Skip to content

ci: bump actions/attest-build-provenance from 1 to 2 #489

ci: bump actions/attest-build-provenance from 1 to 2

ci: bump actions/attest-build-provenance from 1 to 2 #489

Workflow file for this run

name: Release Hub
on:
pull_request:
branches:
- main
push:
branches:
- main
tags:
- v*.*.*
workflow_dispatch:
inputs: {}
permissions:
contents: write
id-token: write
attestations: write
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: "1.23"
cache-dependency-path: |
go.sum
caddy/go.sum
- name: Login to Docker Hub
if: startsWith(github.ref, 'refs/tags/v')
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Import GPG key
if: startsWith(github.ref, 'refs/tags/v')
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
- name: Set GoReleaser Git tags
run: |
tags=$(git tag --list --sort=-version:refname 'v*')
echo "GORELEASER_CURRENT_TAG=$(awk 'NR==1 {print;exit}' <<< "$tags")" >> "$GITHUB_ENV"
echo "GORELEASER_PREVIOUS_TAG=$(awk 'NR==2 {print;exit}' <<< "$tags")" >> "$GITHUB_ENV"
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
version: latest
args: ${{ startsWith(github.ref, 'refs/tags/v') && 'release' || 'build --single-target --snapshot' }} --clean --timeout 60m
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_FINGERPRINT: ${{ startsWith(github.ref, 'refs/tags/v') && steps.import_gpg.outputs.fingerprint || '' }}
- name: Attest
if: startsWith(github.ref, 'refs/tags/v')
uses: actions/attest-build-provenance@v2
with:
subject-path: "${{ github.workspace }}/dist/**/mercure"
- name: Display version
run: dist/caddy_linux_amd64_v1/mercure version
- name: Upload snapshot
if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
uses: actions/upload-artifact@v4
with:
name: snapshot
path: dist/*
retention-days: 1