diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a00892e26..3f8b6d186 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,7 +13,9 @@ name: Release permissions: + "attestations": "write" "contents": "write" + "id-token": "write" # This task will run whenever you push a git tag that looks like a version # like "1.0.0", "v0.1.0-prerelease.1", "my-app/0.1.0", "releases/v1.0.0", etc. @@ -132,6 +134,10 @@ jobs: # Actually do builds and make zips and whatnot cargo dist build ${{ needs.plan.outputs.tag-flag }} --print=linkage --output-format=json ${{ matrix.dist_args }} > dist-manifest.json echo "cargo dist ran successfully" + - name: Attest + uses: actions/attest-build-provenance@v1 + with: + subject-path: "target/distrib/*${{ join(matrix.targets, ', ') }}*" - id: cargo-dist name: Post-build # We force bash here just because github makes it really hard to get values up diff --git a/Cargo.toml b/Cargo.toml index 73b9f0d01..90a8138d8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -18,15 +18,26 @@ edition = "2021" license = "MIT" repository = "https://github.com/penberg/limbo" +# Config for 'cargo dist' [workspace.metadata.dist] +# The preferred cargo-dist version to use in CI (Cargo.toml SemVer syntax) cargo-dist-version = "0.19.1" +# CI backends to support ci = "github" -installers = ["shell"] +# The installers to generate for each app +installers = ["shell", "powershell"] +# Target platforms to build apps for (Rust target-triple syntax) targets = ["aarch64-apple-darwin", "x86_64-apple-darwin", "x86_64-unknown-linux-gnu", "x86_64-pc-windows-msvc"] +# Publish jobs to run in CI pr-run-mode = "plan" -install-path = "~/.limbo/" +# Path that installers should place binaries in +install-path = "~/.limbo" +# Whether to install an updater program install-updater = true +# Whether to consider the binaries in a package for distribution (defaults true) dist = false +# Whether to enable GitHub Attestations +github-attestations = true [profile.dist] inherits = "release"