diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b60989108e..ae736ec803 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -101,6 +101,14 @@ jobs: echo "$sum $file" > ${file#\*}.sha256 fi done + - + name: List artifacts + run: | + tree -nh ./bin/release + - + name: Check artifacts + run: | + find bin/release -type f -exec file -e ascii -- {} + - name: Upload artifacts uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 @@ -304,8 +312,9 @@ jobs: files: ./coverage.txt release: + if: startsWith(github.ref, 'refs/tags/v') permissions: - contents: write # to create a release (ncipollo/release-action) + contents: write # to create a release (softprops/action-gh-release) runs-on: ubuntu-latest needs: - binary-finalize @@ -320,6 +329,8 @@ jobs: path: ./bin/release name: release - + # inspect what was actually downloaded from the artifact store — + # this is what gets attached to the release name: List artifacts run: | tree -nh ./bin/release @@ -329,10 +340,12 @@ jobs: find bin/release -type f -exec file -e ascii -- {} + - name: GitHub Release - if: startsWith(github.ref, 'refs/tags/v') - uses: ncipollo/release-action@339a81892b84b4eeb0f6e744e4574d79d0d9b8dd # v1.21.0 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: - artifacts: ./bin/release/* - generateReleaseNotes: true + files: ./bin/release/* + generate_release_notes: true draft: true + # never replace assets already uploaded to an existing release + # (softprops updates an existing release for the tag instead of failing) + overwrite_files: false token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml index ee8df35b24..435d9beb0b 100644 --- a/.github/workflows/merge.yml +++ b/.github/workflows/merge.yml @@ -39,7 +39,7 @@ jobs: cache: true cache-scope: bin-image output: image - push: ${{ github.event_name != 'pull_request' }} + push: true # this workflow only triggers on push (main and tags) sbom: true set-meta-labels: true meta-images: | diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 237a1f520c..df3c6130a5 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -61,6 +61,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1 + uses: github/codeql-action/upload-sarif@411c4c9a36b3fca4d674f06b6396b2c6d23522c6 # v3.36.3 with: sarif_file: results.sarif