Merge pull request #108 from sudo-bmitch/pr-gc-testing #234
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Go | |
on: | |
push: | |
branches: | |
- '**' | |
tags: | |
- 'v*.*.*' | |
pull_request: | |
branches: [ main ] | |
permissions: | |
contents: read | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
gover: ["1.20", "1.21", "1.22"] | |
env: | |
RELEASE_GO_VER: "1.22" | |
# do not automatically upgrade go to a different version: https://go.dev/doc/toolchain | |
GOTOOLCHAIN: "local" | |
permissions: | |
contents: write # needed for pushing release with softprops/actions-gh-release | |
id-token: write # needed for OIDC Token signing with cosign | |
steps: | |
- name: Check out code | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
- name: "Set up Go ${{ matrix.gover }}" | |
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
with: | |
go-version: "${{ matrix.gover }}" | |
check-latest: true | |
id: go | |
- name: Get dependencies | |
run: | | |
go get -v -t -d ./... | |
- name: Verify go fmt | |
run: test -z "$(go fmt ./...)" | |
- name: Verify go vet | |
run: test -z "$(go vet ./...)" | |
- name: Test | |
run: make test | |
- name: Linting | |
if: matrix.gover == env.RELEASE_GO_VER | |
run: make lint | |
- name: Install syft | |
if: startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main' | |
uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0 | |
id: syft | |
with: | |
syft-version: "v1.4.1" | |
- name: Build artifacts | |
if: startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main' | |
run: make artifacts | |
- name: Install cosign | |
if: ( startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main' ) && matrix.gover == env.RELEASE_GO_VER | |
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 | |
with: | |
cosign-release: "v2.2.4" | |
- name: Sign artifacts | |
if: ( startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main' ) && matrix.gover == env.RELEASE_GO_VER | |
run: | | |
cd artifacts | |
for artifact in \ | |
olareg-darwin-amd64 \ | |
olareg-darwin-arm64 \ | |
olareg-linux-amd64 \ | |
olareg-linux-arm64 \ | |
olareg-linux-ppc64le \ | |
olareg-linux-s390x \ | |
olareg-windows-amd64.exe \ | |
; do | |
cosign sign-blob -y --output-signature "${artifact%.exe}.sig" --output-certificate "${artifact%.exe}.pem" "${artifact}" | |
done | |
- name: Gather release details | |
if: startsWith( github.ref, 'refs/tags/v' ) && github.repository_owner == 'olareg' && matrix.gover == env.RELEASE_GO_VER | |
id: release_details | |
run: | | |
VERSION=${GITHUB_REF#refs/tags/} | |
VALID_RELEASE=false | |
if [ -f "release.md" ] && grep -q "Release $VERSION" release.md; then | |
VALID_RELEASE=true | |
fi | |
RELEASE_NOTES=$(cat release.md || echo release notes unavailable) | |
# escape % and linefeeds | |
RELEASE_NOTES="${RELEASE_NOTES//'%'/'%25'}" | |
RELEASE_NOTES="${RELEASE_NOTES//$'\n'/'%0A'}" | |
RELEASE_NOTES="${RELEASE_NOTES//$'\r'/'%0D'}" | |
echo ::set-output name=version::${VERSION} | |
echo ::set-output name=valid::${VALID_RELEASE} | |
echo ::set-output name=release_notes::${RELEASE_NOTES} | |
- name: Create release | |
if: steps.release_details.outputs.valid == 'true' && matrix.gover == env.RELEASE_GO_VER | |
id: release_create | |
uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ steps.release_details.outputs.version }} | |
body: ${{ steps.release_details.outputs.release_notes }} | |
draft: false | |
prerelease: false | |
files: ./artifacts/* | |
- name: Save artifacts | |
if: github.ref == 'refs/heads/main' && matrix.gover == env.RELEASE_GO_VER | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: binaries | |
path: ./artifacts/ | |
retention-days: 30 |