chore(ci): bump actions/setup-go from 5 to 6 #128

Workflow file for this run

.github/workflows/release.yml at a202b42

	name: Release

	on:
	push: # To create/update release PR and to make a release.
	pull_request: # To update release PR after manually changing version for the next release.
	types: [edited]

	permissions:
	contents: write # To create/update release_pr branch, create a release and a tag.
	pull-requests: write # To create/update PR from release_pr branch.
	id-token: write # For cosign signing.

	env:
	GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN \|\| secrets.GITHUB_TOKEN }}

	jobs:
	release-pr:
	uses: powerman/workflows/.github/workflows/[email protected]
	with:
	version_cmd: \|
	echo "$RELEASE_PR_VERSION" \| grep -q '[+-]' \|\| {
	sed -i -E 's#(/dockerize/releases/download/)(v[0-9.]+)/#\1'"$RELEASE_PR_VERSION"'/#g' README.md
	sed -i -E 's#(powerman/dockerize:)([0-9.]+)#\1'"${RELEASE_PR_VERSION#v}"'#g' README.md
	}
	secrets:
	TOKEN: ${{ secrets.RELEASE_TOKEN }}

	build-and-upload:
	needs: [release-pr]
	if: ${{ needs.release-pr.outputs.result == 'released' }}
	permissions:
	contents: write # To upload to GitHub release.
	id-token: write # For cosign signing.
	timeout-minutes: 20
	runs-on: ubuntu-latest
	strategy:
	matrix:
	include:
	- {goos: linux, goarch: amd64}
	- {goos: linux, goarch: arm64}
	- {goos: linux, goarch: arm, goarm: 7}
	- {goos: linux, goarch: ppc64le}
	- {goos: linux, goarch: s390x}
	- {goos: linux, goarch: riscv64}
	- {goos: darwin, goarch: amd64}
	- {goos: darwin, goarch: arm64}
	- {goos: windows, goarch: amd64}
	- {goos: windows, goarch: arm64}
	steps:
	- uses: actions/checkout@v5
	with:
	token: ${{ env.GITHUB_TOKEN }}
	ref: ${{ needs.release-pr.outputs.version }}

	- name: Build binary
	id: build
	uses: wangyoucao577/[email protected]
	with:
	github_token: ${{ env.GITHUB_TOKEN }}
	goos: ${{ matrix.goos }}
	goarch: ${{ matrix.goarch }}
	goarm: ${{ matrix.goarm }}
	project_path: '.'
	binary_name: ${{ github.event.repository.name }}
	pre_command: 'export CGO_ENABLED=0'
	build_flags: '-trimpath' # Reproducible build (also needs -buildid= in ldflags).
	ldflags: '-s -w -buildid='
	executable_compression: >-
	${{ (
	!(matrix.goos == 'windows' && matrix.goarch == 'arm64') &&
	!(matrix.goos == 'linux' && matrix.goarch == 's390x') &&
	!(matrix.goos == 'linux' && matrix.goarch == 'riscv64')
	) && 'upx' \|\| '' }}
	md5sum: false
	compress_assets: 'OFF'
	release_tag: ${{ needs.release-pr.outputs.version }}
	overwrite: true
	upload: false

	- name: 'Fix after go-release-action: asset dir is owned by root and has no-arch binary'
	env:
	ASSET_DIR: ${{ steps.build.outputs.release_asset_dir }}
	run: \|
	sudo chown -R "$(id -u)" "$ASSET_DIR"
	rm -f "$ASSET_DIR/$(basename "$PWD")"{,.exe}

	- name: Install cosign
	uses: sigstore/cosign-installer@v3

	- name: Sign assets with cosign
	working-directory: ${{ steps.build.outputs.release_asset_dir }}
	run: \|
	for file in *; do
	if [[ -f "$file" && ! "$file" =~ \.(sha256\|md5\|sig)$ ]]; then
	echo "Signing $file..."
	cosign sign-blob --yes "$file" --output-signature "${file}.sig"
	fi
	done

	- name: Upload files to the release
	uses: softprops/action-gh-release@v2
	with:
	token: ${{ env.GITHUB_TOKEN }}
	tag_name: ${{ needs.release-pr.outputs.version }}
	body: ${{ needs.release-pr.outputs.changelog }}
	files: ${{ steps.build.outputs.release_asset_dir }}/*
	draft: true
	prerelease: ${{ needs.release-pr.outputs.prerelease }}
	make_latest: false

	docker:
	needs: [release-pr, build-and-upload]
	if: ${{ needs.release-pr.outputs.result == 'released' }}
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v5
	with:
	token: ${{ env.GITHUB_TOKEN }}
	ref: ${{ needs.release-pr.outputs.version }}

	- name: Download release assets
	env:
	VERSION: ${{ needs.release-pr.outputs.version }}
	run: \|
	mkdir -p .cache/dist
	gh release download "${VERSION}" --dir .cache/dist
	rm -f .cache/dist/*.sig # Remove signature files

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build image and upload to DockerHub Container Registry
	env:
	CR_USER: ${{ secrets.CR_USER }}
	CR_PAT: ${{ secrets.CR_PAT }}
	VERSION: ${{ needs.release-pr.outputs.version }}
	BINARY_NAME: ${{ github.event.repository.name }}
	run: \|
	docker login -u "${CR_USER}" -p "${CR_PAT}"

	IMAGE_NAME="${CR_USER}/${BINARY_NAME}"
	PATCH_VERSION="${VERSION/v}"
	MINOR_VERSION="$(echo "${PATCH_VERSION}" \| cut -d "." -f 1,2)"
	MAJOR_VERSION="$(echo "${PATCH_VERSION}" \| cut -d "." -f 1)"

	# Get platforms from release assets
	PLATFORMS=()
	for f in .cache/dist/-linux-; do
	platform="${f#*-linux-}"
	platform="linux/${platform//-//}"
	platform="${platform//armv/arm/v}"
	PLATFORMS+=("$platform")
	done

	SOURCE_DATE_EPOCH="$(git log -1 --pretty=%ct)" # Reproducible build.
	export SOURCE_DATE_EPOCH
	docker buildx build \
	--platform "$(IFS=, ; echo "${PLATFORMS[*]}")" \
	--build-arg VERSION="${VERSION}" \
	--tag "${IMAGE_NAME}:latest" \
	--tag "${IMAGE_NAME}:${PATCH_VERSION}" \
	--tag "${IMAGE_NAME}:${MINOR_VERSION}" \
	--tag "${IMAGE_NAME}:${MAJOR_VERSION}" \
	--push \
	.

	# Mark release as non-draft and latest.
	finalize:
	needs: [release-pr, build-and-upload, docker]
	if: ${{ needs.release-pr.outputs.result == 'released' }}
	permissions:
	contents: write # To update the GitHub release.
	timeout-minutes: 5
	runs-on: ubuntu-latest
	steps:
	- name: Publish release
	uses: softprops/action-gh-release@v2
	with:
	token: ${{ env.GITHUB_TOKEN }}
	tag_name: ${{ needs.release-pr.outputs.version }}
	body: ${{ needs.release-pr.outputs.changelog }}
	draft: false
	prerelease: ${{ needs.release-pr.outputs.prerelease }}
	make_latest: ${{ needs.release-pr.outputs.prerelease != 'true' }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(ci): bump actions/setup-go from 5 to 6 #128

Workflow file

chore(ci): bump actions/setup-go from 5 to 6 #128

Uh oh!

Jobs

Run details

Workflow file for this run