mirror of
https://github.com/electron/electron.git
synced 2026-04-10 03:01:51 -04:00
a28ca7e03a
* build: generate artifact attestions for released assets Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com> * chore: address review feedback Co-authored-by: John Kleinschmidt <kleinschmidtorama@gmail.com> * build: fixup attestation for release assets (#49732) * build: fixup attestation for release assets * Generate artifact attestation for generated artifacts * set id-token for attestation * Add artifact-metadata permission for attestation * add permissions for testing attestations * Revert "add permissions for testing attestations" This reverts commit0284bed175. * Revert "set id-token for attestation" This reverts commit69a1b13a18. * Revert "Generate artifact attestation for generated artifacts" This reverts commitee0536eceb. * chore: update publish workflow --------- Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com> Co-authored-by: John Kleinschmidt <kleinschmidtorama@gmail.com> Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
128 lines
3.5 KiB
YAML
128 lines
3.5 KiB
YAML
name: Publish MacOS
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
build-image-sha:
|
|
type: string
|
|
description: 'SHA for electron/build image'
|
|
default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
|
|
required: true
|
|
upload-to-storage:
|
|
description: 'Uploads to Azure storage'
|
|
required: false
|
|
default: '1'
|
|
type: string
|
|
run-macos-publish:
|
|
description: 'Run the publish jobs vs just the build jobs'
|
|
type: boolean
|
|
default: false
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
checkout-macos:
|
|
runs-on: electron-arc-centralus-linux-amd64-32core
|
|
permissions:
|
|
contents: read
|
|
container:
|
|
image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
|
|
options: --user root
|
|
volumes:
|
|
- /mnt/cross-instance-cache:/mnt/cross-instance-cache
|
|
- /var/run/sas:/var/run/sas
|
|
env:
|
|
CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
|
|
GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
|
|
steps:
|
|
- name: Checkout Electron
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
|
|
with:
|
|
path: src/electron
|
|
fetch-depth: 0
|
|
- name: Checkout & Sync & Save
|
|
uses: ./src/electron/.github/actions/checkout
|
|
with:
|
|
generate-sas-token: 'true'
|
|
target-platform: macos
|
|
|
|
publish-x64-darwin:
|
|
uses: ./.github/workflows/pipeline-segment-electron-publish.yml
|
|
permissions:
|
|
artifact-metadata: write
|
|
attestations: write
|
|
contents: read
|
|
id-token: write
|
|
needs: checkout-macos
|
|
with:
|
|
environment: production-release
|
|
build-runs-on: macos-15-xlarge
|
|
target-platform: macos
|
|
target-arch: x64
|
|
target-variant: darwin
|
|
is-release: true
|
|
gn-build-type: release
|
|
generate-symbols: true
|
|
upload-to-storage: ${{ inputs.upload-to-storage }}
|
|
secrets: inherit
|
|
|
|
publish-x64-mas:
|
|
uses: ./.github/workflows/pipeline-segment-electron-publish.yml
|
|
permissions:
|
|
artifact-metadata: write
|
|
attestations: write
|
|
contents: read
|
|
id-token: write
|
|
needs: checkout-macos
|
|
with:
|
|
environment: production-release
|
|
build-runs-on: macos-15-xlarge
|
|
target-platform: macos
|
|
target-arch: x64
|
|
target-variant: mas
|
|
is-release: true
|
|
gn-build-type: release
|
|
generate-symbols: true
|
|
upload-to-storage: ${{ inputs.upload-to-storage }}
|
|
secrets: inherit
|
|
|
|
publish-arm64-darwin:
|
|
uses: ./.github/workflows/pipeline-segment-electron-publish.yml
|
|
permissions:
|
|
artifact-metadata: write
|
|
attestations: write
|
|
contents: read
|
|
id-token: write
|
|
needs: checkout-macos
|
|
with:
|
|
environment: production-release
|
|
build-runs-on: macos-15-xlarge
|
|
target-platform: macos
|
|
target-arch: arm64
|
|
target-variant: darwin
|
|
is-release: true
|
|
gn-build-type: release
|
|
generate-symbols: true
|
|
upload-to-storage: ${{ inputs.upload-to-storage }}
|
|
secrets: inherit
|
|
|
|
publish-arm64-mas:
|
|
uses: ./.github/workflows/pipeline-segment-electron-publish.yml
|
|
permissions:
|
|
artifact-metadata: write
|
|
attestations: write
|
|
contents: read
|
|
id-token: write
|
|
needs: checkout-macos
|
|
with:
|
|
environment: production-release
|
|
build-runs-on: macos-15-xlarge
|
|
target-platform: macos
|
|
target-arch: arm64
|
|
target-variant: mas
|
|
is-release: true
|
|
gn-build-type: release
|
|
generate-symbols: true
|
|
upload-to-storage: ${{ inputs.upload-to-storage }}
|
|
secrets: inherit
|