Merge pull request #3838 from saschagrunert/release-notes-index-fix-2 #321

Workflow file for this run

.github/workflows/release.yml at b723b17

	---
	name: release

	on:
	push:
	tags:
	- 'v*'

	permissions:
	contents: read

	jobs:
	release:
	runs-on: ubuntu-latest

	permissions:
	id-token: write
	contents: write

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
	with:
	disable-sudo: true
	egress-policy: audit

	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3.5.2
	with:
	fetch-depth: 1

	- name: Set up Go
	id: go
	uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
	with:
	go-version: '1.23'
	check-latest: true

	- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0

	- name: Install bom
	uses: kubernetes-sigs/release-actions/setup-bom@a69972745f85aab4ba5d6c681e2a0e7f73eaff2b # v0.3.0

	- name: Build and publish release
	uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
	if: contains(github.ref, 'refs/tags')
	with:
	args: release --clean
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
	with:
	name: artifacts
	path: dist/*

	attestation:
	runs-on: ubuntu-latest

	permissions:
	id-token: write
	contents: write

	needs:
	- release

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
	with:
	disable-sudo: true
	egress-policy: audit

	- name: Check out code onto GOPATH
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	fetch-depth: 1

	- name: Set tag output
	id: tag
	run: echo "tag_name=${GITHUB_REF#refs/*/}" >> "$GITHUB_OUTPUT"

	- name: Install tejolote
	uses: kubernetes-sigs/release-actions/setup-tejolote@a69972745f85aab4ba5d6c681e2a0e7f73eaff2b # v0.3.0

	- run: \|
	tejolote attest --artifacts github://kubernetes/release/${{ steps.tag.outputs.tag_name }} github://kubernetes/release/"${GITHUB_RUN_ID}" --output release.intoto.json --sign
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Release
	uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
	with:
	files: release.intoto.json
	tag_name: "${{ steps.tag.outputs.tag_name }}"
	token: ${{ secrets.GITHUB_TOKEN }}
	env:
	GITHUB_REPOSITORY: kubernetes/release

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #3838 from saschagrunert/release-notes-index-fix-2 #321

Workflow file

Merge pull request #3838 from saschagrunert/release-notes-index-fix-2 #321

Jobs

Run details

Workflow file for this run