2020-04-09 12:01:40 +01:00
|
|
|
name: Release
|
|
|
|
on:
|
|
|
|
push:
|
|
|
|
tags:
|
|
|
|
- 'v*'
|
|
|
|
jobs:
|
|
|
|
build:
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
env:
|
|
|
|
GO111MODULE: on
|
2021-01-22 10:36:52 +00:00
|
|
|
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
|
2020-04-09 12:01:40 +01:00
|
|
|
steps:
|
2022-06-23 13:50:50 +01:00
|
|
|
- name: Checkout Source
|
2023-09-11 09:53:32 +01:00
|
|
|
uses: actions/checkout@v4
|
2020-04-09 12:01:40 +01:00
|
|
|
- name: Unshallow
|
|
|
|
run: git fetch --prune --unshallow
|
|
|
|
- name: Set up Go
|
2023-03-20 08:23:03 +00:00
|
|
|
uses: actions/setup-go@v4
|
2020-04-09 12:01:40 +01:00
|
|
|
with:
|
2023-09-11 10:01:10 +01:00
|
|
|
go-version: '1.21.1'
|
2022-02-22 20:33:42 +00:00
|
|
|
- name: Install Cosign
|
2023-03-20 08:23:03 +00:00
|
|
|
uses: sigstore/cosign-installer@v3
|
2022-02-22 20:33:42 +00:00
|
|
|
with:
|
2023-08-17 08:53:01 +01:00
|
|
|
cosign-release: 'v2.1.1'
|
2022-02-22 20:33:42 +00:00
|
|
|
- name: Store Cosign private key in a file
|
|
|
|
run: 'echo "$COSIGN_KEY" > /tmp/cosign.key'
|
|
|
|
shell: bash
|
|
|
|
env:
|
|
|
|
COSIGN_KEY: ${{secrets.COSIGN_KEY}}
|
|
|
|
- name: Set up QEMU
|
2023-09-18 02:56:22 +01:00
|
|
|
uses: docker/setup-qemu-action@v3
|
2022-02-22 20:33:42 +00:00
|
|
|
- name: Set up Docker Buildx
|
2023-09-18 02:56:22 +01:00
|
|
|
uses: docker/setup-buildx-action@v3
|
2022-02-22 20:33:42 +00:00
|
|
|
- name: Login to DockerHub
|
2023-09-18 02:56:22 +01:00
|
|
|
uses: docker/login-action@v3
|
2022-02-22 20:33:42 +00:00
|
|
|
with:
|
|
|
|
username: ${{secrets.DOCKER_USERNAME}}
|
|
|
|
password: ${{secrets.DOCKER_PASSWORD}}
|
2021-06-21 09:50:44 +01:00
|
|
|
- name: Generate SBOM
|
2023-06-19 08:15:01 +01:00
|
|
|
uses: CycloneDX/gh-gomod-generate-sbom@v2
|
2021-06-21 09:50:44 +01:00
|
|
|
with:
|
2021-10-15 09:57:09 +01:00
|
|
|
version: v1
|
|
|
|
args: mod -licenses -json -output bom.json
|
2022-02-22 20:33:42 +00:00
|
|
|
- name: Docker meta
|
2023-09-18 02:56:22 +01:00
|
|
|
uses: docker/metadata-action@v5
|
2022-02-22 20:33:42 +00:00
|
|
|
id: meta
|
|
|
|
with:
|
|
|
|
images: securego/gosec
|
|
|
|
flavor: |
|
|
|
|
latest=true
|
|
|
|
tags: |
|
|
|
|
type=sha,format=long
|
|
|
|
type=semver,pattern={{version}}
|
2020-04-09 12:01:40 +01:00
|
|
|
- name: Release Binaries
|
2023-09-18 02:56:22 +01:00
|
|
|
uses: goreleaser/goreleaser-action@v5
|
2020-04-09 12:01:40 +01:00
|
|
|
with:
|
|
|
|
version: latest
|
2023-02-06 13:39:25 +00:00
|
|
|
args: release --clean
|
2020-04-09 12:01:40 +01:00
|
|
|
env:
|
2022-02-22 20:33:42 +00:00
|
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
|
|
|
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
|
2020-04-09 12:01:40 +01:00
|
|
|
- name: Release Docker Image
|
2023-09-18 02:56:22 +01:00
|
|
|
uses: docker/build-push-action@v5
|
2020-04-09 12:01:40 +01:00
|
|
|
with:
|
2022-02-22 20:33:42 +00:00
|
|
|
platforms: linux/amd64,linux/arm/v7,linux/arm64
|
|
|
|
tags: ${{steps.meta.outputs.tags}}
|
|
|
|
labels: ${{steps.meta.outputs.labels}}
|
|
|
|
push: true
|
2023-08-14 08:59:18 +01:00
|
|
|
build-args: GO_VERSION=1.21
|
2022-02-22 20:33:42 +00:00
|
|
|
- name: Sign Docker Image
|
2023-05-17 14:58:25 +01:00
|
|
|
run: cosign sign --yes --key /tmp/cosign.key ${DIGEST}
|
2022-02-22 20:33:42 +00:00
|
|
|
env:
|
|
|
|
TAGS: ${{steps.meta.outputs.tags}}
|
|
|
|
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
|
2023-05-17 14:27:49 +01:00
|
|
|
COSIGN_PRIVATE_KEY: /tmp/cosign.key
|
|
|
|
DIGEST: ${{steps.build-push-action.outputs.digest}}
|