ci(release),releaser: prepare for release

.github/workflows/publish-slsa3-auto.yml

@@ -3,12 +3,11 @@ name: automated tagged release with slsa 3 compliance
 on:
   push:
     tags:
-    - '*'
+      - 'v*'
 
 jobs:
   build:
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/main'
     permissions:
       contents: write
     outputs:
@@ -17,15 +16,23 @@ jobs:
     steps:
       - name: checkout
         uses: actions/checkout@v3
+        with:
+          ref: main
+
+      - name: get branch name
+        id: get-branch-name
+        uses: tj-actions/branch-names@v7
 
       - name: install devbox
-        uses: jetpack-io/devbox-install-action@v0.3.0
+        uses: jetpack-io/devbox-install-action@v0.6.1
 
       - name: install dependencies
         run: devbox run poetry install
 
       - name: run releaser.py
         run: devbox run python releaser.py
+        env:
+          SURPLUS_BUILD_BRANCH: ${{ steps.get-branch-name.outputs.base_ref_branch }}
 
       - name: build project
         id: build
@@ -41,6 +48,11 @@ jobs:
           HASHES=$(sha256sum * | base64 -w0)
           echo "hashes=$HASHES" >> "$GITHUB_OUTPUT"
 
+      - uses: actions/upload-artifact@v3
+        with:
+          name: wheels
+          path: dist/
+
       - name: release
         uses: softprops/action-gh-release@v0.1.15
         if: startsWith(github.ref, 'refs/tags/')

.github/workflows/publish-slsa3-manual.yml

@@ -14,15 +14,23 @@ jobs:
     steps:
       - name: checkout
         uses: actions/checkout@v3
+        with:
+          ref: main
+
+      - name: get branch name
+        id: get-branch-name
+        uses: tj-actions/branch-names@v7
 
       - name: install devbox
-        uses: jetpack-io/devbox-install-action@v0.3.0
+        uses: jetpack-io/devbox-install-action@v0.6.1
 
       - name: install dependencies
         run: devbox run poetry install
 
       - name: run releaser.py
         run: devbox run python releaser.py
+        env:
+          SURPLUS_BUILD_BRANCH: ${{ steps.get-branch-name.outputs.base_ref_branch }}
 
       - name: build project
         id: build
@@ -45,6 +53,11 @@ jobs:
           files: |
             dist/*.whl
 
+      - uses: actions/upload-artifact@v3
+        with:
+          name: wheels
+          path: dist/
+
   provenance:
     needs: [build]
     permissions:

releaser.py

@@ -30,25 +30,34 @@ For more information, please refer to <http://unlicense.org/>
 """
 
 from datetime import datetime, timedelta, timezone
+from os import getenv
 from pathlib import Path
 from subprocess import run
 
+
 # NOTE: change this if surplus has moved
 path_surplus = Path(__file__).parent.joinpath("./surplus/surplus.py")
 
 build_time = datetime.now(timezone(timedelta(hours=8)))  # using SGT
-insert_build_branch: str = run(
+
-    "git rev-parse --abbrev-ref HEAD",
+_insert_build_branch = getenv(
+    "SURPLUS_BUILD_BRANCH",
+    run(
+        "git branch --show-current",
         capture_output=True,
         text=True,
         shell=True,
-).stdout.strip("\n")
+    ).stdout.strip("\n"),
+)
+insert_build_branch = _insert_build_branch if _insert_build_branch != "" else "unknown"
+
 insert_build_commit: str = run(
     "git rev-parse HEAD",
     capture_output=True,
     text=True,
     shell=True,
 ).stdout.strip("\n")
+
 insert_build_datetime: str = repr(build_time).replace("datetime.", "")
 
 # NOTE: change this if the respective lines in surplus.py have changed