From e758499a57fb9154aa73af04ac8867e39ec66ec7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=ADas=20Insaurralde?= Date: Mon, 16 Mar 2026 14:24:37 -0300 Subject: [PATCH] chore(ci): remove unused github_release workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Matías Insaurralde --- .github/workflows/github_release.yaml | 91 --------------------------- 1 file changed, 91 deletions(-) delete mode 100644 .github/workflows/github_release.yaml diff --git a/.github/workflows/github_release.yaml b/.github/workflows/github_release.yaml deleted file mode 100644 index d2e65c738..000000000 --- a/.github/workflows/github_release.yaml +++ /dev/null @@ -1,91 +0,0 @@ -name: Release - -on: - workflow_call: - inputs: - tag: - type: string - required: true - -permissions: read-all - -jobs: - release: - name: Record release from GitHub - runs-on: ubuntu-latest - permissions: - packages: write - contents: write - id-token: write # required for SLSA provenance - https://docs.chainloop.dev/guides/slsa/ - env: - CHAINLOOP_WORKFLOW_NAME: chainloop-vault-release - CHAINLOOP_PROJECT: chainloop - GH_TOKEN: ${{ github.token }} - INPUT_TAG: ${{ inputs.tag }} - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Install Chainloop - run: | - curl -sfL https://dl.chainloop.dev/cli/install.sh | bash -s - - - name: Initialize Attestation - run: | - tag=$(echo -n "$INPUT_TAG" | cut -d / -f3) - chainloop attestation init --workflow ${CHAINLOOP_WORKFLOW_NAME} --project ${CHAINLOOP_PROJECT} --version "$tag" - - - name: Attest all assets - run: | - tag=$(echo -n "$INPUT_TAG" | cut -d / -f3) - gh release download $tag -D /tmp/github-release - for entry in $(ls /tmp/github-release); do - # If the name is cas.cyclonedx.json, controlplane.cyclonedx.json or cli.cyclonedx.json, we need to add the attestation with the correct name - if [[ $entry =~ ^(cas|controlplane|cli)\.cyclonedx\.json$ ]]; then - name=$(echo -n "${entry%.json}" | sed 's/\./-/g') - chainloop attestation add --value "/tmp/github-release/$entry" --name "$name" - continue - fi - chainloop attestation add --value "/tmp/github-release/$entry" - done - - # Include source code - version=$(echo -n $tag | sed 's/v//g') - gh release download $tag -A tar.gz -D /tmp - chainloop attestation add --value "/tmp/chainloop-$version.tar.gz" - - - name: Finish and Record Attestation - id: attestation-push - if: ${{ success() }} - run: | - chainloop attestation status --full - attestation_sha=$(chainloop attestation push -o json | jq -r '.digest') - # check that the command succeeded - [ -n "${attestation_sha}" ] || exit 1 - echo "attestation_sha=$attestation_sha" >> $GITHUB_OUTPUT - - - name: Mark attestation as failed - if: ${{ failure() }} - run: | - chainloop attestation reset - - - name: Mark attestation as cancelled - if: ${{ cancelled() }} - run: | - chainloop attestation reset --trigger cancellation - - - name: Add attestation link to release notes - if: ${{ success() }} - run: | - chainloop_release_url="## Chainloop Attestation"$'\n'"[View the attestation of this release](https://app.chainloop.dev/attestation/${{ steps.attestation-push.outputs.attestation_sha }})" - current_notes=$(gh release view "$INPUT_TAG" --json body -q '.body') - - if echo "$current_notes" | grep -q "## Chainloop Attestation"; then - # Replace the existing Chainloop Attestation section with the new URL - modified_notes=$(echo "$current_notes" | sed -E "s|## Chainloop Attestation[^\n]*\n\[View the attestation of this release\]\(https://app\.chainloop\.dev/attestation/[^\)]*\)|$chainloop_release_url|") - else - # Add the Chainloop Attestation section to the top - modified_notes="$chainloop_release_url"$'\n\n'"$current_notes" - fi - - # Update the release notes and ignore if it fails since we might be lacking permissions to update the release notes - gh release edit "$INPUT_TAG" -n "$modified_notes" || echo -n "Not enough permissions to edit the release notes. Skipping..."