GIT_MATCH_PATTERN: "dist/multicast-*-*.whl dist/multicast-*.tar.gz"
     outputs:
       build_status: ${{ steps.build.outcome }}
     steps:
@@ -64,9 +67,34 @@ jobs:
       - name: Test Build
         id: build
         run: make -j1 -f Makefile build
-      - name: Post-Clean
-        id: post
-        run: make -j1 -f Makefile purge || true
+      - name: Get BUILD Files
+        id: buildfiles
+        shell: bash
+        run: |
+          FILES=$(git ls-files -oi --exclude-standard -- ${{ env.GIT_MATCH_PATTERN }} )
+          if [ -z "$FILES" ]; then
+            printf "%s\n" "::warning file=.github/workflows/CI-BUILD.yml:: No Built files found."
+            printf "%s\n" "files=" >> "$GITHUB_OUTPUT"
+          else
+            printf "%s\n" "Built files found:"
+            printf "%s\n" "$FILES"
+            # Replace line breaks with spaces for GitHub Action Output
+            FILES="${FILES//$'\n'/ }"
+            printf "%s\n" "files=$FILES" >> "$GITHUB_OUTPUT"
+          fi
+        if: ${{ success() }}
+      - name: Upload build artifact
+        id: upload
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          path: ${{ steps.buildfiles.outputs.files }}
+          name: multicast-build-${{ github.sha }}.zip
+      - name: Generate artifact attestation
+        if: ${{ !cancelled() && steps.buildfiles.outputs.files != '' && (github.repository == 'reactive-firewall/multicast') }}
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: multicast-build-${{ github.sha }}.zip
+          subject-digest: sha256:${{ steps.upload.outputs.artifact-digest }}
 
   BOOTSTRAP:
     permissions:
@@ -182,3 +210,9 @@ jobs:
           fi
           echo "build_ref=${{ github.ref }}" >> "$GITHUB_OUTPUT"
           echo "build_ref_name=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
+      - name: Download All Artifacts
+        uses: actions/download-artifact@v4
+        with:
+          path: dist
+          pattern: multicast-${{ github.sha }}
+      - run: ls -R dist

tests/check_cc_lines

@@ -154,7 +154,7 @@ for _TEST_DOC in $FILES_TO_CHECK ; do
 			python3 -B .github/tools/cioutput.py -l info --file "${_TEST_DOC}" --title "COPYRIGHT" "SKIP: ${_TEST_DOC} is missing a valid copyright line begining with \"Copyright (c)\"" ;
 		fi
 		if [[ ( $(grep -F "Copyright (c)" "${_TEST_DOC}" 2>&1 | grep -oE "\d+(-\d+)?" 2>&1 | grep -oE "\d{3,}$" | sort -n | tail -n1) -lt "${_TEST_YEAR}") ]] ; then
-			python3 -B .github/tools/cioutput.py -l info --file "${_TEST_DOC}" --title "DATE" "WARN: ${_TEST_DOC} is out of date without a current copyright (year)" >&2 ;
+			python3 -B .github/tools/cioutput.py -l warning --file "${_TEST_DOC}" --title "DATE" "WARN: ${_TEST_DOC} is out of date without a current copyright (year)" >&2 ;
 		fi
 		# shellcheck disable=SC2086
 		if [[ ( ${EXIT_CODE} -ne 0 ) ]] ; then