ci: Attest release artifacts (#4816)

Co-authored-by: oSumAtrIX <johan.melkonyan1@web.de>
2025-05-24 18:42:12 +02:00 · 2025-05-22 19:56:33 +07:00 · 2025-05-22 19:56:33 +07:00 · 48b2e081ad
commit 48b2e081ad
parent 6ce739b0d0
3 changed files with 23 additions and 16 deletions
--- a/.github/workflows/build_pull_request.yml
+++ b/.github/workflows/build_pull_request.yml
@ -19,11 +19,11 @@ jobs:
      - name: Setup Java
        uses: actions/setup-java@v4
        with:
-          distribution: "temurin"
+          distribution: 'temurin'
-          java-version: "17"
+          java-version: '17'
      - name: Cache Gradle
-        uses: burrunan/gradle-cache-action@v1
+        uses: burrunan/gradle-cache-action@v3
      - name: Build
        env:
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -13,24 +13,23 @@ jobs:
    permissions:
      contents: write
      packages: write
      id-token: write
      attestations: write
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          # Make sure the release step uses its own credentials:
          # https://github.com/cycjimmy/semantic-release-action#private-packages
          persist-credentials: false
          fetch-depth: 0
      - name: Setup Java
        uses: actions/setup-java@v4
        with:
-          distribution: "temurin"
+          distribution: 'temurin'
-          java-version: "17"
+          java-version: '17'
      - name: Cache Gradle
-        uses: burrunan/gradle-cache-action@v1
+        uses: burrunan/gradle-cache-action@v3
      - name: Build
        env:
@ -40,7 +39,7 @@ jobs:
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
-          node-version: "lts/*"
+          node-version: 'lts/*'
          cache: 'npm'
      - name: Install dependencies
@ -54,6 +53,14 @@ jobs:
          fingerprint: ${{ vars.GPG_FINGERPRINT }}
      - name: Release
        uses: cycjimmy/semantic-release-action@v4
        id: release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: npm exec semantic-release
+
      - name: Attest
        if: steps.release.outputs.new_release_published == 'true'
        uses: actions/attest-build-provenance@v2
        with:
          subject-name: 'ReVanced Patches ${{ steps.release.outputs.new_release_git_tag }}'
          subject-path: patches/build/libs/patches-*.rvp
--- a/.releaserc
+++ b/.releaserc
@ -22,7 +22,7 @@
      {
        "assets": [
          "CHANGELOG.md",
-          "gradle.properties",
+          "gradle.properties"
        ],
        "message": "chore: Release v${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
      }
@ -33,16 +33,16 @@
        "assets": [
          {
            "path": "patches/build/libs/patches-!(*sources*|*javadoc*).rvp?(.asc)"
-          },
+          }
        ],
-        successComment: false
+        "successComment": false
      }
    ],
    [
      "@saithodev/semantic-release-backmerge",
      {
-        backmergeBranches: [{"from": "main", "to": "dev"}],
+        "backmergeBranches": [{"from": "main", "to": "dev"}],
-        clearWorkspace: true
+        "clearWorkspace": true
      }
    ]
  ]