Skip to content

Commit bbded71

Browse files
overheadhunteroverheadhunter
committed
apply suggestions from code review
[deploy]
1 parent 050bf4c commit bbded71

1 file changed

Lines changed: 11 additions & 7 deletions

File tree

.github/workflows/build.yml

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,9 @@ jobs:
1111
build:
1212
name: Build and Test
1313
runs-on: ubuntu-latest
14+
permissions:
15+
id-token: write # Required for the attestations step
16+
attestations: write # Required for the attestations step
1417
steps:
1518
- uses: actions/checkout@v5
1619
- uses: actions/setup-java@v5
@@ -38,6 +41,7 @@ jobs:
3841
deploy-central:
3942
name: Deploy to Maven Central
4043
runs-on: ubuntu-latest
44+
permissions: {}
4145
needs: [build]
4246
if: github.repository_owner == 'cryptomator' && (startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[deploy]'))
4347
steps:
@@ -54,9 +58,7 @@ jobs:
5458
if: startsWith(github.ref, 'refs/tags/')
5559
run: |
5660
PROJECT_VERSION=$(mvn help:evaluate "-Dexpression=project.version" -q -DforceStdout)
57-
test "$PROJECT_VERSION" = "$TAG_NAME"
58-
env:
59-
TAG_NAME: ${{ github.event.release.tag_name }}
61+
test "$PROJECT_VERSION" = "${GITHUB_REF##*/}"
6062
- name: Deploy to Maven Central
6163
run: mvn deploy -B -DskipTests -Psign,deploy-central --no-transfer-progress
6264
env:
@@ -69,22 +71,22 @@ jobs:
6971
deploy-github:
7072
name: Deploy to GitHub Packages
7173
runs-on: ubuntu-latest
74+
permissions:
75+
packages: write # Required for the deploy to GitHub Packages step
7276
needs: [build]
7377
if: github.repository_owner == 'cryptomator' && (startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[deploy]'))
7478
steps:
7579
- uses: actions/checkout@v5
7680
- uses: actions/setup-java@v5
7781
with:
7882
java-version: ${{ env.JAVA_VERSION }}
79-
distribution: temurin
83+
distribution: 'temurin'
8084
cache: 'maven'
8185
- name: Verify project version matches tag
8286
if: startsWith(github.ref, 'refs/tags/')
8387
run: |
8488
PROJECT_VERSION=$(mvn help:evaluate "-Dexpression=project.version" -q -DforceStdout)
85-
test "$PROJECT_VERSION" = "$TAG_NAME"
86-
env:
87-
TAG_NAME: ${{ github.event.release.tag_name }}
89+
test "$PROJECT_VERSION" = "${GITHUB_REF##*/}"
8890
- name: Deploy to GitHub Packages
8991
run: mvn deploy -B -DskipTests -Psign,deploy-github --no-transfer-progress
9092
env:
@@ -96,6 +98,8 @@ jobs:
9698
release:
9799
name: Release
98100
runs-on: ubuntu-latest
101+
permissions:
102+
contents: write # Required for the release step
99103
needs: [deploy-central, deploy-github]
100104
if: startsWith(github.ref, 'refs/tags/')
101105
steps:

0 commit comments

Comments
 (0)