From 8e020f641629b25d8376cf8fc6e46eeb75a5b080 Mon Sep 17 00:00:00 2001 From: taskylizard <75871323+taskylizard@users.noreply.github.com> Date: Tue, 26 Nov 2024 07:13:08 +0000 Subject: [PATCH] chore: enable more dist settings --- .github/workflows/release.yml | 6 ++++++ dist-workspace.toml | 10 +++------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0e9bca8..c72faf5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,7 +15,9 @@ name: Release permissions: + "attestations": "write" "contents": "write" + "id-token": "write" # This task will run whenever you push a git tag that looks like a version # like "1.0.0", "v0.1.0-prerelease.1", "my-app/0.1.0", "releases/v1.0.0", etc. @@ -134,6 +136,10 @@ jobs: # Actually do builds and make zips and whatnot dist build ${{ needs.plan.outputs.tag-flag }} --print=linkage --output-format=json ${{ matrix.dist_args }} > dist-manifest.json echo "dist ran successfully" + - name: Attest + uses: actions/attest-build-provenance@v1 + with: + subject-path: "target/distrib/*${{ join(matrix.targets, ', ') }}*" - id: cargo-dist name: Post-build # We force bash here just because github makes it really hard to get values up diff --git a/dist-workspace.toml b/dist-workspace.toml index 829c378..00a4e9b 100644 --- a/dist-workspace.toml +++ b/dist-workspace.toml @@ -10,14 +10,10 @@ ci = "github" # The installers to generate for each app installers = ["shell", "powershell", "npm"] # Target platforms to build apps for (Rust target-triple syntax) -targets = [ - "aarch64-apple-darwin", - "x86_64-apple-darwin", - "x86_64-unknown-linux-gnu", - "x86_64-unknown-linux-musl", - "x86_64-pc-windows-msvc", -] +targets = ["aarch64-apple-darwin", "x86_64-apple-darwin", "x86_64-unknown-linux-gnu", "x86_64-unknown-linux-musl", "x86_64-pc-windows-msvc"] # Path that installers should place binaries in install-path = "CARGO_HOME" # Whether to install an updater program install-updater = true +# Whether to enable GitHub Attestations +github-attestations = true