search

Yubico / java-webauthn-server

Server-side Web Authentication library for Java https://www.w3.org/TR/webauthn/#rp-operations
Other
457 stars 142 forks source link

Automate signature upload step in release procedure #233

Closed emlun closed 1 year ago

emlun commented 1 year ago

The "Reproducible build" workflow checks that fresh builds from source match the release signatures from Maven Central and the GitHub release. Because there's a bit of delay before artifacts become available on Maven Central, the developer needs to wait for that before publishing a GitHub release.

This change makes the workflow wait for the files to become available on Maven Central, and upload the signature files to the GitHub release instead of downloading them from there. The developer no longer needs to manually attach the signature files and does not need to wait before publishing the release.

Ping @Yubico/prodsec for visibility, you're welcome to review if you want to. :slightly_smiling_face:

github-actions[bot] commented 1 year ago

Test Results

1 362 tests   1 358 :heavy_check_mark:  2m 25s :stopwatch:      43 suites         4 :zzz:      43 files           0 :x:

Results for commit 16d7066c.