Skip to content

Merge pull request #4123 from kptdev/dependabot/go_modules/porch/api/… #69

Merge pull request #4123 from kptdev/dependabot/go_modules/porch/api/…

Merge pull request #4123 from kptdev/dependabot/go_modules/porch/api/… #69

Workflow file for this run

# Copyright 2021 The kpt Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: kpt Release
on:
push:
tags:
- "v[1-9].*.*"
jobs:
build:
runs-on: ubuntu-latest
name: kpt-release
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
steps:
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: '>=1.21.6'
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Build, Test, Lint
run: |
git config --global user.email [email protected]
git config --global user.name Your Name
make all
make test-docker
- name: Login to GCR
uses: docker/login-action@v2
with:
registry: gcr.io
username: _json_key
password: ${{ secrets.GCR_TOKEN }}
- name: Check Licenses
run: |
./scripts/create-licenses.sh
- name: Setup release environment
id: setup-release-env
run: |-
echo 'GITHUB_TOKEN=${{secrets.GITHUB_TOKEN}}' > .release-env
- name: Run GoReleaser
id: run-goreleaser
uses: goreleaser/goreleaser-action@v4
with:
distribution: goreleaser
version: latest
args: release --skip-validate -f release/tag/goreleaser.yaml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Generate SLSA subjects for provenance
id: hash
run: |
set -euo pipefail
checksum_file=$(cat dist/artifacts.json | jq -r '.[] | select (.type=="Checksum") | .path')
echo "::set-output name=hashes::$(cat $checksum_file | base64 -w0)"
provenance:
needs: [build]
permissions:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
compile-generator: true # Workaround for https://github.com/slsa-framework/slsa-github-generator/issues/1163
base64-subjects: "${{ needs.build.outputs.hashes }}"
upload-assets: true # upload to a new release