admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

feat: add attestation to installer

Browse Source
This commit is contained in:
Sean Molenaar 2024-07-23 14:46:15 +02:00 committed by GitHub
parent 6b4e7bb2d0
commit d6bcdffe97
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/pkg-installer.yml vendored
View File

@ -19,6 +19,10 @@ jobs:
build: build:
if: github.repository_owner == 'Homebrew' if: github.repository_owner == 'Homebrew'
runs-on: macos-latest runs-on: macos-latest
permissions:
contents: read # for code access
attestations: write # for actions/attest-build-provenance
id-token: write # for actions/attest-build-provenance
outputs: outputs:
installer_path: "Homebrew-${{ steps.homebrew-version.outputs.version }}.pkg" installer_path: "Homebrew-${{ steps.homebrew-version.outputs.version }}.pkg"
env: env:
@ -119,6 +123,11 @@ jobs:
security delete-keychain "${RUNNER_TEMP}/${TEMPORARY_KEYCHAIN_FILE}" security delete-keychain "${RUNNER_TEMP}/${TEMPORARY_KEYCHAIN_FILE}"
fi fi
- name: Generate build provenance
uses: actions/attest-build-provenance@v1.3.3
with:
subject-path: Homebrew-${{ steps.homebrew-version.outputs.version }}.pkg
- name: Upload installer to GitHub Actions - name: Upload installer to GitHub Actions
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4 uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
with: with: