Attest artifacts (#347)

- Use artifacts output.
- Ignore binlog files.
- Attest the binaries and packages from the build artifacts.

.github/workflows/build.yml

@@ -27,6 +27,11 @@ jobs:
     outputs:
       dotnet-sdk-version: ${{ steps.setup-dotnet.outputs.dotnet-version }}
 
+    permissions:
+      attestations: write
+      contents: read
+      id-token: write
+
     strategy:
       fail-fast: false
       matrix:
@@ -52,6 +57,20 @@ jobs:
       shell: pwsh
       run: ./build.ps1
 
+    - name: Attest artifacts
+      uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1
+      if: |
+        runner.os == 'Windows' &&
+        github.event.repository.fork == false &&
+        (github.ref_name == github.event.repository.default_branch || startsWith(github.ref, 'refs/tags/v'))
+      with:
+        subject-path: |
+          ./artifacts/bin/PseudoLocalize/release*/PseudoLocalize*.dll
+          ./artifacts/bin/PseudoLocalize/release*/PseudoLocalize*.exe
+          ./artifacts/bin/PseudoLocalizer.Core/release*/PseudoLocalize*.dll
+          ./artifacts/bin/PseudoLocalizer.Humanizer/release*/PseudoLocalize*.dll
+          ./artifacts/package/release/*
+
     - name: Publish artifacts
       uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
       with:
@@ -62,7 +81,7 @@ jobs:
       uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
       with:
         name: packages-${{ matrix.os_name }}
-        path: ./artifacts/packages
+        path: ./artifacts/package/release
         if-no-files-found: error
 
   validate-packages:

.gitignore

@@ -8,6 +8,7 @@ coverage*
 obj
 TestResults
 TestResult.xml
+*.binlog
 *.cache
 *.coverage
 *.qps-Ploc.*

Directory.Build.props

@@ -30,6 +30,7 @@
     <SignAssembly>true</SignAssembly>
     <SymbolPackageFormat>snupkg</SymbolPackageFormat>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+    <UseArtifactsOutput>true</UseArtifactsOutput>
     <AssemblyVersion>0.9.0.0</AssemblyVersion>
     <VersionPrefix>0.9.1</VersionPrefix>
   </PropertyGroup>

build.ps1

@@ -4,8 +4,6 @@
 #Requires -Version 7
 
 param(
-    [Parameter(Mandatory = $false)][string] $Configuration = "Release",
-    [Parameter(Mandatory = $false)][string] $OutputPath = "",
     [Parameter(Mandatory = $false)][switch] $SkipTests
 )
 
@@ -28,10 +26,6 @@ $testProjects = @(
 
 $dotnetVersion = (Get-Content $sdkFile | Out-String | ConvertFrom-Json).sdk.version
 
-if ($OutputPath -eq "") {
-    $OutputPath = Join-Path "$(Convert-Path "$PSScriptRoot")" "artifacts"
-}
-
 $installDotNetSdk = $false;
 
 if (($null -eq (Get-Command "dotnet" -ErrorAction SilentlyContinue)) -and ($null -eq (Get-Command "dotnet.exe" -ErrorAction SilentlyContinue))) {
@@ -89,7 +83,7 @@ if ($installDotNetSdk -eq $true) {
 function DotNetPack {
     param([string]$Project)
 
-    & $dotnet pack $Project --output (Join-Path $OutputPath "packages") --configuration $Configuration --include-symbols --include-source
+    & $dotnet pack $Project --include-symbols --include-source
 
     if ($LASTEXITCODE -ne 0) {
         throw "dotnet pack failed with exit code $LASTEXITCODE"
@@ -106,7 +100,7 @@ function DotNetTest {
         $additionalArgs += "GitHubActions;report-warnings=false"
     }
 
-    & $dotnet test $Project --output $OutputPath --configuration $Configuration $additionalArgs
+    & $dotnet test $Project --configuration "Release" $additionalArgs
 
     if ($LASTEXITCODE -ne 0) {
         throw "dotnet test failed with exit code $LASTEXITCODE"