coffee/fmt - fmt - CoffeeCat

coffee/fmt

Fork 0

mirror of https://github.com/fmtlib/fmt.git synced 2026-06-15 08:26:13 +08:00

Commit Graph

Author	SHA1	Message	Date
dependabot[bot]	a597d06854	Bump slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml (#4792 ) Bumps [slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml](https://github.com/slsa-framework/slsa-github-generator) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v2.0.0...v2.1.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml dependency-version: 2.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-06-02 15:14:38 -07:00
Victor Zverovich	a9e889e161	Build release artifacts and SLSA provenance in CI Adds .github/workflows/release.yml, triggered on `release: created`, which: - checks out the release's target_commitish, - builds the source zip via CMake/CPack (`package_source`), - uploads the zip to the draft release, - calls slsa-framework/slsa-github-generator to produce a SLSA v1.0 *.intoto.jsonl provenance file and attach it to the same draft release. After CI completes, the draft has both the zip and the provenance attached, and the maintainer reviews and publishes as before. Updates support/release.py to stop building and uploading the zip locally; that work has moved to CI so the SLSA provenance attests to the actual build environment that produced the artifact, not to a hash observed after the fact. The script still builds docs locally because the subsequent mkdocs deploy step depends on them.	2026-05-31 18:16:07 -07:00

Author

SHA1

Message

Date

dependabot[bot]

a597d06854

Bump slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml (#4792 )

Bumps [slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml](https://github.com/slsa-framework/slsa-github-generator) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

2026-06-02 15:14:38 -07:00

Victor Zverovich

a9e889e161

Build release artifacts and SLSA provenance in CI

Adds .github/workflows/release.yml, triggered on `release: created`, which:
  - checks out the release's target_commitish,
  - builds the source zip via CMake/CPack (`package_source`),
  - uploads the zip to the draft release,
  - calls slsa-framework/slsa-github-generator to produce a
    SLSA v1.0 *.intoto.jsonl provenance file and attach it to the
    same draft release.

After CI completes, the draft has both the zip and the provenance attached,
and the maintainer reviews and publishes as before.

Updates support/release.py to stop building and uploading the zip locally;
that work has moved to CI so the SLSA provenance attests to the actual
build environment that produced the artifact, not to a hash observed
after the fact. The script still builds docs locally because the
subsequent mkdocs deploy step depends on them.

2026-05-31 18:16:07 -07:00

2 Commits