Skip to content

* for version 20240910.001 #64

* for version 20240910.001

* for version 20240910.001 #64

Workflow file for this run

# brian's standard GitHub Actions release config for Perl 5 modules
# version 20240825.001
# https://github.com/briandfoy/github_workflows
# https://github.com/features/actions
# This file is licensed under the Artistic License 2.0
#
# This action builds a Perl distribution and adds it as a release
# on GitHub. This does not upload to PAUSE, but that wouldn't be
# that hard, but that doesn't fit with my workflow since this part
# happens after everything else has succeeded.
#
# This requires that you configure a repository secret named
# RELEASE_ACTION_TOKEN with a GitHub Personal Access Token
# that has "read and write" permissions on Repository/Contents
---
name: release
# https://github.com/actions/checkout/issues/1590
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
permissions:
contents: write
id-token: write
attestations: write
on:
push:
# tag a release commit with "release-....". This workflow then runs
# whenever it sees that tag, and doesn't run for other commits.
tags:
- 'release-*'
# With workflow_dispatch, you can trigger this manually. This is
# especially handy when you want to re-run a job that failed because
# the token had expired. Update the GitHub secret and re-run on the
# same commit.
workflow_dispatch:
jobs:
perl:
# We need a GitHub secret, so create an Environment named "release"
# * Go to Settings > Environment (repo settings, not account settings)
# * Make an environment named "release"
# * Add a secret named "RELEASE_ACTION_TOKEN" with a GitHub token with repo permissions
# If you use a different token name, update "RELEASE_ACTION_TOKEN" in the last
# step in this job.
environment: release
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- ubuntu-20.04
perl-version:
- 'latest'
container:
image: perl:${{ matrix.perl-version }}
steps:
- uses: actions/checkout@v3
# Some older versions of Perl have trouble with hostnames in certs. I
# haven't figured out why.
- name: Setup environment
run: |
echo "PERL_LWP_SSL_VERIFY_HOSTNAME=0" >> $GITHUB_ENV
# I had some problems with openssl on Ubuntu, so I punted by installing
# cpanm first, which is easy. I can install IO::Socket::SSL with that,
# then switch back to cpan. I didn't explore this further, but what you
# see here hasn't caused problems for me.
#
# Need HTTP::Tiny 0.055 or later. Probably don't need it at all since I'm
# not using cpan here.
#
# Test::Manifest is there because it's a thing I do. If you are writing
# modules and don't know what it is, you don't need it.
- name: Install cpanm and multiple modules
run: |
curl -L https://cpanmin.us | perl - App::cpanminus
cpanm --notest IO::Socket::SSL HTTP::Tiny ExtUtils::MakeMaker Test::Manifest
# Install the dependencies, again not testing them. This installs the
# module in the current directory, so we end up installing the module,
# but that's not a big deal.
- name: Install dependencies
run: |
cpanm --notest --installdeps --with-suggests --with-recommends .
# This makes the distribution and tests it, but assumes by the time we
# got here, everything else was already tested.
- name: Create distro
run: |
perl Makefile.PL
make disttest
make dist 2>/dev/null | grep Created | awk '{ print "ASSET_NAME=" $2 }' >> $GITHUB_ENV
- name: version
run: |
perl -le '($name) = $ARGV[0] =~ m/(.*?).tar.gz/; print qq(name=$name)' *.tar.gz >> $GITHUB_OUTPUT
id: version
- name: Changes extract
run: |
perl -00 -lne 'next unless /\A\d+\.\d+(_\d+)?/; print s/^\h+([*-])/$1/grm; last' Changes > Changes-latest
cat Changes-latest
id: extract
# https://cli.github.com/manual/gh_attestation_verify
# DISTRO_FILE is the .tar.gz in the release
# GITHUB_ACCOUNT is the github name of the releaser
# gh auth login
# gh attestation verify DISTRO_FILE --owner GITHUB_ACCOUNT
- name: Generate artifact attestation
id: attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: ${{ env.ASSET_NAME }}
- name: upload
uses: softprops/action-gh-release@v1
with:
body_path: Changes-latest
draft: false
prerelease: false
name: ${{ steps.version.outputs.name }}
files: |
${{ env.ASSET_NAME }}
${{ steps.attestation.outputs.bundle-path }}
token: ${{ secrets.RELEASE_ACTION_TOKEN }}