-
-
Notifications
You must be signed in to change notification settings - Fork 497
101 lines (95 loc) · 3.57 KB
/
autorelease.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# This is a basic workflow to help you get started with Actions
name: release
# Controls when the action will run.
on:
# Triggers the workflow on push or pull request events but only for the master branch
push:
tags:
- 'v*'
permissions:
contents: read
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
-
name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: '1.23'
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- uses: anchore/sbom-action/download-syft@251a468eed47e5082b105c3ba6ee500c0e65a764 # v0.17.6
# ubuntu is missing wixl https://github.com/actions/virtual-environments/issues/3857
-
name: "Install GNOME msitools (wixl)"
run: sudo apt update -qq && sudo apt install -qq -y wixl
-
name: Import GPG signing key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
-
name: Debug
run: |
echo "GPG ---------------------"
echo "fingerprint: ${{ steps.import_gpg.outputs.fingerprint }}"
echo "keyid: ${{ steps.import_gpg.outputs.keyid }}"
echo "name: ${{ steps.import_gpg.outputs.name }}"
echo "email: ${{ steps.import_gpg.outputs.email }}"
echo "Go env ------------------"
pwd
echo ${HOME}
echo ${GITHUB_WORKSPACE}
echo ${GOPATH}
echo ${GOROOT}
env
-
name: Generate release-notes
run: |
go run helpers/changelog/main.go >../RELEASE_NOTES
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
with:
version: latest
args: release --release-notes=../RELEASE_NOTES
env:
GITHUB_TOKEN: ${{ secrets.GH_PAT }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
GOPATH: /home/runner/go
-
name: "Add Windows installer (msi) to release"
run: | # until https://github.com/goreleaser/goreleaser/issues/1295, disabled until #2038 is fixed
tag="${GITHUB_REF#refs/tags/}"
version=${tag#v}
make msi
msi=dist/gopass-x64-windows-${version}.msi
gh release upload "${tag}" "${msi}"
env:
GITHUB_TOKEN: ${{ secrets.GH_PAT }}
-
name: "Upload deb files to apt hosting"
run: |
for D in dist/*.deb; do
curl -H"X-Filename: ${D}" -H"X-Apikey: ${APIKEY}" -XPOST --data-binary @$D https://packages.gopass.pw/repos/gopass/upload
curl -H"X-Filename: ${D}" -H"X-Apikey: ${APIKEY}" -XPOST --data-binary @$D https://packages.gopass.pw/repos/gopass-unstable/upload
done
env:
APIKEY: ${{ secrets.APT_APIKEY }}