Skip to content

fix(cli): apply governance suppressions before SARIF export (#105) #34

fix(cli): apply governance suppressions before SARIF export (#105)

fix(cli): apply governance suppressions before SARIF export (#105) #34

Workflow file for this run

# SPDX-FileCopyrightText: 2026 PythonWoods <dev@pythonwoods.dev>
# SPDX-License-Identifier: Apache-2.0
name: Zenzic Core Release
on:
push:
tags:
- "v*.*.*"
permissions:
contents: write
id-token: write
attestations: write
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
with:
fetch-depth: 0
- name: Setup uv
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
with:
enable-cache: true
- name: Sync dependencies (frozen lockfile)
run: uv sync --all-groups --frozen
- name: Build
run: uv build
- name: Package brand kit
run: zip -qr brand-kit.zip assets/brand/
- name: Generate build provenance attestation
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
with:
subject-path: dist/*
# --- DISABILITATO TEMPORANEAMENTE ---
# - name: Publish to PyPI
# run: uv publish
# -------------------------------------
- name: Generate GitHub Release
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3
with:
files: |
dist/*
brand-kit.zip
generate_release_notes: true
make_latest: true