Skip to content

Commit

Permalink
Add Attest Build Provenance step
Browse files Browse the repository at this point in the history
Addresses part of #3128

---------

Co-authored-by: Marc Philipp <[email protected]>
  • Loading branch information
sormuras and marcphilipp authored Jun 6, 2024
1 parent 6070e90 commit eae4b1d
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 1 deletion.
10 changes: 9 additions & 1 deletion .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,8 @@ jobs:
-Ptesting.enableJaCoCo \
build \
jacocoRootReport \
prepareDocsForUploadToGhPages
prepareDocsForUploadToGhPages \
prepareGitHubAttestation
- name: Upload to Codecov.io
uses: codecov/codecov-action@v4
with:
Expand Down Expand Up @@ -71,6 +72,9 @@ jobs:
name: Publish Snapshot Artifacts
needs: linux
runs-on: ubuntu-latest
permissions:
attestations: write # required for build provenance attestation
id-token: write # required for build provenance attestation
if: github.event_name == 'push' && github.repository == 'junit-team/junit5' && (startsWith(github.ref, 'refs/heads/releases/') || github.ref == 'refs/heads/main')
steps:
- name: Check out repository
Expand All @@ -84,6 +88,10 @@ jobs:
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }}
with:
arguments: publish -x check
- name: Generate build provenance attestations
uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0
with:
subject-path: documentation/build/attestation/*.jar

update_documentation:
name: Update Snapshot Documentation
Expand Down
15 changes: 15 additions & 0 deletions documentation/documentation.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ plugins {
id("junitbuild.testing-conventions")
}

val mavenizedProjects: List<Project> by rootProject
val modularProjects: List<Project> by rootProject

// Because we need to set up Javadoc aggregation
Expand All @@ -35,6 +36,11 @@ val standaloneConsoleLauncher = configurations.dependencyScope("standaloneConsol
val standaloneConsoleLauncherClasspath = configurations.resolvable("standaloneConsoleLauncherClasspath") {
extendsFrom(standaloneConsoleLauncher.get())
}
val attestation = configurations.dependencyScope("attestation")
val attestationClasspath = configurations.resolvable("attestationClasspath") {
extendsFrom(attestation.get())
isTransitive = false
}

val tools by sourceSets.creating
val toolsImplementation by configurations.getting
Expand All @@ -48,6 +54,10 @@ dependencies {
// in reports generated by the ApiReportGenerator.
modularProjects.forEach { apiReport(it) }

// Pull in all "mavenized projects" to ensure that they are included
// in the generation of build provenance attestation.
mavenizedProjects.forEach { attestation(it) }

testImplementation(projects.junitJupiterMigrationsupport)
testImplementation(projects.junitPlatformConsole)
testImplementation(projects.junitPlatformRunner)
Expand Down Expand Up @@ -502,6 +512,11 @@ tasks {
gitPublishCommit {
dependsOn(configureGitAuthor)
}

val prepareGitHubAttestation by registering(Sync::class) {
from(attestationClasspath)
into(layout.buildDirectory.dir("attestation"))
}
}

eclipse {
Expand Down

0 comments on commit eae4b1d

Please sign in to comment.