From 3f418ebb42ab7b7d431dc3676cc9933185f5c74a Mon Sep 17 00:00:00 2001
From: "K.B.Dharun Krishna" <kbdharunkrishna@gmail.com>
Date: Mon, 22 Jul 2024 22:22:35 +0530
Subject: [PATCH] test: updated release workflow

---
 .github/workflows/release.yml | 92 +++++++++++++----------------------
 1 file changed, 35 insertions(+), 57 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 125bbd0..ffd5955 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,8 +1,4 @@
-name: Vib release
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+name: Release
 
 on:
   push:
@@ -15,62 +11,44 @@ env:
     REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
 
 jobs:
-  generate:
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v4
-    - uses: awalsh128/cache-apt-pkgs-action@latest
-      with:
-        packages: debootstrap podman
-        version: 1.0
-
-    - name: Rootfs
-      working-directory: rootfs
-      run: |
-        sudo sh build.sh
-
-    - uses: vanilla-os/vib-gh-action@v0.7.3
-
-    - name: Save Containerfile
-      uses: actions/upload-artifact@v4
-      with:
-        name: Containerfile
-        path: Containerfile
-
-    - name: Save zst
-      uses: actions/upload-artifact@v4
-      with:
-        name: vanilla-pico.tar.zst
-        path: rootfs/vanilla-pico.tar.zst
-
-  commit:
-
+  release:
     runs-on: ubuntu-latest
-    needs: generate
-
+    permissions:
+      contents: write # Allow actions to create release
+      attestations: write # To create and write attestations
+      id-token: write # Additional permissions for the persistence of the attestations
+    
     steps:
-      - name: Checkout release branch
+      - name: Checkout
         uses: actions/checkout@v4
         with:
-          ref: 'release'
+          fetch-depth: 0
 
-      - name: Download Containerfile
-        uses: actions/download-artifact@v4
-        with:
-          name: Containerfile
+      - name: Install debootstrap from Ubuntu git
+        run: |
+            sudo git clone --depth 1 https://git.launchpad.net/ubuntu/+source/debootstrap /debootstrap
+            sudo chmod a+x /debootstrap/debootstrap
+            sudo ln -s /debootstrap/debootstrap -t /usr/local/bin
+  
+      - name: Build Rootfs
+        working-directory: rootfs
+        run: |
+          sudo apt install -y podman
+          sudo sh build.sh
+      
+      - name: Create Checksum
+        working-directory: rootfs
+        run: |
+          sha256sum vanilla-pico.tar.gz > checksums.txt
 
-      - name: Download zst
-        uses: actions/download-artifact@v4
-        with:
-          name: vanilla-pico.tar.zst
+      - name: Create Release
+        working-directory: rootfs
+        env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: gh release create "${{ github.ref_name }}" --generate-notes vanilla-pico.tar.zst checksums.txt
 
-      - name: Commit Containerfile
-        run: |
-          mkdir rootfs
-          mv vanilla-pico.tar.zst rootfs/vanilla-pico.tar.zst
-          git config --local user.email "action@github.com"
-          git config --local user.name "GitHub Action"
-          git add .
-          git commit -m "release: ${GITHUB_REF#refs/tags/}"
-          git push
+      - name: Attest Release Files
+        id: attest
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: 'rootfs/*.tar.gz, rootfs/checksums.txt'