This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .github/workflows/release.yml | |
| name: Publish Release (from build artifacts) | |
| on: | |
| workflow_run: | |
| workflows: ["Build su-exec"] # must match the 'name:' of build.yml | |
| types: [completed] | |
| permissions: | |
| contents: write # needed for creating/updating releases & uploading assets | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| # Only continue if the triggering run: | |
| # - succeeded | |
| # - came from THIS repo (not a fork) | |
| # - and was a tag push (head_branch starts with 'v') | |
| if: > | |
| ${{ | |
| github.event.workflow_run.conclusion == 'success' && | |
| github.event.workflow_run.head_repository.full_name == github.repository && | |
| startsWith(github.event.workflow_run.head_branch, 'v') | |
| }} | |
| steps: | |
| - name: Determine version (tag) | |
| id: ver | |
| run: | | |
| echo "version=${{ github.event.workflow_run.head_branch }}" >> "$GITHUB_OUTPUT" | |
| - name: Download artifacts from the build run | |
| uses: dawidd6/action-download-artifact@v6 | |
| with: | |
| run_id: ${{ github.event.workflow_run.id }} | |
| repo: ${{ github.repository }} | |
| path: dist | |
| # leave 'name' unset to fetch all artifacts from that run | |
| skip_unpack: false | |
| - name: List retrieved artifacts | |
| run: ls -l dist || true | |
| - name: Generate SHA256SUMS | |
| run: | | |
| cd dist | |
| sha256sum su-exec-* > SHA256SUMS | |
| cat SHA256SUMS | |
| - name: Create/Update GitHub Release and upload assets | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ steps.ver.outputs.version }} | |
| files: | | |
| dist/su-exec-* | |
| dist/SHA256SUMS | |
| fail_on_unmatched_files: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |