Skip to content

ci: add artifact verification and simplify release workflow #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
amannocci merged 6 commits into from
Jun 23, 2026
Merged

ci: add artifact verification and simplify release workflow #31

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
075d709
ci: Add artifact verification and simplify release workflow
amannocci Jun 18, 2026
c69b981
ci: Add id-token permission to build job
amannocci Jun 18, 2026
d68f8ea
ci: Add attestation permissions and update checkout version
amannocci Jun 22, 2026
a62f8a8
ci: Specify artifact download path in sanitize job
amannocci Jun 23, 2026
6fc7eca
ci: Add executable permissions to binaries in sanitize job
amannocci Jun 23, 2026
9c72591
ci: Verify binaries with --version flag instead of bare execution
amannocci Jun 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,10 @@ jobs:
run: uv run poe lint

build:
permissions:
id-token: write
attestations: write
artifact-metadata: write
needs:
- lint
strategy:
Expand All @@ -53,6 +57,15 @@ jobs:
- name: Build
run: uv run poe build

- uses: actions/attest@v4
with:
subject-path: "dist/*"

- uses: actions/upload-artifact@v7
with:
name: terranova-${{ matrix.os }}
path: "dist/*"

test:
needs:
- build
Expand All @@ -70,3 +83,48 @@ jobs:

- name: Test
run: uv run poe test

sanitize:
needs:
- test
strategy:
matrix:
os:
- macos-15
- macos-15-intel
- ubuntu-latest
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v6

- name: Install environment
uses: ./.github/workflows/env-install

- uses: actions/download-artifact@v8
with:
merge-multiple: true
path: dist

- name: Verify macOS amd64 binary
run: |
chmod +x ./dist/terranova-*-darwin-amd64
./dist/terranova-*-darwin-amd64 --version || exit 1
if: runner.arch == 'X64' && runner.os == 'macOS'

- name: Verify macOS arm64 binary
run: |
chmod +x ./dist/terranova-*-darwin-arm64
./dist/terranova-*-darwin-arm64 --version || exit 1
if: runner.arch == 'ARM64' && runner.os == 'macOS'

- name: Verify linux amd64 binary
run: |
chmod +x ./dist/terranova-*-linux-amd64
./dist/terranova-*-linux-amd64 --version || exit 1
if: runner.arch == 'X64' && runner.os == 'Linux'

- name: Verify linux arm64 binary
run: |
chmod +x ./dist/terranova-*-linux-arm64
./dist/terranova-*-linux-arm64 --version || exit 1
if: runner.arch == 'ARM64' && runner.os == 'Linux'
32 changes: 4 additions & 28 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,36 +19,12 @@ concurrency:
group: ${{ github.workflow }}

jobs:
build:
strategy:
matrix:
os:
- macos-15
- macos-15-intel
- ubuntu-latest
runs-on: ${{ matrix.os }}
ci:
permissions:
artifact-metadata: write
attestations: write
contents: write
contents: read
id-token: write
steps:
- uses: actions/checkout@v7

- name: Install environment
uses: ./.github/workflows/env-install

- name: Build
run: uv run poe build

- uses: actions/attest@v4
with:
subject-path: "dist/*"

- uses: actions/upload-artifact@v7
with:
name: terranova-${{ matrix.os }}
path: "dist/*"
uses: ./.github/workflows/ci.yml
secrets: inherit

release:
runs-on: ubuntu-latest
Expand Down
Loading