AspireExplorer/.github/workflows/releases.yml
dependabot[bot] 1c40a07676
Bump step-security/harden-runner from 2.13.2 to 2.14.1
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.13.2 to 2.14.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](95d9a5deda...e3f713f2d8)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-27 01:14:41 +00:00

46 lines
1.3 KiB
YAML

on:
push:
tags:
- "**"
name: Upload Release Asset
permissions:
contents: read
jobs:
build:
name: Upload Release Asset
runs-on: ubuntu-latest
permissions:
attestations: write
id-token: write
contents: write
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
with:
egress-policy: audit
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Get tag
id: tag
run: echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
- name: Build project
run: git archive -o /tmp/${{ github.event.repository.name }}.zip --prefix=${{ github.event.repository.name }}/ ${{ steps.tag.outputs.tag }}
- name: Create Release
id: create_release
uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
files: /tmp/${{ github.event.repository.name }}.zip
- name: Build provenance attestation
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
with:
subject-path: /tmp/${{ github.event.repository.name }}.zip