feat(go): update to go 1.22 #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| branches: [main, master] | |
| jobs: | |
| goreleaser: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| hashes: ${{ steps.hashes.outputs.hashes }} | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - | |
| id: vars | |
| run: | | |
| goVersion=$(grep '^FROM go' .github/go/Dockerfile | cut -d ' ' -f 2 | cut -d ':' -f 2) | |
| echo "go_version=${goVersion}" >> "$GITHUB_OUTPUT" | |
| echo "Using Go version ${goVersion}" | |
| - | |
| name: Set up Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ steps.vars.outputs.go_version }} | |
| - | |
| name: Run Trivy in GitHub SBOM mode and submit results to Dependency Snapshots | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| format: 'github' | |
| output: 'dependency-results.sbom.json' | |
| image-ref: '.' | |
| github-pat: ${{ secrets.GH_PRIVATEREPO_TOKEN }} | |
| - | |
| name: Remove SBOM result | |
| run: | | |
| rm dependency-results.sbom.json | |
| - | |
| name: Install syft | |
| run: | | |
| curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin | |
| - | |
| name: Create release tag | |
| uses: go-semantic-release/action@v1 | |
| id: semrel | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - | |
| run: git fetch -a | |
| if: steps.semrel.outputs.version != '' | |
| - | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - | |
| name: Release | |
| uses: goreleaser/goreleaser-action@v4.4.0 | |
| id: goreleaser | |
| if: steps.semrel.outputs.version != '' | |
| with: | |
| version: latest | |
| args: release --config=.github/goreleaser.yml --clean | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - | |
| name: Generate dist hashes | |
| id: hashes | |
| if: steps.semrel.outputs.version != '' | |
| env: | |
| ARTIFACTS: "${{ steps.goreleaser.outputs.artifacts }}" | |
| run: | | |
| checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path') | |
| echo "hashes=$(cat $checksum_file | base64 -w0)" >> "$GITHUB_OUTPUT" | |
| provenance: | |
| needs: [goreleaser] | |
| if: needs.goreleaser.outputs.hashes != '' | |
| permissions: | |
| actions: read # To read the workflow path. | |
| id-token: write # To sign the provenance. | |
| contents: write # To add assets to a release. | |
| uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 | |
| with: | |
| base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" | |
| upload-assets: true |