From 0790972702dd527be87bbc2cf92ec668f4adbb0b Mon Sep 17 00:00:00 2001 From: Franciszek Walkowiak Date: Fri, 20 Sep 2024 11:36:37 +0200 Subject: [PATCH 1/6] feat: generate artifact attestation --- .github/workflows/build-check-install.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build-check-install.yaml b/.github/workflows/build-check-install.yaml index edab1673..a96df8b9 100644 --- a/.github/workflows/build-check-install.yaml +++ b/.github/workflows/build-check-install.yaml @@ -808,6 +808,11 @@ jobs: ${{ env.PKGNAME }}.Rcheck/tests/testthat.Rout.fail name: check-logs-${{ env.PKGNAME }}-${{ inputs.concurrency-group }} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-path: ${{ github.event.repository.name }}/${{ inputs.package-subdirectory }}/${{ env.PKGBUILD }} + publish-junit-html-report: name: Publish JUnit HTML report ๐Ÿ“ฐ runs-on: ubuntu-latest From 3779bf72ed23e49a0bb71b6e48bdf8f70498db3a Mon Sep 17 00:00:00 2001 From: Franciszek Walkowiak Date: Fri, 20 Sep 2024 13:14:02 +0200 Subject: [PATCH 2/6] fix: update permissions --- .github/workflows/build-check-install.yaml | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-check-install.yaml b/.github/workflows/build-check-install.yaml index a96df8b9..9bf73b6b 100644 --- a/.github/workflows/build-check-install.yaml +++ b/.github/workflows/build-check-install.yaml @@ -203,6 +203,13 @@ concurrency: jobs: build-install-check: + # Token permissions + permissions: + contents: read + packages: write + id-token: write + attestations: write + strategy: fail-fast: false matrix: @@ -456,6 +463,12 @@ jobs: R CMD build ${{ github.event.repository.name }}/${{ inputs.package-subdirectory }} shell: bash + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-path: ${{ github.event.repository.name }}/${{ inputs.package-subdirectory }}/${{ env.PKGBUILD }} + github-token: ${{ steps.github-token.outputs.token }} + - name: Run R CMD check ๐Ÿ run: | if [ "${{ inputs.skip-r-cmd-check }}" == "true" ] @@ -808,11 +821,6 @@ jobs: ${{ env.PKGNAME }}.Rcheck/tests/testthat.Rout.fail name: check-logs-${{ env.PKGNAME }}-${{ inputs.concurrency-group }} - - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 - with: - subject-path: ${{ github.event.repository.name }}/${{ inputs.package-subdirectory }}/${{ env.PKGBUILD }} - publish-junit-html-report: name: Publish JUnit HTML report ๐Ÿ“ฐ runs-on: ubuntu-latest From 2d270725b1324f9b9454aca48898d3d648eb4013 Mon Sep 17 00:00:00 2001 From: Franciszek Walkowiak Date: Fri, 20 Sep 2024 15:38:56 +0200 Subject: [PATCH 3/6] fix: token permissions --- .github/workflows/build-check-install.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/build-check-install.yaml b/.github/workflows/build-check-install.yaml index 9bf73b6b..fff48f5f 100644 --- a/.github/workflows/build-check-install.yaml +++ b/.github/workflows/build-check-install.yaml @@ -203,13 +203,6 @@ concurrency: jobs: build-install-check: - # Token permissions - permissions: - contents: read - packages: write - id-token: write - attestations: write - strategy: fail-fast: false matrix: From 754110d702922e34833f3a217431dbda49b5bc82 Mon Sep 17 00:00:00 2001 From: Franciszek Walkowiak Date: Fri, 20 Sep 2024 15:51:22 +0200 Subject: [PATCH 4/6] fix: built package path --- .github/workflows/build-check-install.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-check-install.yaml b/.github/workflows/build-check-install.yaml index fff48f5f..11c22671 100644 --- a/.github/workflows/build-check-install.yaml +++ b/.github/workflows/build-check-install.yaml @@ -454,12 +454,13 @@ jobs: } fi R CMD build ${{ github.event.repository.name }}/${{ inputs.package-subdirectory }} + cp ${{ github.event.repository.name }}/${{ inputs.package-subdirectory }}/${{ env.PKGBUILD }} . shell: bash - name: Generate artifact attestation uses: actions/attest-build-provenance@v1 with: - subject-path: ${{ github.event.repository.name }}/${{ inputs.package-subdirectory }}/${{ env.PKGBUILD }} + subject-path: ${{ env.PKGBUILD }} github-token: ${{ steps.github-token.outputs.token }} - name: Run R CMD check ๐Ÿ From 809084b0d9e73d66c30a818118f4ea0aad2dd2ae Mon Sep 17 00:00:00 2001 From: Franciszek Walkowiak Date: Fri, 20 Sep 2024 16:45:30 +0200 Subject: [PATCH 5/6] chore: debug package location --- .github/workflows/build-check-install.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-check-install.yaml b/.github/workflows/build-check-install.yaml index 11c22671..39c72518 100644 --- a/.github/workflows/build-check-install.yaml +++ b/.github/workflows/build-check-install.yaml @@ -454,7 +454,7 @@ jobs: } fi R CMD build ${{ github.event.repository.name }}/${{ inputs.package-subdirectory }} - cp ${{ github.event.repository.name }}/${{ inputs.package-subdirectory }}/${{ env.PKGBUILD }} . + ls -la shell: bash - name: Generate artifact attestation From b544b0f68577383539829c61862c607233c477a9 Mon Sep 17 00:00:00 2001 From: Franciszek Walkowiak Date: Fri, 20 Sep 2024 18:14:38 +0200 Subject: [PATCH 6/6] chore: upload package build --- .github/workflows/build-check-install.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/build-check-install.yaml b/.github/workflows/build-check-install.yaml index 39c72518..704cace9 100644 --- a/.github/workflows/build-check-install.yaml +++ b/.github/workflows/build-check-install.yaml @@ -463,6 +463,13 @@ jobs: subject-path: ${{ env.PKGBUILD }} github-token: ${{ steps.github-token.outputs.token }} + - name: Upload package build โคด + uses: actions/upload-artifact@v4 + with: + path: ${{ env.PKGBUILD }} + name: ${{ env.PKGBUILD }} + overwrite: true + - name: Run R CMD check ๐Ÿ run: | if [ "${{ inputs.skip-r-cmd-check }}" == "true" ]