Skip to content

Commit e4c86d4

Browse files
maennchenmaennchen
authored
Hash release files after signing (#14085)
1 parent e5033c9 commit e4c86d4

File tree

2 files changed

+29
-24
lines changed

2 files changed

+29
-24
lines changed

.github/workflows/release.yml

Lines changed: 29 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,6 @@ jobs:
5555
git push origin $ref_name --force
5656
5757
build:
58-
needs: create_draft_release
5958
strategy:
6059
fail-fast: true
6160
matrix:
@@ -80,6 +79,22 @@ jobs:
8079
otp: ${{ matrix.otp }}
8180
build_docs: ${{ matrix.build_docs }}
8281

82+
- name: "Sign files with Trusted Signing"
83+
if: github.repository == 'elixir-lang/elixir'
84+
uses: azure/trusted-signing-action@v0.5.0
85+
with:
86+
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
87+
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
88+
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
89+
endpoint: https://eus.codesigning.azure.net/
90+
trusted-signing-account-name: trusted-signing-elixir
91+
certificate-profile-name: Elixir
92+
files-folder: ${{ github.workspace }}
93+
files-folder-filter: exe
94+
file-digest: SHA256
95+
timestamp-rfc3161: http://timestamp.acs.microsoft.com
96+
timestamp-digest: SHA256
97+
8398
- name: "Attest release .exe provenance"
8499
uses: actions/attest-build-provenance@v2
85100
id: attest-exe-provenance
@@ -112,6 +127,18 @@ jobs:
112127
env:
113128
ATTESTATION: "${{ steps.attest-docs-provenance.outputs.bundle-path }}"
114129

130+
- name: Create Release Hashes
131+
run: |
132+
shasum -a 1 elixir-otp-${{ matrix.otp }}.zip > elixir-otp-${{ matrix.otp }}.zip.sha1sum
133+
shasum -a 256 elixir-otp-${{ matrix.otp }}.zip > elixir-otp-${{ matrix.otp }}.zip.sha256sum
134+
shasum -a 1 elixir-otp-${{ matrix.otp }}.exe > elixir-otp-${{ matrix.otp }}.exe.sha1sum
135+
shasum -a 256 elixir-otp-${{ matrix.otp }}.exe > elixir-otp-${{ matrix.otp }}.exe.sha256sum
136+
- name: Create Docs Hashes
137+
if: ${{ matrix.build_docs }}
138+
run: |
139+
shasum -a 1 Docs.zip > Docs.zip.sha1sum
140+
shasum -a 256 Docs.zip > Docs.zip.sha256sum
141+
115142
- name: "Upload release artifacts"
116143
uses: actions/upload-artifact@v4
117144
with:
@@ -126,7 +153,7 @@ jobs:
126153
path: Docs.zip*
127154

128155
upload-release:
129-
needs: build
156+
needs: [build, create_draft_release]
130157
runs-on: windows-2022
131158

132159
steps:
@@ -137,22 +164,6 @@ jobs:
137164
mv Docs/* .
138165
shell: bash
139166
140-
- name: "Sign files with Trusted Signing"
141-
if: github.repository == 'elixir-lang/elixir'
142-
uses: azure/trusted-signing-action@v0.5.0
143-
with:
144-
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
145-
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
146-
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
147-
endpoint: https://eus.codesigning.azure.net/
148-
trusted-signing-account-name: trusted-signing-elixir
149-
certificate-profile-name: Elixir
150-
files-folder: ${{ github.workspace }}
151-
files-folder-filter: exe
152-
file-digest: SHA256
153-
timestamp-rfc3161: http://timestamp.acs.microsoft.com
154-
timestamp-digest: SHA256
155-
156167
- name: Upload Pre-built
157168
shell: bash
158169
env:

.github/workflows/release_pre_built/action.yml

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,6 @@ runs:
1919
run: |
2020
make Precompiled.zip
2121
mv Precompiled.zip elixir-otp-${{ inputs.otp }}.zip
22-
shasum -a 1 elixir-otp-${{ inputs.otp }}.zip > elixir-otp-${{ inputs.otp }}.zip.sha1sum
23-
shasum -a 256 elixir-otp-${{ inputs.otp }}.zip > elixir-otp-${{ inputs.otp }}.zip.sha256sum
2422
echo "$PWD/bin" >> $GITHUB_PATH
2523
- name: Install NSIS
2624
shell: bash
@@ -34,8 +32,6 @@ runs:
3432
export ELIXIR_ZIP=$PWD/elixir-otp-${{ inputs.otp }}.zip
3533
(cd lib/elixir/scripts/windows_installer && ./build.sh)
3634
mv lib/elixir/scripts/windows_installer/tmp/elixir-otp-${{ inputs.otp }}.exe .
37-
shasum -a 1 elixir-otp-${{ inputs.otp }}.exe > elixir-otp-${{ inputs.otp }}.exe.sha1sum
38-
shasum -a 256 elixir-otp-${{ inputs.otp }}.exe > elixir-otp-${{ inputs.otp }}.exe.sha256sum
3935
- name: Get ExDoc ref
4036
if: ${{ inputs.build_docs }}
4137
shell: bash
@@ -66,5 +62,3 @@ runs:
6662
run: |
6763
git fetch --tags
6864
make Docs.zip
69-
shasum -a 1 Docs.zip > Docs.zip.sha1sum
70-
shasum -a 256 Docs.zip > Docs.zip.sha256sum

0 commit comments

Comments
 (0)