Skip to content
release

feat: trigger latest release #9

Sign in to view logs

feat: trigger latest release

feat: trigger latest release #9

Workflow file for this run

.github/workflows/release.yml at 6cd5f04
name: release
on:
push:
branches: [main, master]
jobs:
goreleaser:
runs-on: ubuntu-latest
outputs:
hashes: ${{ steps.hashes.outputs.hashes }}
version: ${{ steps.semrel.outputs.version }}
permissions:
contents: write
packages: write
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
-
id: vars
run: |
goVersion=$(grep '^FROM go' .github/go/Dockerfile | cut -d ' ' -f 2 | cut -d ':' -f 2)
echo "go_version=${goVersion}" >> $GITHUB_OUTPUT
echo "Using Go version ${goVersion}"
-
name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ steps.vars.outputs.go_version }}
-
name: Run Trivy in GitHub SBOM mode and submit results to Dependency Snapshots
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
format: 'github'
output: 'dependency-results.sbom.json'
image-ref: '.'
github-pat: ${{ secrets.GH_PRIVATEREPO_TOKEN }}
-
name: Remove SBOM result
run: |
rm dependency-results.sbom.json
-
name: Install syft
run: |
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
-
name: Create release tag
uses: go-semantic-release/action@v1
id: semrel
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
-
run: git fetch -a
if: steps.semrel.outputs.version != ''
-
name: Release
uses: goreleaser/goreleaser-action@v5.0.0
if: steps.semrel.outputs.version != ''
with:
version: latest
args: release --config=.github/goreleaser.yml --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
name: Generate dist hashes
id: hashes
if: steps.semrel.outputs.version != ''
env:
ARTIFACTS: "${{ steps.goreleaser.outputs.artifacts }}"
run: |
checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path')
echo "hashes=$(cat $checksum_file | base64 -w0)" >> $GITHUB_OUTPUT
provenance:
needs: [goreleaser]
if: needs.goreleaser.outputs.hashes != ''
permissions:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
with:
base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"