adjust workflow triggers

finnigja · May 3, 2024 · 4c09043 · 4c09043
1 parent bd76eb9
commit 4c09043
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 11 deletions.
diff --git a/.github/workflows/build-attested-image.yml b/.github/workflows/build-attested-image.yml
@@ -1,5 +1,7 @@
 name: Build an attested image from latest release
 on:
+  release:
+    types: [published]
   workflow_dispatch:
 
 permissions:
@@ -34,7 +36,7 @@ jobs:
           extract: true
       - name: Verify attestation for latest release
         env:
-          GH_TOKEN: ${{ github.token }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           RELEASE_FILE=`echo ${{ fromJson(steps.get-latest-release.outputs.downloaded_files)[0] }} | awk -F'/' '{print $NF}'`
           echo $RELEASE_FILE

diff --git a/.github/workflows/build-attested-release.yml b/.github/workflows/build-attested-release.yml
@@ -1,6 +1,8 @@
-name: Build an attested release from latest tag
+name: Build an attested release on tag push
 on:
-  workflow_dispatch:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
 
 permissions:
   id-token: write
@@ -20,24 +22,24 @@ jobs:
           go-version: '^1.22'
       - name: Check out code
         uses: actions/checkout@v4
-      - uses: actions-ecosystem/action-get-latest-tag@b7c32daec3395a9616f88548363a42652b22d435
-        id: get-latest-tag
+      - name: Get latest tag
+        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
       - name: Build the binary
         run: |
           GOOS=linux GOARCH=amd64 go build -o ${{ env.PRODUCT_NAME }}-linux-amd64 main.go
           GOOS=darwin GOARCH=arm64 go build -o ${{ env.PRODUCT_NAME }}-darwin-arm64 main.go
       - name: Create the archive
         run: |
-          tar cvf ${{ env.PRODUCT_NAME }}-${{ steps.get-latest-tag.outputs.tag }}.tar ${{ env.PRODUCT_NAME }}-*
-          gzip ${{ env.PRODUCT_NAME }}-${{ steps.get-latest-tag.outputs.tag }}.tar
+          tar cvf ${{ env.PRODUCT_NAME }}-${{ env.RELEASE_VERSION }}.tar ${{ env.PRODUCT_NAME }}-*
+          gzip ${{ env.PRODUCT_NAME }}-${{ env.RELEASE_VERSION }}.tar
       - name: Create attestation
         uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0
         with:
-          subject-path: "${{ env.PRODUCT_NAME }}-${{ steps.get-latest-tag.outputs.tag }}.tar.gz"
+          subject-path: "${{ env.PRODUCT_NAME }}-${{ env.RELEASE_VERSION }}.tar.gz"
       - name: Create release with attested artifact attached
         uses: ncipollo/release-action@v1
         with:
-          tag: "${{ steps.get-latest-tag.outputs.tag }}"
-          artifacts: "${{ env.PRODUCT_NAME }}-${{ steps.get-latest-tag.outputs.tag }}.tar.gz"
-          body: "${{ env.PRODUCT_NAME }} release ${{ steps.get-latest-tag.outputs.tag }}"
+          tag: "${{ env.RELEASE_VERSION }}"
+          artifacts: "${{ env.PRODUCT_NAME }}-${{ env.RELEASE_VERSION }}.tar.gz"
+          body: "${{ env.PRODUCT_NAME }} release ${{ env.RELEASE_VERSION }}"
           makeLatest: true