feat: Update GitHub workflow release.yml to use latest actions #150

Workflow file for this run

.github/workflows/release.yml at 937cbd4

	---
	name: "Test and release"

	on:
	workflow_dispatch:
	push:

	jobs:
	prepare:
	name: Prepare
	runs-on: ubuntu-latest
	outputs:
	version: ${{ steps.get_version.outputs.version }}
	is_release: ${{ steps.check.outputs.is_release }}
	is_snapshot: ${{ steps.check.outputs.is_snapshot }}
	is_prerelease: ${{ steps.prerelease.outputs.is_prerelease }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Get version
	id: get_version
	run: \|
	version=$(echo "${{ github.ref }}" \| sed -e 's/^refs\/tags\///' \| sed -e 's/^refs\/heads\///')
	echo "version=$version" >> $GITHUB_OUTPUT

	- name: Check if release/snapshot
	id: check
	run: \|
	if [[ $GITHUB_REF == refs/tags/v* && $GITHUB_BRANCH == refs/heads/main ]]; then
	echo "is_release=true" >> $GITHUB_OUTPUT
	echo "is_snapshot=false" >> $GITHUB_OUTPUT
	else
	echo "is_release=false" >> $GITHUB_OUTPUT
	echo "is_snapshot=true" >> $GITHUB_OUTPUT
	fi

	- name: Check if prerelease
	id: prerelease
	run: \|
	# Check for non semver tags
	if [[ ${{ steps.get_version.outputs.version }} != "v"* ]]; then
	echo "is_prerelease=true" >> $GITHUB_OUTPUT
	exit 0
	fi

	if [[ ${{ steps.get_version.outputs.version }} == "rc" ]] \|\| \
	[[ ${{ steps.get_version.outputs.version }} == "beta" ]] \|\| \
	[[ ${{ steps.get_version.outputs.version }} == "alpha" ]]; then
	echo "is_prerelease=true" >> $GITHUB_OUTPUT
	else
	echo "is_prerelease=false" >> $GITHUB_OUTPUT
	fi

	test:
	name: Test
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Setup Go
	id: setup_go
	uses: actions/setup-go@v5
	with:
	go-version-file: 'go.mod'
	cache: true
	check-latest: true

	- name: Tests
	id: test
	run: \|
	go mod tidy
	go test -v ./...

	build-snapshot:
	name: Build snapshot
	needs: [ test, prepare ]
	if: ${{ needs.prepare.outputs.is_snapshot == 'true' }}
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Setup Go
	id: setup_go
	uses: actions/setup-go@v5
	with:
	go-version-file: 'go.mod'
	cache: true
	check-latest: true

	- name: Run GoReleaser snapshot
	id: goreleaser-snapshot
	uses: goreleaser/goreleaser-action@v6
	with:
	version: latest
	args: --clean --snapshot
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: packages-snapshot
	path: \|
	dist/*.deb
	dist/*.rpm
	dist/*.tar.gz
	dist/*.zip
	dist/Checksums.txt
	if-no-files-found: error

	build-release:
	name: Build release
	needs: [ test, prepare ]
	if: ${{ needs.prepare.outputs.is_release == 'true' }}
	runs-on: ubuntu-latest
	outputs:
	gpg_fingerprint: ${{ steps.import_gpg.outputs.fingerprint }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Setup Go
	id: setup_go
	uses: actions/setup-go@v5
	with:
	go-version-file: 'go.mod'
	cache: true
	check-latest: true

	- name: Import GPG key
	id: import_gpg
	uses: crazy-max/ghaction-import-gpg@v6
	with:
	gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.GPG_PASSPHRASE }}

	- name: Install required packages for deb and rpm signing
	run: \|
	sudo apt-get install rpm dpkg-sig -y

	- name: Run GoReleaser release
	id: goreleaser-release
	uses: goreleaser/goreleaser-action@v6
	with:
	version: latest
	args: release --clean
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Sign deb packages
	id: sign_deb
	run: \|
	for file in dist/*.deb; do
	dpkg-sig --sign builder -k ${{ steps.import_gpg.outputs.fingerprint }} $file
	done

	- name: Sign rpm packages
	id: sign_rpm
	run: \|
	# Setup .rpmmacros
	cat <<EOF > ~/.rpmmacros
	%_signature gpg
	%_gpg_name ${{ steps.import_gpg.outputs.fingerprint }}
	%_gpgbin /usr/bin/gpg2
	%__gpg_sign_cmd %{__gpg} \
	gpg \
	--batch \
	--pinentry-mode loopback \
	--verbose \
	--digest-algo sha512 \
	--local-user "%{_gpg_name}" \
	--no-armour \
	--detach-sign \
	--output %{__signature_filename} %{__plaintext_filename}
	EOF
	for file in dist/*.rpm; do
	rpm --addsign $file
	done

	- name: Upload artifacts
	id: upload_artifacts
	uses: actions/upload-artifact@v4
	with:
	name: packages-release
	path: \|
	dist/*.deb
	dist/*.rpm
	dist/*.tar.gz
	dist/*.zip
	dist/Checksums.txt
	if-no-files-found: error

	create-github-release:
	name: Create GitHub release
	needs: [ build-release ]
	if: ${{ needs.build-release.outputs.is_release == 'true' }}
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Create change log using git log
	id: changelog
	run: \|
	cat <<EOF > CHANGELOG.md
	## Changelog
	$(git log --graph --pretty=format:'%h - %s (@%an)' --abbrev-commit $(git describe --tags --abbrev=0)..HEAD)
	EOF

	- name: Download artifacts
	id: download_artifacts
	uses: actions/download-artifact@v4
	with:
	name: packages-release
	path: packages

	- name: Create GitHub release
	id: create_release
	uses: softprops/action-gh-release@v2
	with:
	tag_name: ${{ needs.build-release.outputs.version }}
	name: Release ${{ needs.build-release.outputs.version }}
	body_path: CHANGELOG.md
	prerelease: ${{ needs.build-release.outputs.is_prerelease }}
	files: \|
	packages/*.deb
	packages/*.rpm
	packages/*.tar.gz
	packages/*.zip
	packages/Checksums.txt

	upload-to-rpm-repository:
	name: Upload to rpm repository
	needs: [ build-release ]
	if: ${{ needs.build-release.outputs.is_release == 'true' }}
	runs-on: ubuntu-latest
	steps:
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: packages-release
	path: packages

	- name: Set up SSH
	id: setup_ssh
	uses: webfactory/ssh-agent@v0.9.0
	with:
	ssh-private-key: ${{ secrets.REPOSITORY_SSH_KEY }}
	log-public-key: false

	- name: Add repository host to known hosts
	run: \|
	mkdir -p ~/.ssh
	echo "${{ secrets.KNOWN_HOSTS }}" >> ~/.ssh/known_hosts

	- name: Upload using rsync over SSH and update repository
	id: upload_to_repository
	run: \|
	package_type="rpm"
	packages=$(find packages -type f -name *.$package_type)

	for package in $packages; do
	package_name=$(basename $package)
	package_arch=${package_name%.$package_type}
	package_arch=${package_arch##*.}

	package_dir=${{ secrets.REPOSITORY_PATH }}/$package_type/release/$package_arch

	# Create directory if not exists
	ssh -p ${{ secrets.REPOSITORY_HOST_PORT }} ${{ secrets.REPOSITORY_USER }}@${{ secrets.REPOSITORY_HOST }} \
	"mkdir -p $package_dir"

	# Upload package
	echo "Uploading $package_name to ${{ secrets.REPOSITORY_USER }}@${{ secrets.REPOSITORY_HOST }}:$package_dir"
	rsync -avz --no-perms --no-owner --no-group -e "ssh -p ${{ secrets.REPOSITORY_HOST_PORT }}" $package \
	${{ secrets.REPOSITORY_USER }}@${{ secrets.REPOSITORY_HOST }}:$package_dir/

	# Update rpm repository
	ssh -p ${{ secrets.REPOSITORY_HOST_PORT }} ${{ secrets.REPOSITORY_USER }}@${{ secrets.REPOSITORY_HOST }} \
	"cd $package_dir && \
	createrepo --update . && \
	gpg2 --homedir=/home/${{ secrets.REPOSITORY_USER }}/.gnupg \
	--batch \
	--pinentry-mode loopback \
	--verbose \
	--local-user "${{ needs.build-release.outputs.gpg_fingerprint }}" \
	--passphrase-file "/home/${{ secrets.REPOSITORY_USER }}/.gnupg/passphrase" \
	--armor \
	--detach-sign \
	--yes ./repodata/repomd.xml"
	done

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Update GitHub workflow release.yml to use latest actions #150

Workflow file

feat: Update GitHub workflow release.yml to use latest actions #150

Jobs

Run details

Workflow file for this run