Merge pull request #2 from jippi/dependabot/go_modules/golang.org/x/c… #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| tags: | |
| - "v*" | |
| permissions: | |
| contents: write | |
| id-token: write | |
| packages: write | |
| jobs: | |
| trigger-generate: | |
| runs-on: ubuntu-latest | |
| needs: [goreleaser] | |
| steps: | |
| - uses: benc-uk/workflow-dispatch@v121 | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| with: | |
| repo: jippi/dottie | |
| ref: main | |
| token: ${{ secrets.GH_PAT }} | |
| workflow: generate.yml | |
| notify-goreleaser-cross: | |
| runs-on: ubuntu-latest | |
| needs: [trigger-generate] | |
| steps: | |
| - name: get version | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: echo "RELEASE_TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | |
| - name: notify goreleaser-cross with new release | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: benc-uk/workflow-dispatch@v121 | |
| with: | |
| token: ${{ secrets.GH_PAT }} | |
| repo: goreleaser/goreleaser-cross | |
| workflow: goreleaser-bump | |
| inputs: '{ "tag" : "${{ env.RELEASE_TAG }}" }' | |
| goreleaser-check-pkgs: | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_CLI_EXPERIMENTAL: "enabled" | |
| needs: [goreleaser] | |
| if: github.ref == 'refs/heads/main' | |
| strategy: | |
| matrix: | |
| format: [deb, rpm, apk] | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3 | |
| with: | |
| fetch-depth: 0 | |
| - uses: arduino/setup-task@e26d8975574116b0097a1161e0fe16ba75d84c1c # v1 | |
| with: | |
| version: 3.x | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v2 | |
| - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4 | |
| with: | |
| path: | | |
| ./dist/*.deb | |
| ./dist/*.rpm | |
| ./dist/*.apk | |
| key: ${{ github.ref }} | |
| - run: task goreleaser:test:${{ matrix.format }} | |
| goreleaser: | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_CLI_EXPERIMENTAL: "enabled" | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3 | |
| with: | |
| fetch-depth: 0 | |
| - uses: arduino/setup-task@e26d8975574116b0097a1161e0fe16ba75d84c1c # v1 | |
| with: | |
| version: 3.x | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v2 | |
| - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v2 | |
| - name: setup-snapcraft | |
| # FIXME: the mkdirs are a hack for https://github.com/goreleaser/goreleaser/issues/1715 | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get -yq --no-install-suggests --no-install-recommends install snapcraft | |
| mkdir -p $HOME/.cache/snapcraft/download | |
| mkdir -p $HOME/.cache/snapcraft/stage-packages | |
| - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v4 | |
| with: | |
| go-version: stable | |
| - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4 | |
| with: | |
| path: | | |
| ./dist/*.deb | |
| ./dist/*.rpm | |
| ./dist/*.apk | |
| key: ${{ github.ref }} | |
| - uses: sigstore/cosign-installer@v3.4.0 | |
| - uses: anchore/sbom-action/download-syft@v0.15.8 | |
| - uses: crazy-max/ghaction-upx@v3 | |
| with: | |
| install-only: true | |
| - uses: cachix/install-nix-action@v25 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: dockerhub-login | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: ghcr-login | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: snapcraft-login | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: snapcraft login --with <(echo "${{ secrets.SNAPCRAFT_LOGIN }}") | |
| - name: goreleaser-release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_PAT }} | |
| TWITTER_CONSUMER_KEY: ${{ secrets.TWITTER_CONSUMER_KEY }} | |
| TWITTER_CONSUMER_SECRET: ${{ secrets.TWITTER_CONSUMER_SECRET }} | |
| TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_ACCESS_TOKEN }} | |
| TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} | |
| MASTODON_CLIENT_ID: ${{ secrets.MASTODON_CLIENT_ID }} | |
| MASTODON_CLIENT_SECRET: ${{ secrets.MASTODON_CLIENT_SECRET }} | |
| MASTODON_ACCESS_TOKEN: ${{ secrets.MASTODON_ACCESS_TOKEN }} | |
| COSIGN_PWD: ${{ secrets.COSIGN_PWD }} | |
| FURY_TOKEN: ${{ secrets.FURY_TOKEN }} | |
| DISCORD_WEBHOOK_ID: ${{ secrets.DISCORD_WEBHOOK_ID }} | |
| DISCORD_WEBHOOK_TOKEN: ${{ secrets.DISCORD_WEBHOOK_TOKEN }} | |
| AUR_KEY: ${{ secrets.AUR_KEY }} | |
| run: task goreleaser |