generated from ekristen/go-project-template
-
Notifications
You must be signed in to change notification settings - Fork 0
104 lines (101 loc) · 4.07 KB
/
goreleaser.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
name: goreleaser
on:
workflow_dispatch:
push:
branches:
- main
- next
- alpha
- beta
tags:
- "*"
release:
types:
- published
permissions:
contents: write
packages: write
id-token: write
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
if: github.event_name == 'pull_request'
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.ref }}
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
if: github.event_name != 'pull_request'
with:
fetch-depth: 0
- name: setup-go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5
with:
go-version: 1.23.x
- uses: anchore/sbom-action/download-syft@55dc4ee22412511ee8c3142cbea40418e6cec693 # v0.17.8
- name: setup qemu
id: qemu
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3
- name: setup docker buildx
id: buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: install cosign
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3
- name: install quill
env:
QUILL_VERSION: 0.4.1
run: |
curl -Lo /tmp/quill_${QUILL_VERSION}_linux_amd64.tar.gz https://github.com/anchore/quill/releases/download/v${QUILL_VERSION}/quill_${QUILL_VERSION}_linux_amd64.tar.gz
tar -xvf /tmp/quill_${QUILL_VERSION}_linux_amd64.tar.gz -C /tmp
mv /tmp/quill /usr/local/bin/quill
chmod +x /usr/local/bin/quill
- name: set goreleaser default args
if: startsWith(github.ref, 'refs/tags/') == true
run: |
echo "GORELEASER_ARGS=" >> $GITHUB_ENV
- name: set goreleaser args for branch
if: startsWith(github.ref, 'refs/tags/') == false
run: |
echo "GORELEASER_ARGS=--snapshot" >> $GITHUB_ENV
- name: set goreleaser args renovate
if: startsWith(github.ref, 'refs/heads/renovate') == true
run: |
echo "GORELEASER_ARGS=--snapshot --skip publish --skip sign" >> $GITHUB_ENV
- name: setup-quill
uses: 1password/load-secrets-action@581a835fb51b8e7ec56b71cf2ffddd7e68bb25e0 # v2
# Extra Safeguard - This ensures the secrets are only loaded on tag and a tag that the repo owner triggered
if: startsWith(github.ref, 'refs/tags/') == true && github.actor == 'ekristen-dev[bot]'
with:
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
QUILL_NOTARY_KEY: ${{ secrets.OP_QUILL_NOTARY_KEY }}
QUILL_NOTARY_KEY_ID: ${{ secrets.OP_QUILL_NOTARY_KEY_ID }}
QUILL_NOTARY_ISSUER: ${{ secrets.OP_QUILL_NOTARY_ISSUER }}
QUILL_SIGN_PASSWORD: ${{ secrets.OP_QUILL_SIGN_PASSWORD }}
QUILL_SIGN_P12: ${{ secrets.OP_QUILL_SIGN_P12 }}
- name: run goreleaser
uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6
with:
distribution: goreleaser
version: latest
args: release --clean ${{ env.GORELEASER_ARGS }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: push docker images (for branches)
if: github.ref == 'refs/heads/main' || github.event.pull_request.base.ref == 'main'
run: |
docker images --format "{{.Repository}}:{{.Tag}}" | grep "${{ github.repository }}" | xargs -L1 docker push
- name: upload artifacts
if: github.event.pull_request.base.ref == 'main'
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
with:
name: binaries
path: releases/*.tar.gz