Release #21
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "v*.*.*" | |
| jobs: | |
| build: | |
| name: Build binaries | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build dockerfile | |
| run: make docker | |
| - name: Build binaries | |
| run: make binaries | |
| - name: Set env | |
| run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
| - name: Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| boltz-client-*.tar.gz | |
| boltz-client-manifest-*.txt | |
| draft: true | |
| body: | | |
| # Summary | |
| TODO | |
| # Highlights | |
| TODO | |
| # Verifying the Release | |
| In order to verify the release, you'll need to have `gpg` or `gpg2` installed on your system. You'll first need to import the keys that have signed this release if you haven't done so already: | |
| ``` | |
| curl https://raw.githubusercontent.com/BoltzExchange/boltz-client/master/keys/michael.asc | gpg --import | |
| ``` | |
| Once you have the required PGP keys, you can verify the release (assuming `boltz-client-manifest-${{ env.RELEASE_VERSION }}.txt.sig` and `boltz-client-manifest-${{ env.RELEASE_VERSION }}.txt` are in the current directory) with: | |
| ``` | |
| gpg --verify boltz-client-manifest-${{ env.RELEASE_VERSION }}.txt.sig boltz-client-manifest-${{ env.RELEASE_VERSION }}.txt | |
| ``` | |
| You should see the following if the verification was successful: | |
| ``` | |
| gpg: Signature made Mo 01 Jul 2024 00:40:51 CEST | |
| gpg: using RSA key C2640F630570F5EDEDE02DE684D249BA71685D46 | |
| gpg: Good signature from "Michael <[email protected]>" [unknown] | |
| gpg: aka "Michael <[email protected]>" [unknown] | |
| ``` | |
| You should also verify that the hashes still match with the archive you've downloaded. | |
| ``` | |
| sha256sum --ignore-missing -c boltz-client-manifest-${{ env.RELEASE_VERSION }}.txt | |
| ``` | |
| If your archive is valid, you should see the following output (depending on the archive you've downloaded): | |
| ``` | |
| boltz-client-linux-amd64-${{ env.RELEASE_VERSION }}.tar.gz: OK | |
| ``` | |