Skip to content

Commit 7cbc44d

Browse files
maennchenjosevalim
maennchen
authored and
josevalim
committed
Hash release files after signing (#14085)
1 parent 8a89663 commit 7cbc44d

File tree

2 files changed

+29
-24
lines changed

2 files changed

+29
-24
lines changed

.github/workflows/release.yml

Lines changed: 29 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,6 @@ jobs:
5555
git push origin $ref_name --force
5656
5757
build:
58-
needs: create_draft_release
5958
strategy:
6059
fail-fast: true
6160
matrix:
@@ -78,6 +77,22 @@ jobs:
7877
otp: ${{ matrix.otp }}
7978
build_docs: ${{ matrix.build_docs }}
8079

80+
- name: "Sign files with Trusted Signing"
81+
if: github.repository == 'elixir-lang/elixir'
82+
uses: azure/[email protected]
83+
with:
84+
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
85+
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
86+
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
87+
endpoint: https://eus.codesigning.azure.net/
88+
trusted-signing-account-name: trusted-signing-elixir
89+
certificate-profile-name: Elixir
90+
files-folder: ${{ github.workspace }}
91+
files-folder-filter: exe
92+
file-digest: SHA256
93+
timestamp-rfc3161: http://timestamp.acs.microsoft.com
94+
timestamp-digest: SHA256
95+
8196
- name: "Attest release .exe provenance"
8297
uses: actions/attest-build-provenance@v2
8398
id: attest-exe-provenance
@@ -110,6 +125,18 @@ jobs:
110125
env:
111126
ATTESTATION: "${{ steps.attest-docs-provenance.outputs.bundle-path }}"
112127

128+
- name: Create Release Hashes
129+
run: |
130+
shasum -a 1 elixir-otp-${{ matrix.otp }}.zip > elixir-otp-${{ matrix.otp }}.zip.sha1sum
131+
shasum -a 256 elixir-otp-${{ matrix.otp }}.zip > elixir-otp-${{ matrix.otp }}.zip.sha256sum
132+
shasum -a 1 elixir-otp-${{ matrix.otp }}.exe > elixir-otp-${{ matrix.otp }}.exe.sha1sum
133+
shasum -a 256 elixir-otp-${{ matrix.otp }}.exe > elixir-otp-${{ matrix.otp }}.exe.sha256sum
134+
- name: Create Docs Hashes
135+
if: ${{ matrix.build_docs }}
136+
run: |
137+
shasum -a 1 Docs.zip > Docs.zip.sha1sum
138+
shasum -a 256 Docs.zip > Docs.zip.sha256sum
139+
113140
- name: "Upload release artifacts"
114141
uses: actions/upload-artifact@v4
115142
with:
@@ -124,7 +151,7 @@ jobs:
124151
path: Docs.zip*
125152

126153
upload-release:
127-
needs: build
154+
needs: [build, create_draft_release]
128155
runs-on: windows-2022
129156

130157
steps:
@@ -135,22 +162,6 @@ jobs:
135162
mv Docs/* .
136163
shell: bash
137164
138-
- name: "Sign files with Trusted Signing"
139-
if: github.repository == 'elixir-lang/elixir'
140-
uses: azure/[email protected]
141-
with:
142-
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
143-
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
144-
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
145-
endpoint: https://eus.codesigning.azure.net/
146-
trusted-signing-account-name: trusted-signing-elixir
147-
certificate-profile-name: Elixir
148-
files-folder: ${{ github.workspace }}
149-
files-folder-filter: exe
150-
file-digest: SHA256
151-
timestamp-rfc3161: http://timestamp.acs.microsoft.com
152-
timestamp-digest: SHA256
153-
154165
- name: Upload Pre-built
155166
shell: bash
156167
env:

.github/workflows/release_pre_built/action.yml

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,6 @@ runs:
1919
run: |
2020
make Precompiled.zip
2121
mv Precompiled.zip elixir-otp-${{ inputs.otp }}.zip
22-
shasum -a 1 elixir-otp-${{ inputs.otp }}.zip > elixir-otp-${{ inputs.otp }}.zip.sha1sum
23-
shasum -a 256 elixir-otp-${{ inputs.otp }}.zip > elixir-otp-${{ inputs.otp }}.zip.sha256sum
2422
echo "$PWD/bin" >> $GITHUB_PATH
2523
- name: Install NSIS
2624
shell: bash
@@ -34,8 +32,6 @@ runs:
3432
export ELIXIR_ZIP=$PWD/elixir-otp-${{ inputs.otp }}.zip
3533
(cd lib/elixir/scripts/windows_installer && ./build.sh)
3634
mv lib/elixir/scripts/windows_installer/tmp/elixir-otp-${{ inputs.otp }}.exe .
37-
shasum -a 1 elixir-otp-${{ inputs.otp }}.exe > elixir-otp-${{ inputs.otp }}.exe.sha1sum
38-
shasum -a 256 elixir-otp-${{ inputs.otp }}.exe > elixir-otp-${{ inputs.otp }}.exe.sha256sum
3935
- name: Get ExDoc ref
4036
if: ${{ inputs.build_docs }}
4137
shell: bash
@@ -66,5 +62,3 @@ runs:
6662
run: |
6763
git fetch --tags
6864
make Docs.zip
69-
shasum -a 1 Docs.zip > Docs.zip.sha1sum
70-
shasum -a 256 Docs.zip > Docs.zip.sha256sum

0 commit comments

Comments
 (0)