Update distribute-binaries.yml #7
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Distribute Binaries | |
on: | |
push: | |
tags: | |
- 'v*' # Trigger the workflow for tags like v1.0, v2.1, etc. | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
if: env.skip != 'true' | |
uses: actions/checkout@v2 | |
- name: Set up Go | |
if: env.skip != 'true' | |
uses: actions/setup-go@v3 | |
with: | |
go-version: '1.23' | |
- name: Install build tools | |
if: env.skip != 'true' | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y gcc g++ libc6-dev gcc-multilib g++-x86-64-linux-gnu osslsigncode openssl | |
- name: Build Go binary | |
run: | | |
GOOS=windows GOARCH=amd64 go build -o myapp . | |
- name: Import Private Key from GitHub Secrets | |
if: env.skip != 'true' | |
env: | |
PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }} | |
run: | | |
echo "$PRIVATE_KEY" > private.key | |
chmod 600 private.key | |
- name: Generate Certificate Signing Request (CSR) | |
env: | |
REQUEST_CSR_SUBJECT: ${{ secrets.REQUEST_CSR_SUBJECT }} | |
run: | | |
openssl req -new -key private.key -out request.csr -subj "$REQUEST_CSR_SUBJECT" | |
- name: Self-Sign the CSR to Create a Certificate | |
run: | | |
openssl x509 -req -in request.csr -signkey private.key -out myapp-cert.pem | |
- name: Sign Binary with Private Key | |
run: | | |
openssl dgst -sha256 -sign private.key -out myapp.sig myapp | |
- name: Upload Signed Binary, Certificate, and Signature | |
uses: softprops/action-gh-release@v1 | |
with: | |
files: myapp myapp.sig myapp-cert.pem | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |