-
Notifications
You must be signed in to change notification settings - Fork 3
131 lines (111 loc) · 4.1 KB
/
go.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Go
on:
push:
branches:
- '**'
tags:
- 'v*.*.*'
pull_request:
branches: [ main ]
permissions:
contents: read
jobs:
build:
name: Build
runs-on: ubuntu-latest
strategy:
matrix:
gover: ["1.20", "1.21", "1.22"]
env:
RELEASE_GO_VER: "1.22"
# do not automatically upgrade go to a different version: https://go.dev/doc/toolchain
GOTOOLCHAIN: "local"
permissions:
contents: write # needed for pushing release with softprops/actions-gh-release
id-token: write # needed for OIDC Token signing with cosign
steps:
- name: Check out code
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: "Set up Go ${{ matrix.gover }}"
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: "${{ matrix.gover }}"
check-latest: true
id: go
- name: Get dependencies
run: |
go get -v -t -d ./...
- name: Verify go fmt
run: test -z "$(go fmt ./...)"
- name: Verify go vet
run: test -z "$(go vet ./...)"
- name: Test
run: make test
- name: Linting
if: matrix.gover == env.RELEASE_GO_VER
run: make lint
- name: Install syft
if: startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main'
uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
id: syft
with:
syft-version: "v1.4.1"
- name: Build artifacts
if: startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main'
run: make artifacts
- name: Install cosign
if: ( startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main' ) && matrix.gover == env.RELEASE_GO_VER
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
with:
cosign-release: "v2.2.4"
- name: Sign artifacts
if: ( startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main' ) && matrix.gover == env.RELEASE_GO_VER
run: |
cd artifacts
for artifact in \
olareg-darwin-amd64 \
olareg-darwin-arm64 \
olareg-linux-amd64 \
olareg-linux-arm64 \
olareg-linux-ppc64le \
olareg-linux-s390x \
olareg-windows-amd64.exe \
; do
cosign sign-blob -y --output-signature "${artifact%.exe}.sig" --output-certificate "${artifact%.exe}.pem" "${artifact}"
done
- name: Gather release details
if: startsWith( github.ref, 'refs/tags/v' ) && github.repository_owner == 'olareg' && matrix.gover == env.RELEASE_GO_VER
id: release_details
run: |
VERSION=${GITHUB_REF#refs/tags/}
VALID_RELEASE=false
if [ -f "release.md" ] && grep -q "Release $VERSION" release.md; then
VALID_RELEASE=true
fi
RELEASE_NOTES=$(cat release.md || echo release notes unavailable)
# escape % and linefeeds
RELEASE_NOTES="${RELEASE_NOTES//'%'/'%25'}"
RELEASE_NOTES="${RELEASE_NOTES//$'\n'/'%0A'}"
RELEASE_NOTES="${RELEASE_NOTES//$'\r'/'%0D'}"
echo ::set-output name=version::${VERSION}
echo ::set-output name=valid::${VALID_RELEASE}
echo ::set-output name=release_notes::${RELEASE_NOTES}
- name: Create release
if: steps.release_details.outputs.valid == 'true' && matrix.gover == env.RELEASE_GO_VER
id: release_create
uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.release_details.outputs.version }}
body: ${{ steps.release_details.outputs.release_notes }}
draft: false
prerelease: false
files: ./artifacts/*
- name: Save artifacts
if: github.ref == 'refs/heads/main' && matrix.gover == env.RELEASE_GO_VER
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: binaries
path: ./artifacts/
retention-days: 30