* for version 20240715.001 #57
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# brian's standard GitHub Actions release config for Perl 5 modules | |
# version 20240710.001 | |
# https://github.com/briandfoy/github_workflows | |
# https://github.com/features/actions | |
# This file is licensed under the Artistic License 2.0 | |
# | |
# This action builds a Perl distribution and adds it as a release | |
# on GitHub. This does not upload to PAUSE, but that wouldn't be | |
# that hard, but that doesn't fit with my workflow since this part | |
# happens after everything else has succeeded. | |
# | |
# This requires that you configure a repository secret named | |
# RELEASE_ACTION_TOKEN with a GitHub Personal Access Token | |
# that has "read and write" permissions on Repository/Contents | |
name: release | |
# https://github.com/actions/checkout/issues/1590 | |
env: | |
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true | |
permissions: | |
contents: write | |
id-token: write | |
attestations: write | |
on: | |
push: | |
# tag a release commit with "release-....". This workflow then runs | |
# whenever it sees that tag, and doesn't run for other commits. | |
tags: | |
- 'release-*' | |
# With workflow_dispatch, you can trigger this manually. This is | |
# especially handy when you want to re-run a job that failed because | |
# the token had expired. Update the GitHub secret and re-run on the | |
# same commit. | |
workflow_dispatch: | |
jobs: | |
perl: | |
# We need a GitHub secret, so create an Environment named "release" | |
# * Go to Settings > Environment (repo settings, not account settings) | |
# * Make an environment named "release" | |
# * Add a secret named "RELEASE_ACTION_TOKEN" with a GitHub token with repo permissions | |
# If you use a different token name, update "RELEASE_ACTION_TOKEN" in the last | |
# step in this job. | |
environment: release | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: | |
- ubuntu-20.04 | |
perl-version: | |
- 'latest' | |
container: | |
image: perl:${{ matrix.perl-version }} | |
steps: | |
- uses: actions/checkout@v3 | |
# Some older versions of Perl have trouble with hostnames in certs. I | |
# haven't figured out why. | |
- name: Setup environment | |
run: | | |
echo "PERL_LWP_SSL_VERIFY_HOSTNAME=0" >> $GITHUB_ENV | |
# I had some problems with openssl on Ubuntu, so I punted by installing | |
# cpanm first, which is easy. I can install IO::Socket::SSL with that, | |
# then switch back to cpan. I didn't explore this further, but what you | |
# see here hasn't caused problems for me. | |
# | |
# Need HTTP::Tiny 0.055 or later. Probably don't need it at all since I'm | |
# not using cpan here. | |
# | |
# Test::Manifest is there because it's a thing I do. If you are writing | |
# modules and don't know what it is, you don't need it. | |
- name: Install cpanm and multiple modules | |
run: | | |
curl -L https://cpanmin.us | perl - App::cpanminus | |
cpanm --notest IO::Socket::SSL HTTP::Tiny ExtUtils::MakeMaker Test::Manifest | |
# Install the dependencies, again not testing them. This installs the | |
# module in the current directory, so we end up installing the module, | |
# but that's not a big deal. | |
- name: Install dependencies | |
run: | | |
cpanm --notest --installdeps --with-suggests --with-recommends . | |
# This makes the distribution and tests it, but assumes by the time we | |
# got here, everything else was already tested. | |
- name: Create distro | |
run: | | |
perl Makefile.PL | |
make disttest | |
make dist 2>/dev/null | grep Created | awk '{ print "ASSET_NAME=" $2 }' >> $GITHUB_ENV | |
- name: version | |
run: | | |
perl -le '($name) = $ARGV[0] =~ m/(.*?).tar.gz/; print qq(name=$name)' *.tar.gz >> $GITHUB_OUTPUT | |
id: version | |
- name: Changes extract | |
run: | | |
perl -00 -lne 'next unless /\A\d+\.\d+(_\d+)?/; print; last' Changes > Changes-latest | |
cat Changes-latest | |
id: extract | |
# https://cli.github.com/manual/gh_attestation_verify | |
# DISTRO_FILE is the .tar.gz in the release | |
# GITHUB_ACCOUNT is the github name of the releaser | |
# gh auth login | |
# gh attestation verify DISTRO_FILE --owner GITHUB_ACCOUNT | |
- name: Generate artifact attestation | |
id: attestation | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-path: ${{ env.ASSET_NAME }} | |
- name: upload | |
uses: softprops/action-gh-release@v1 | |
with: | |
body_path: Changes-latest | |
draft: false | |
prerelease: false | |
name: ${{ steps.version.outputs.name }} | |
files: | | |
${{ env.ASSET_NAME }} | |
${{ steps.attestation.outputs.bundle-path }} | |
token: ${{ secrets.RELEASE_ACTION_TOKEN }} |