-
Notifications
You must be signed in to change notification settings - Fork 23
94 lines (83 loc) · 2.7 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
name: release
on:
push:
tags:
- "v*"
pull_request:
workflow_call:
secrets:
PERSONAL_ACCESS_TOKEN:
required: true
PUBLIC_GCR_JSON_KEY:
required: true
permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
jobs:
version:
runs-on: ubuntu-latest
if: startsWith(github.head_ref, 'renovate') == false
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Detect Version for Docker
id: docker-version
run: echo "VERSION=$(SEP="-" scripts/version)" >> $GITHUB_OUTPUT
- name: Detect Version
id: version
run: echo "VERSION=$(scripts/version)" >> $GITHUB_OUTPUT
outputs:
docker-version: ${{ steps.docker-version.outputs.VERSION }}
version: ${{ steps.version.outputs.VERSION }}
goreleaser:
timeout-minutes: 90
runs-on: ubuntu-latest
needs:
- version
env:
SUMMARY: ${{ needs.version.outputs.docker-version }}
VERSION: ${{ needs.version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.20'
check-latest: true # https://github.com/actions/setup-go#check-latest-version
cache: true # https://github.com/actions/setup-go#caching-dependency-files-and-build-outputs
- uses: sigstore/[email protected] # installs cosign
- uses: anchore/sbom-action/[email protected] # installs syft
- name: Login to GCR
uses: docker/login-action@v2
with:
registry: us.gcr.io
username: _json_key
password: ${{ secrets.PUBLIC_GCR_JSON_KEY }}
- name: Install GoReleaser
uses: goreleaser/goreleaser-action@v4
with:
version: latest
install-only: true
- name: Generate SBOM
uses: CycloneDX/gh-gomod-generate-sbom@v2
with:
args: mod -licenses -json -output bom.json
version: ^v1
- name: Release
if: startsWith(github.ref , 'refs/tags/v') == true
run: make release
env:
GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- name: Snapshot
if: startsWith(github.ref , 'refs/tags/v') == false
run: make snapshot
env:
GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
GORELEASER_CURRENT_TAG: ${{ needs.version.outputs.docker-version }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}