diff --git a/.github/workflows/build-guest.yml b/.github/workflows/build-guest.yml index 7159891..25ff79a 100644 --- a/.github/workflows/build-guest.yml +++ b/.github/workflows/build-guest.yml @@ -13,6 +13,8 @@ jobs: build: runs-on: yocto-builder timeout-minutes: 480 + permissions: + contents: read steps: - name: Checkout uses: actions/checkout@v4 @@ -31,8 +33,33 @@ jobs: repro-build/dist/reproduce.sh retention-days: 30 + release: + if: inputs.tag != '' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) + needs: build + runs-on: yocto-builder + timeout-minutes: 60 + environment: release + permissions: + contents: write + steps: + - name: Checkout default branch + uses: actions/checkout@v4 + with: + ref: ${{ github.event.repository.default_branch }} + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: guest-images + path: repro-build/dist + + - name: Validate release tag + env: + TAG: ${{ inputs.tag }} + run: | + echo "$TAG" | grep -Eq '^v[0-9]+\.[0-9]+\.[0-9]+([-.][0-9A-Za-z.-]+)?$' + - name: Create tag and release - if: inputs.tag != '' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAG: ${{ inputs.tag }}