AspireExplorer/.github/workflows/releases.yml
dependabot[bot] a62caed6a6
Bump step-security/harden-runner from 2.13.1 to 2.13.2
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.13.1 to 2.13.2.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](f4a75cfd61...95d9a5deda)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-06 00:26:36 +00:00

46 lines
1.3 KiB
YAML

on:
push:
tags:
- "**"
name: Upload Release Asset
permissions:
contents: read
jobs:
build:
name: Upload Release Asset
runs-on: ubuntu-latest
permissions:
attestations: write
id-token: write
contents: write
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
with:
egress-policy: audit
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Get tag
id: tag
run: echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
- name: Build project
run: git archive -o /tmp/${{ github.event.repository.name }}.zip --prefix=${{ github.event.repository.name }}/ ${{ steps.tag.outputs.tag }}
- name: Create Release
id: create_release
uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
files: /tmp/${{ github.event.repository.name }}.zip
- name: Build provenance attestation
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
with:
subject-path: /tmp/${{ github.event.repository.name }}.zip