Release #77
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| workflow_dispatch: | |
| name: Release | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: Build (${{matrix.architecture}}) | |
| runs-on: windows-2022 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| architecture: [ x86, x64, arm64 ] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Build configure | |
| shell: cmd | |
| run: | | |
| call "C:\Program Files\Microsoft Visual Studio\18\Enterprise\Common7\Tools\VsDevCmd.bat" | |
| msbuild Configure.sln /m /t:Rebuild /p:Configuration=Release,Platform=${{matrix.architecture}} | |
| - name: Upload executable | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0 | |
| with: | |
| name: Configure.Release.${{matrix.architecture}} | |
| path: Artifacts/Release/${{matrix.architecture}}/bin | |
| release: | |
| name: Release | |
| runs-on: windows-2025-vs2026 | |
| needs: build | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 | |
| - name: Download executables | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c #v8.0.1 | |
| with: | |
| path: ${{github.workspace}}/Artifacts | |
| merge-multiple: true | |
| - name: Sign executables and libraries | |
| uses: ImageMagick/code-signing-action@4d19869732e1cd97bb823ad21ebffb26ad10836c #v1.0.0 | |
| with: | |
| client-id: ${{secrets.AZURE_CLIENT_ID}} | |
| tenant-id: ${{secrets.AZURE_TENANT_ID}} | |
| subscription-id: ${{secrets.AZURE_SUBSCRIPTION_ID}} | |
| directory: ${{github.workspace}}\Artifacts | |
| files: '*.exe *.dll' | |
| - name: Create Configs archive | |
| shell: cmd | |
| run: | | |
| powershell -Command "Compress-Archive -Path 'ColorProfiles','Configs','Installer','OpenCL','PerlMagick','Tools' -DestinationPath 'files.zip'" | |
| - name: Generate SLSA provenance | |
| id: attest | |
| uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 #v4.1.0 | |
| with: | |
| subject-path: | | |
| ${{github.workspace}}/Artifacts/Configure.*.exe | |
| ${{github.workspace}}/files.zip | |
| - name: Save provenance as multiple.intoto.jsonl | |
| shell: bash | |
| run: | | |
| cp "${{steps.attest.outputs.bundle-path}}" "${{github.workspace}}/multiple.intoto.jsonl" | |
| - name: Set version | |
| shell: bash | |
| run: echo "VERSION=$(date +'%Y.%m.%d.%H%M')" >> $GITHUB_ENV | |
| - name: Create and push tag | |
| shell: bash | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git tag $VERSION | |
| git push origin $VERSION | |
| - name: Publish release | |
| shell: cmd | |
| env: | |
| GH_TOKEN: ${{github.token}} | |
| run: | | |
| gh release create "%VERSION%" --title "Release %VERSION%" ^ | |
| ${{github.workspace}}\Artifacts\Configure.Release.x64.exe ^ | |
| ${{github.workspace}}\Artifacts\Configure.Release.arm64.exe ^ | |
| ${{github.workspace}}\Artifacts\Configure.Release.x86.exe ^ | |
| ${{github.workspace}}\files.zip ^ | |
| ${{github.workspace}}\multiple.intoto.jsonl |