|
| 1 | +name: Build-self-hosted (on release) |
| 2 | + |
| 3 | +on: |
| 4 | + release: |
| 5 | + types: [published] |
| 6 | + |
| 7 | +permissions: |
| 8 | + contents: write |
| 9 | + id-token: write |
| 10 | + attestations: write |
| 11 | + |
| 12 | +jobs: |
| 13 | + build: |
| 14 | + runs-on: [self-hosted, Windows, Office] |
| 15 | + |
| 16 | + steps: |
| 17 | + - name: "Checkout code for release tag" |
| 18 | + uses: actions/checkout@v4 |
| 19 | + with: |
| 20 | + ref: ${{ github.event.release.tag_name }} |
| 21 | + |
| 22 | + - name: "Build Access file (accdb/accde)" |
| 23 | + id: build_access_file |
| 24 | + uses: AccessCodeLib/msaccess-vcs-build@main |
| 25 | + with: |
| 26 | + source-dir: "./source" |
| 27 | + target-dir: "bin" |
| 28 | + vcs-url: "https://api.github.com/repos/josef-poetzl/msaccess-vcs-addin/releases/tags/v4.1.2-build" |
| 29 | + timeout-minutes: 10 |
| 30 | + |
| 31 | + - name: "Create versioned ZIP file" |
| 32 | + run: | |
| 33 | + $zipName = "ACLibDeclarationDict_${{ github.event.release.tag_name }}.zip" |
| 34 | + Compress-Archive -Path .\bin\* -DestinationPath $zipName |
| 35 | + echo "ZIP_NAME=$zipName" | Out-File -FilePath $env:GITHUB_ENV -Append |
| 36 | +
|
| 37 | + - name: "Upload ZIP to GitHub Release" |
| 38 | + uses: softprops/action-gh-release@v1 |
| 39 | + with: |
| 40 | + files: ${{ env.ZIP_NAME }} |
| 41 | + env: |
| 42 | + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 43 | + |
| 44 | + - name: "Calculate SHA256 of ZIP" |
| 45 | + id: hash |
| 46 | + shell: pwsh |
| 47 | + run: | |
| 48 | + $zipName = "${{ env.ZIP_NAME }}" |
| 49 | + $hash = Get-FileHash -Algorithm SHA256 -Path $zipName |
| 50 | + $digest = "sha256:$($hash.Hash.ToLower())" |
| 51 | + echo "ZIP_DIGEST=$digest" | Out-File -FilePath $env:GITHUB_ENV -Append |
| 52 | + echo "digest=$digest" >> $env:GITHUB_OUTPUT |
| 53 | +
|
| 54 | + - name: "Attestation" |
| 55 | + uses: actions/attest-build-provenance@v2 |
| 56 | + id: attestation |
| 57 | + with: |
| 58 | + subject-name: "${{ env.ZIP_NAME }}" |
| 59 | + subject-digest: "${{ steps.hash.outputs.digest }}" |
| 60 | + |
| 61 | + - name: "Update release description with attestation URL" |
| 62 | + shell: pwsh |
| 63 | + env: |
| 64 | + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 65 | + REPO: ${{ github.repository }} |
| 66 | + TAG: ${{ github.event.release.tag_name }} |
| 67 | + run: | |
| 68 | + $ErrorActionPreference = "Stop" |
| 69 | +
|
| 70 | + # Alte Release Notes abrufen |
| 71 | + $oldBody = gh release view $env:TAG --repo $env:REPO --json body --template "{{.body}}" |
| 72 | +
|
| 73 | + # Attestation-URL zusammenbauen |
| 74 | + $attestationId = "${{ steps.attestation.outputs.attestation-id }}" |
| 75 | + $attestationUrl = "https://github.com/$($env:REPO)/attestations/$attestationId" |
| 76 | +
|
| 77 | + # Neue Release Notes mit Attestation-Link |
| 78 | + $newBody = "$oldBody`n`nAttestation: $attestationUrl" |
| 79 | +
|
| 80 | + # Aktualisieren der Release Notes |
| 81 | + gh release edit $env:TAG --repo $env:REPO --notes "$newBody" |
| 82 | +
|
| 83 | + |
0 commit comments