Merge pull request #85 from runwaylab/release-updates

update release

Author: GrantBirki

.github/workflows/release.yml

@@ -21,10 +21,11 @@ jobs:
       gem_name: ${{ steps.build.outputs.gem_name }}
       gem_version: ${{ steps.build.outputs.gem_version }}
       gem_path: ${{ steps.build.outputs.gem_path }}
+      artifact_dir: ${{ steps.build.outputs.artifact_dir }}
 
     steps:
       - name: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@4.2.2
         with:
           persist-credentials: false
 
@@ -39,6 +40,7 @@ jobs:
       # gem_name: the name of the gem - ex: "my-cool-gem"
       # gem_version: the version of the gem - ex: "1.0.0"
       # gem_path: the path/filename of the gem - ex: "my-cool-gem-1.0.0.gem"
+      # artifact_dir: the directory where the gem is stored - ex: "dist" (a directory)
       - name: build
         id: build
         run: script/build
@@ -47,7 +49,9 @@ jobs:
         uses: actions/[email protected]
         id: upload-artifact
         with:
-          path: "${{ steps.build.outputs.gem_path }}"
+          name: ${{ steps.build.outputs.artifact_dir }}
+          path: ${{ steps.build.outputs.artifact_dir }}
+          if-no-files-found: error
 
   release:
     needs: build
@@ -62,19 +66,25 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: actions/download-artifact@4.3.0
+      - uses: actions/download-artifact@5.0.0
         with:
+          path: ${{ needs.build.outputs.artifact_dir }}
           artifact-ids: ${{ needs.build.outputs.artifact-id }}
 
+      - name: view artifact
+        env:
+          ARTIFACT_PATH: ${{ needs.build.outputs.artifact_dir }}
+        run: tree -L 2 -a --dirsfirst -C -F -h -D "${ARTIFACT_PATH}"
+
       - name: Publish to GitHub Packages
         env:
           OWNER: ${{ github.repository_owner }}
           GEM_NAME: ${{ needs.build.outputs.gem_name }}
           GEM_VERSION: ${{ needs.build.outputs.gem_version }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          ARTIFACT_PATH: "artifact"
+          ARTIFACT_PATH: ${{ needs.build.outputs.artifact_dir }}
         run: |
-          GEM_HOST_API_KEY=${GITHUB_TOKEN} gem push --key github --host https://rubygems.pkg.github.com/${OWNER} $ARTIFACT_PATH/${GEM_NAME}-${GEM_VERSION}.gem
+          GEM_HOST_API_KEY=${GITHUB_TOKEN} gem push --key github --host https://rubygems.pkg.github.com/${OWNER} ${ARTIFACT_PATH}/${GEM_NAME}-${GEM_VERSION}.gem
 
       - uses: ruby/setup-ruby@2a7b30092b0caf9c046252510f9273b4875f3db9 # [email protected]
         with:
@@ -90,14 +100,14 @@ jobs:
         env:
           GEM_NAME: ${{ needs.build.outputs.gem_name }}
           GEM_VERSION: ${{ needs.build.outputs.gem_version }}
-          ARTIFACT_PATH: "artifact"
+          ARTIFACT_PATH: ${{ needs.build.outputs.artifact_dir }}
         run: bundle exec sigstore-cli sign ${ARTIFACT_PATH}/${GEM_NAME}-${GEM_VERSION}.gem --bundle ${GEM_NAME}-${GEM_VERSION}.sigstore.json
 
       - name: Publish to RubyGems
         env:
           GEM_NAME: ${{ needs.build.outputs.gem_name }}
           GEM_VERSION: ${{ needs.build.outputs.gem_version }}
-          ARTIFACT_PATH: "artifact"
+          ARTIFACT_PATH: ${{ needs.build.outputs.artifact_dir }}
         run: gem push ${ARTIFACT_PATH}/${GEM_NAME}-${GEM_VERSION}.gem --attestation ${GEM_NAME}-${GEM_VERSION}.sigstore.json
 
       - name: await gem
@@ -111,7 +121,7 @@ jobs:
           GEM_NAME: ${{ needs.build.outputs.gem_name }}
           GEM_VERSION: ${{ needs.build.outputs.gem_version }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          ARTIFACT_PATH: "artifact"
+          ARTIFACT_PATH: ${{ needs.build.outputs.artifact_dir }}
         run: |
           gh release create "v${GEM_VERSION}" \
             "${ARTIFACT_PATH}/${GEM_NAME}-${GEM_VERSION}.gem" \
@@ -128,29 +138,31 @@ jobs:
       contents: read
 
     steps:
-      - uses: actions/download-artifact@4.3.0
+      - uses: actions/download-artifact@5.0.0
         with:
+          path: ${{ needs.build.outputs.artifact_dir }}
           artifact-ids: ${{ needs.build.outputs.artifact-id }}
 
       - name: attest build provenance
         uses: actions/[email protected]
         with:
-          subject-path: "artifact/${{ needs.build.outputs.gem_path }}"
+          subject-path: "${{ needs.build.outputs.artifact_dir }}/${{ needs.build.outputs.gem_path }}"
 
   verify:
     permissions: {}
     needs: [build, release, sign]
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/download-artifact@4.3.0
+      - uses: actions/download-artifact@5.0.0
         with:
+          path: ${{ needs.build.outputs.artifact_dir }}
           artifact-ids: ${{ needs.build.outputs.artifact-id }}
 
       - name: verify
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           OWNER: ${{ github.repository_owner }}
           REPO: ${{ github.event.repository.name }}
-          ARTIFACT_PATH: "artifact/${{ needs.build.outputs.gem_path }}"
+          ARTIFACT_PATH: "${{ needs.build.outputs.artifact_dir }}/${{ needs.build.outputs.gem_path }}"
         run: gh attestation verify "$ARTIFACT_PATH" --repo ${OWNER}/${REPO} --signer-workflow ${OWNER}/${REPO}/.github/workflows/release.yml

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    issue-db (1.3.1)
+    issue-db (1.3.2)
       faraday-retry (~> 2.2, >= 2.2.1)
       jwt (>= 2.9.3, < 4.0)
       octokit (>= 9.2, < 11.0)
@@ -97,7 +97,7 @@ GEM
       psych (>= 4.0.0)
     redacting-logger (1.5.0)
       logger (~> 1.6)
-    regexp_parser (2.10.0)
+    regexp_parser (2.11.0)
     reline (0.6.2)
       io-console (~> 0.5)
     rexml (3.4.1)
@@ -114,7 +114,7 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.4)
-    rubocop (1.79.0)
+    rubocop (1.79.2)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -124,7 +124,6 @@ GEM
       regexp_parser (>= 2.9.3, < 3.0)
       rubocop-ast (>= 1.46.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      tsort (>= 0.2.0)
       unicode-display_width (>= 2.4.0, < 4.0)
     rubocop-ast (1.46.0)
       parser (>= 3.3.7.2)
@@ -170,7 +169,6 @@ GEM
     simplecov_json_formatter (0.1.4)
     stringio (3.1.7)
     thor (1.4.0)
-    tsort (0.2.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (3.1.4)

README.md

@@ -6,6 +6,7 @@
 [![acceptance](https://github.com/runwaylab/issue-db/actions/workflows/acceptance.yml/badge.svg)](https://github.com/runwaylab/issue-db/actions/workflows/acceptance.yml)
 [![release](https://github.com/runwaylab/issue-db/actions/workflows/release.yml/badge.svg)](https://github.com/runwaylab/issue-db/actions/workflows/release.yml)
 [![coverage](./docs/assets/coverage.svg)](./docs/assets/coverage.svg)
+![slsa-level3](docs/assets/slsa-level3.svg)
 
 A Ruby Gem to use GitHub Issues as a NoSQL JSON document db.
 

docs/assets/slsa-level3.svg

@@ -2,6 +2,6 @@
 
 module IssueDB
   module Version
-    VERSION = "1.3.1"
+    VERSION = "1.3.2"
   end
 end

lib/version.rb

@@ -11,6 +11,9 @@ if [[ "$CI" == "true" ]]; then
   echo "gem_name=$GEM_NAME" >> $GITHUB_OUTPUT
   echo "gem_version=$GEM_VERSION" >> $GITHUB_OUTPUT
   echo "gem_path=$GEM_NAME-$GEM_VERSION.gem" >> $GITHUB_OUTPUT
+  mkdir -p dist/
+  mv $GEM_NAME-$GEM_VERSION.gem dist/
+  echo "artifact_dir=dist" >> $GITHUB_OUTPUT
 fi
 
 echo -e "📦 ${GREEN}successfully${OFF} built ${PURPLE}$GEM_NAME-$GEM_VERSION.gem${OFF}"