From 5ee1bbc78d0e636dc41f64aea6272eed2c3c1226 Mon Sep 17 00:00:00 2001
From: Sofus Albertsen <sofus.albertsen@eficode.com>
Date: Tue, 7 Mar 2023 14:03:03 +0100
Subject: [PATCH] #15 Add provence

---
 .github/workflows/make-release.yaml | 83 +++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 .github/workflows/make-release.yaml

diff --git a/.github/workflows/make-release.yaml b/.github/workflows/make-release.yaml
new file mode 100644
index 0000000..0abed15
--- /dev/null
+++ b/.github/workflows/make-release.yaml
@@ -0,0 +1,83 @@
+name: Package and upload a release
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  # This step builds our artifacts, uploads them to the workflow run, and
+  # outputs their digest.
+  build:
+    outputs:
+      hashes: ${{ steps.hash.outputs.hashes }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      
+      - name: package artifacts
+        run: |
+          # These are some amazing artifacts.
+          zip -r frontend.zip frontend/
+          zip -r backend.zip backend/
+
+      - name: Generate hashes
+        shell: bash
+        id: hash
+        run: |
+          # sha256sum generates sha256 hash for all artifacts.
+          # base64 -w0 encodes to base64 and outputs on a single line.
+          # sha256sum frontend.zip backend.zip ... | base64 -w0
+          echo "hashes=$(sha256sum frontend.zip backend.zip | base64 -w0)" >> "$GITHUB_OUTPUT"
+
+      - name: Upload Frontend
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
+        with:
+          name: frontend
+          path: frontend.zip
+          if-no-files-found: error
+          retention-days: 5
+
+      - name: Upload backend
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
+        with:
+          name: backend
+          path: backend.zip
+          if-no-files-found: error
+          retention-days: 5
+
+  # This step calls the generic workflow to generate provenance.
+  provenance:
+    needs: [build]
+    permissions:
+      actions: read
+      id-token: write
+      contents: write
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.5.0
+    with:
+      base64-subjects: "${{ needs.build.outputs.hashes }}"
+      # Upload provenance to a new release
+      upload-assets: true
+
+  # This step uploads our artifacts to the tagged GitHub release.
+  release:
+    needs: [build, provenance]
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/')
+    steps:
+      - name: Download frontend
+        uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v2.1.0
+        with:
+          name: frontend
+
+      - name: Download backend
+        uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v2.1.0
+        with:
+          name: backend
+
+      - name: Upload assets
+        uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # v0.1.14
+        with:
+          files: |
+            frontend.zip
+            backend.zip
\ No newline at end of file