143 lines (140 loc) · 5.31 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: release
on:
push:
branches:
- "main"
tags:
- "v*"
permissions:
contents: write
id-token: write
packages: write
jobs:
trigger-generate:
runs-on: ubuntu-latest
needs: [goreleaser]
steps:
- uses: benc-uk/workflow-dispatch@v1.2.3
if: startsWith(github.ref, 'refs/tags/v')
with:
repo: goreleaser/goreleaser
ref: main
token: ${{ secrets.GH_PAT }}
workflow: generate.yml
notify-goreleaser-cross:
runs-on: ubuntu-latest
needs: [trigger-generate]
steps:
- name: get version
if: startsWith(github.ref, 'refs/tags/v')
run: echo "RELEASE_TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
- name: notify goreleaser-cross with new release
if: startsWith(github.ref, 'refs/tags/v')
uses: benc-uk/workflow-dispatch@v1.2.3
with:
token: ${{ secrets.GH_PAT }}
repo: goreleaser/goreleaser-cross
workflow: goreleaser-bump
inputs: '{ "tag" : "${{ env.RELEASE_TAG }}" }'
goreleaser-check-pkgs:
runs-on: ubuntu-latest
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
needs: [goreleaser]
if: github.ref == 'refs/heads/main'
strategy:
matrix:
format: [deb, rpm, apk]
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v3
with:
fetch-depth: 0
- uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v1
with:
version: 3.x
repo-token: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v2
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: |
./dist/*.deb
./dist/*.rpm
./dist/*.apk
key: ${{ github.ref }}
- run: task goreleaser:test:${{ matrix.format }}
goreleaser:
runs-on: ubuntu-latest
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v3
with:
fetch-depth: 0
- uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v1
with:
version: 3.x
repo-token: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v2
- uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3
- name: setup-snapcraft
# FIXME: the mkdirs are a hack for https://github.com/goreleaser/goreleaser/issues/1715
run: |
sudo apt-get update
sudo apt-get -yq --no-install-suggests --no-install-recommends install snapcraft
mkdir -p $HOME/.cache/snapcraft/download
mkdir -p $HOME/.cache/snapcraft/stage-packages
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v4
with:
go-version: stable
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: |
./dist/*.deb
./dist/*.rpm
./dist/*.apk
key: ${{ github.ref }}
- uses: sigstore/cosign-installer@v3.5.0
- uses: anchore/sbom-action/download-syft@v0.16.0
- uses: crazy-max/ghaction-upx@v3
with:
install-only: true
- uses: cachix/install-nix-action@V27
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- name: dockerhub-login
if: startsWith(github.ref, 'refs/tags/v')
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: ghcr-login
if: startsWith(github.ref, 'refs/tags/v')
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: snapcraft-login
if: startsWith(github.ref, 'refs/tags/v')
run: snapcraft login --with <(echo "${{ secrets.SNAPCRAFT_LOGIN }}")
- name: goreleaser-release
env:
GITHUB_TOKEN: ${{ secrets.GH_PAT }}
TWITTER_CONSUMER_KEY: ${{ secrets.TWITTER_CONSUMER_KEY }}
TWITTER_CONSUMER_SECRET: ${{ secrets.TWITTER_CONSUMER_SECRET }}
TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_ACCESS_TOKEN }}
TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
MASTODON_CLIENT_ID: ${{ secrets.MASTODON_CLIENT_ID }}
MASTODON_CLIENT_SECRET: ${{ secrets.MASTODON_CLIENT_SECRET }}
MASTODON_ACCESS_TOKEN: ${{ secrets.MASTODON_ACCESS_TOKEN }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
FURY_TOKEN: ${{ secrets.FURY_TOKEN }}
DISCORD_WEBHOOK_ID: ${{ secrets.DISCORD_WEBHOOK_ID }}
DISCORD_WEBHOOK_TOKEN: ${{ secrets.DISCORD_WEBHOOK_TOKEN }}
AUR_KEY: ${{ secrets.AUR_KEY }}
MACOS_SIGN_P12: ${{ secrets.MACOS_SIGN_P12 }}
MACOS_SIGN_PASSWORD: ${{ secrets.MACOS_SIGN_PASSWORD }}
MACOS_NOTARY_ISSUER_ID: ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID }}
MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY }}
run: task goreleaser