Stabilize FLAC temp coverage #5
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: false | |
| permissions: | |
| contents: read | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 25 | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| artifact-metadata: write | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Java | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| cache: maven | |
| - name: Build and verify | |
| env: | |
| JAVA_TOOL_OPTIONS: -Djava.awt.headless=true | |
| run: bash ./mvnw -q verify | |
| - name: Generate checksums | |
| run: | | |
| : > target/checksums.txt | |
| for artifact in target/javasoundrecorder-*-all.jar target/javasoundrecorder-*-sbom.json target/javasoundrecorder-*-sbom.xml; do | |
| [ -e "$artifact" ] || continue | |
| sha256sum "$artifact" | sed 's# target/# #' >> target/checksums.txt | |
| done | |
| cat target/checksums.txt | |
| - name: Verify SBOM | |
| run: | | |
| if ! compgen -G "target/javasoundrecorder-*-sbom.json" > /dev/null && ! compgen -G "target/javasoundrecorder-*-sbom.xml" > /dev/null; then | |
| echo "SBOM not generated." | |
| exit 1 | |
| fi | |
| - name: Resolve release artifact paths | |
| id: artifacts | |
| run: | | |
| jar="$(find target -maxdepth 1 -type f -name 'javasoundrecorder-*-all.jar' -print -quit)" | |
| sbom_json="$(find target -maxdepth 1 -type f -name 'javasoundrecorder-*-sbom.json' -print -quit)" | |
| if [ -z "$jar" ] || [ -z "$sbom_json" ]; then | |
| echo "Required release artifact not found." | |
| exit 1 | |
| fi | |
| echo "jar=$jar" >> "$GITHUB_OUTPUT" | |
| echo "sbom_json=$sbom_json" >> "$GITHUB_OUTPUT" | |
| - name: Generate provenance attestations | |
| uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0 | |
| with: | |
| subject-checksums: target/checksums.txt | |
| - name: Generate SBOM attestation | |
| uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0 | |
| with: | |
| subject-path: ${{ steps.artifacts.outputs.jar }} | |
| sbom-path: ${{ steps.artifacts.outputs.sbom_json }} | |
| - name: Upload release artifact | |
| uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3 | |
| with: | |
| files: | | |
| target/javasoundrecorder-*-all.jar | |
| target/javasoundrecorder-*-sbom.json | |
| target/javasoundrecorder-*-sbom.xml | |
| target/checksums.txt | |
| draft: false | |
| prerelease: false |