mirror of
https://github.com/arsvendg/Stirling-PDF.git
synced 2026-07-14 10:34:06 +02:00
f337c8485e
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.9.2 to 3.10.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v3.10.0</h2> <h2>What's Changed</h2> <ul> <li>Bump default Cosign to v2.6.0 in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/200">sigstore/cosign-installer#200</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0">https://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign-installer/commit/d7543c93d881b35a8faa02e8e3605f69b7a1ce62"><code>d7543c9</code></a> Bump default Cosign to v2.6.0 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/200">#200</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/920f20f8c1514a0b54f0557e19ff74bfeb5f413d"><code>920f20f</code></a> Bump actions/setup-go from 5.5.0 to 6.0.0 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/199">#199</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/bb9dfc10d272e67bed086b504aaf14f8fe455b05"><code>bb9dfc1</code></a> Bump actions/github-script from 7.0.1 to 8.0.0 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/198">#198</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/074636bf86584fb361059563d092a9cfb6560f80"><code>074636b</code></a> Bump actions/checkout from 4.2.2 to 5.0.0 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/197">#197</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/d58896d6a1865668819e1d91763c7751a165e159...d7543c93d881b35a8faa02e8e3605f69b7a1ce62">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
181 lines
6.0 KiB
YAML
181 lines
6.0 KiB
YAML
name: Release Artifacts
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
release:
|
|
types: [created]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
disable_security: [true, false]
|
|
include:
|
|
- disable_security: false
|
|
file_suffix: "-with-login"
|
|
- disable_security: true
|
|
file_suffix: ""
|
|
outputs:
|
|
version: ${{ steps.versionNumber.outputs.versionNumber }}
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
|
|
- name: Set up JDK 17
|
|
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
|
|
with:
|
|
java-version: "17"
|
|
distribution: "temurin"
|
|
|
|
- uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
|
|
with:
|
|
gradle-version: 8.14
|
|
|
|
- name: Generate jar (Disable Security=${{ matrix.disable_security }})
|
|
run: ./gradlew clean createExe
|
|
env:
|
|
DISABLE_ADDITIONAL_FEATURES: ${{ matrix.disable_security }}
|
|
STIRLING_PDF_DESKTOP_UI: false
|
|
|
|
- name: Get version number
|
|
id: versionNumber
|
|
run: |
|
|
VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}')
|
|
echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT
|
|
|
|
- name: Rename binaries
|
|
run: |
|
|
mv ./build/launch4j/Stirling-PDF.exe ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
|
|
mv ./build/libs/Stirling-PDF-${{ steps.versionNumber.outputs.versionNumber }}.jar ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.jar
|
|
|
|
- name: Debug build artifacts
|
|
run: |
|
|
echo "Current Directory: $(pwd)"
|
|
ls -R ./build/libs
|
|
ls -R ./build/launch4j
|
|
|
|
- name: Upload build artifacts
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: binaries${{ matrix.file_suffix }}
|
|
path: |
|
|
./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.*
|
|
./build/libs/Stirling-PDF${{ matrix.file_suffix }}.*
|
|
|
|
sign_verify:
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
disable_security: [true, false]
|
|
include:
|
|
- disable_security: false
|
|
file_suffix: "-with-login"
|
|
- disable_security: true
|
|
file_suffix: ""
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Download build artifacts
|
|
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
|
with:
|
|
name: binaries${{ matrix.file_suffix }}
|
|
- name: Display structure of downloaded files
|
|
run: ls -R
|
|
|
|
- name: Install Cosign
|
|
uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
|
|
|
|
- name: Generate key pair
|
|
run: cosign generate-key-pair
|
|
|
|
- name: Sign and generate attestations
|
|
run: |
|
|
cosign sign-blob \
|
|
--key ./cosign.key \
|
|
--yes \
|
|
--output-signature ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar.sig \
|
|
./libs/Stirling-PDF${{ matrix.file_suffix }}.jar
|
|
|
|
cosign attest-blob \
|
|
--predicate - \
|
|
--key ./cosign.key \
|
|
--yes \
|
|
--output-attestation ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar.intoto.jsonl \
|
|
./libs/Stirling-PDF${{ matrix.file_suffix }}.jar
|
|
|
|
cosign verify-blob \
|
|
--key ./cosign.pub \
|
|
--signature ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar.sig \
|
|
./libs/Stirling-PDF${{ matrix.file_suffix }}.jar
|
|
|
|
cosign sign-blob \
|
|
--key ./cosign.key \
|
|
--yes \
|
|
--output-signature ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe.sig \
|
|
./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
|
|
|
|
cosign attest-blob \
|
|
--predicate - \
|
|
--key ./cosign.key \
|
|
--yes \
|
|
--output-attestation ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe.intoto.jsonl \
|
|
./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
|
|
|
|
cosign verify-blob \
|
|
--key ./cosign.pub \
|
|
--signature ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe.sig \
|
|
./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
|
|
|
|
- name: Upload signed artifacts
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: signed${{ matrix.file_suffix }}
|
|
path: |
|
|
./libs/Stirling-PDF${{ matrix.file_suffix }}.*
|
|
./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.*
|
|
|
|
release:
|
|
needs: [build, sign_verify]
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
strategy:
|
|
matrix:
|
|
disable_security: [true, false]
|
|
include:
|
|
- disable_security: false
|
|
file_suffix: "-with-login"
|
|
- disable_security: true
|
|
file_suffix: ""
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Download signed artifacts
|
|
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
|
with:
|
|
name: signed${{ matrix.file_suffix }}
|
|
|
|
- name: Upload binaries, attestations and signatures to Release and create GitHub Release
|
|
uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3
|
|
with:
|
|
tag_name: v${{ needs.build.outputs.version }}
|
|
generate_release_notes: true
|
|
files: |
|
|
./libs/Stirling-PDF*
|
|
./launch4j/Stirling-PDF-Server*
|