Skip to content

Merge pull request #100 from go-faster/dependabot/github_actions/wago… #207

Merge pull request #100 from go-faster/dependabot/github_actions/wago…

Merge pull request #100 from go-faster/dependabot/github_actions/wago… #207

Workflow file for this run

name: release
on:
push:
branches: [main]
tags: ['v*']
permissions:
contents: write
packages: write
id-token: write # needed for signing the images with GitHub OIDC Token **not production ready**
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
IMAGE: ghcr.io/${{ github.repository }}
DOCKER_CLI_EXPERIMENTAL: "enabled"
jobs:
run:
runs-on: ubuntu-latest
steps:
# https://goreleaser.com/ci/actions/
- uses: actions/checkout@v4
with:
fetch-depth: 0
- run: git fetch --force --tags
- uses: sigstore/[email protected]
- uses: anchore/sbom-action/download-syft@v0
- run: sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin
- uses: docker/setup-buildx-action@v3
- name: Install Go
uses: actions/setup-go@v4
with:
go-version: "1.20.3"
cache: false
- name: Get Go environment
id: go-env
run: |
echo "cache=$(go env GOCACHE)" >> $GITHUB_ENV
echo "modcache=$(go env GOMODCACHE)" >> $GITHUB_ENV
echo "goversion=$(go env GOVERSION)" >> $GITHUB_ENV
- name: Set up cache
uses: actions/cache@v3
with:
path: |
${{ env.cache }}
${{ env.modcache }}
key: release-${{ runner.os }}-go-${{ env.goversion }}-${{ hashFiles('**/go.sum') }}
restore-keys: |
release-${{ runner.os }}-go-${{ env.goversion }}
- uses: actions/cache@v3
name: Releaser cache
with:
path: |
./dist/*.deb
./dist/*.rpm
./dist/*.apk
key: ${{ github.ref }}
- name: ghcr-login
if: startsWith(github.ref, 'refs/tags/v')
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: goreleaser-install
uses: goreleaser/goreleaser-action@v5
with:
install-only: true
- name: goreleaser-release
run: task goreleaser
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
COSIGN_YES: true