Fix issue where auth token didn't rotate as expected (#5) #83

Summary
Jobs
- release
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/publish_release.yml at e110c68

	# This workflow will build a .NET project
	# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-net

	name: Publish Release

	on:
	push:
	tags:
	- v*
	workflow_dispatch:
	inputs:
	draft:
	description: 'Draft release?'
	required: true
	default: 'false'
	version:
	description: 'Version'
	required: false
	default: 'v'

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: ${{ github.repository }}

	jobs:
	release:

	runs-on: ubuntu-latest

	permissions:
	id-token: write
	contents: write
	packages: write
	attestations: write

	steps:
	- uses: actions/checkout@v4
	- name: Setup .NET
	uses: actions/setup-dotnet@v4
	with:
	dotnet-version: 9.x
	- name: Build and Test
	run: dotnet test --verbosity normal
	- name: Generate Semantic Version
	id: generate_semver
	if: ${{ inputs.version == 'v' && github.event_name == 'workflow_dispatch' }}
	uses: zwaldowski/semver-release-action@v4
	with:
	github_token: ${{ github.token }}
	bump: patch
	prefix: v
	dry_run: true
	- name: Set version
	id: set_version
	run: \|
	VERSION_TAG=${{ (inputs.version != 'v' && inputs.version) \|\| steps.generate_semver.outputs.version_tag \|\| github.ref_name }}
	VERSION=${VERSION_TAG//v/}
	echo "version=$VERSION" >> $GITHUB_OUTPUT
	echo "version_tag=$VERSION_TAG" >> $GITHUB_OUTPUT

	# Binaries
	- name: Publish Windows
	run: dotnet publish -r win-x64 /p:Version=${{ steps.set_version.outputs.version }} -o ./publish/win-x64 ./src
	- name: Publish Linux
	run: dotnet publish -r linux-x64 /p:Version=${{ steps.set_version.outputs.version }} -o ./publish/linux-x64 ./src
	- name: Publish OSX-x64
	run: dotnet publish -r osx-x64 /p:Version=${{ steps.set_version.outputs.version }} -o ./publish/osx-x64 ./src
	- name: Publish OSX-ARM
	run: dotnet publish -r osx-arm64 /p:Version=${{ steps.set_version.outputs.version }} -o ./publish/osx-arm64 ./src
	- name: Generate artifact attestation
	uses: actions/attest-build-provenance@v1
	with:
	subject-path: './publish/**'
	- name: Zip Artifacts
	run: \|
	mkdir -p ./release
	zip -r ./release/win-x64.zip ./publish/win-x64
	tar -czvf ./release/linux-x64.tar.gz ./publish/linux-x64
	tar -czvf ./release/osx-x64.tar.gz ./publish/osx-x64
	tar -czvf ./release/osx-arm64.tar.gz ./publish/osx-arm64
	- name: Generate ZIP attestation
	uses: actions/attest-build-provenance@v1
	with:
	subject-path: './release/*'

	# Docker
	- name: Set up Docker Buildx
	uses: docker/[email protected]
	- name: Docker Login
	uses: docker/[email protected]
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ github.token }}
	- name: Extract metadata (tags, labels) for Docker
	id: meta
	uses: docker/[email protected]
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	tags: \|
	${{ !contains(steps.set_version.outputs.version_tag, '-') && 'latest' \|\| '' }}
	${{ steps.set_version.outputs.version_tag }}
	${{ (github.ref_type == 'branch' && github.ref_name) \|\| ''}}
	- name: Build Docker image
	id: push
	uses: docker/[email protected]
	with:
	context: .
	push: true
	platforms: linux/amd64,linux/arm64
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	- name: Generate image artifact attestation
	uses: actions/attest-build-provenance@v1
	with:
	subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	subject-digest: ${{ steps.push.outputs.digest }}
	push-to-registry: true
	- name: Install cosign
	uses: sigstore/[email protected]
	with:
	cosign-release: 'v2.2.4'
	- name: Sign the published Docker image
	env:
	TAGS: ${{ steps.meta.outputs.tags }}
	DIGEST: ${{ steps.push.outputs.digest }}
	run: echo "${TAGS}" \| xargs -I {} cosign sign --yes {}@${DIGEST}

	# Release
	- id: dockertag
	run: echo "tag=$(echo "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.set_version.outputs.version_tag }}" \| tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
	- name: Create GitHub Release
	uses: ncipollo/[email protected]
	with:
	artifacts: ./release/*
	token: ${{ github.token }}
	tag: ${{ steps.set_version.outputs.version_tag }}
	commit: ${{ github.sha }}
	generateReleaseNotes: true
	body: \|
	## Release ${{ steps.set_version.outputs.version_tag }}

	#### Docker image:
	```
	${{ steps.dockertag.outputs.tag }}
	```
	draft: ${{ inputs.draft }}
	prerelease: ${{ contains(steps.set_version.outputs.version_tag, '-') }}
	allowUpdates: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix issue where auth token didn't rotate as expected (#5) #83

Workflow file

Fix issue where auth token didn't rotate as expected (#5) #83

Jobs

Run details

Workflow file for this run