Add workflow file for publishing releases to immutable action package #485
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| name: 'Publish Immutable Action Version' | ||
|
|
||
| on: | ||
| release: | ||
| types: [created] | ||
|
|
||
| jobs: | ||
| publish: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
|
There was a problem hiding this comment. Why is an OIDC token needed? There was a problem hiding this comment. It's required for generating the attestation - it uses the id-token to prove the identity and request a Sigstore signing cert. See also: https://github.com/actions/attest-build-provenance?tab=readme-ov-file#usage
(we don't persist the attestation with GitHub's API so we don't need that second one) |
||
| packages: write | ||
|
|
||
| steps: | ||
| - name: Checking out | ||
| uses: actions/checkout@v4 | ||
| - name: Publish | ||
| id: publish | ||
| uses: actions/publish-immutable-action@0.0.1 | ||
| with: | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
|
Comment on lines
+20
to
+22
There was a problem hiding this comment. We could update this action to default ot using the Lines 11 to 14 in 35b1cdd |
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we use
releasepublishedinstead ofcreated?https://docs.github.com/en/webhooks/webhook-events-and-payloads?actionType=published#release
Users may create a draft release and not want others to depend on it yet.