# Runs on releases name: Publish release on: release: types: [published] permissions: contents: read jobs: stable: runs-on: ubuntu-latest name: Write release to stable branch permissions: contents: write pull-requests: write env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - name: Checkout Code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4.1.7 - name: Version Check run: | pip install --require-hashes -r contrib/dev_reqs/requirements.txt python3 .github/scripts/version_check.py - name: Push to Stable Branch uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # pin@v0.8.0 if: env.stable_release == 'true' with: github_token: ${{ secrets.GITHUB_TOKEN }} branch: stable force: true build: runs-on: ubuntu-latest name: Build and attest frontend permissions: id-token: write contents: write attestations: write steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4.1.7 - name: Environment Setup uses: ./.github/actions/setup with: npm: true - name: Install dependencies run: cd src/frontend && yarn install - name: Build frontend run: cd src/frontend && npm run compile && npm run build - name: Create SBOM for frontend uses: anchore/sbom-action@v0 with: artifact-name: frontend-build.spdx path: src/frontend - name: Write version file - SHA run: cd src/backend/InvenTree/web/static/web/.vite && echo "$GITHUB_SHA" > sha.txt - name: Write version file - TAG run: cd src/backend/InvenTree/web/static/web/.vite && echo "${{ github.ref_name }}" > tag.txt - name: Zip frontend run: | cd src/backend/InvenTree/web/static/web zip -r ../frontend-build.zip * .vite - name: Attest Build Provenance id: attest uses: actions/attest-build-provenance@v1 with: subject-path: "${{ github.workspace }}/src/backend/InvenTree/web/static/frontend-build.zip" - name: Upload frontend uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # pin@2.9.0 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: src/backend/InvenTree/web/static/frontend-build.zip asset_name: frontend-build.zip tag: ${{ github.ref }} overwrite: true - name: Upload Attestation uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # pin@2.9.0 with: repo_token: ${{ secrets.GITHUB_TOKEN }} asset_name: frontend-build.intoto.jsonl file: ${{ steps.attest.outputs.bundle-path}} tag: ${{ github.ref }} overwrite: true