2020-04-09 12:01:40 +01:00
|
|
|
name: Release
|
|
|
|
on:
|
|
|
|
push:
|
|
|
|
tags:
|
|
|
|
- 'v*'
|
|
|
|
jobs:
|
|
|
|
build:
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
env:
|
|
|
|
GO111MODULE: on
|
2021-01-22 10:36:52 +00:00
|
|
|
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
|
2020-04-09 12:01:40 +01:00
|
|
|
steps:
|
2022-06-23 13:50:50 +01:00
|
|
|
- name: Checkout Source
|
2023-09-11 09:53:32 +01:00
|
|
|
uses: actions/checkout@v4
|
2020-04-09 12:01:40 +01:00
|
|
|
- name: Unshallow
|
|
|
|
run: git fetch --prune --unshallow
|
|
|
|
- name: Set up Go
|
2023-12-11 00:29:44 +00:00
|
|
|
uses: actions/setup-go@v5
|
2020-04-09 12:01:40 +01:00
|
|
|
with:
|
2024-10-22 13:49:05 +01:00
|
|
|
go-version: '1.23.2'
|
2022-02-22 20:33:42 +00:00
|
|
|
- name: Install Cosign
|
2023-03-20 08:23:03 +00:00
|
|
|
uses: sigstore/cosign-installer@v3
|
2022-02-22 20:33:42 +00:00
|
|
|
with:
|
2024-10-22 13:49:05 +01:00
|
|
|
cosign-release: 'v2.4.1'
|
2022-02-22 20:33:42 +00:00
|
|
|
- name: Store Cosign private key in a file
|
|
|
|
run: 'echo "$COSIGN_KEY" > /tmp/cosign.key'
|
|
|
|
shell: bash
|
|
|
|
env:
|
|
|
|
COSIGN_KEY: ${{secrets.COSIGN_KEY}}
|
|
|
|
- name: Set up QEMU
|
2023-09-18 02:56:22 +01:00
|
|
|
uses: docker/setup-qemu-action@v3
|
2022-02-22 20:33:42 +00:00
|
|
|
- name: Set up Docker Buildx
|
2023-09-18 02:56:22 +01:00
|
|
|
uses: docker/setup-buildx-action@v3
|
2022-02-22 20:33:42 +00:00
|
|
|
- name: Login to DockerHub
|
2023-09-18 02:56:22 +01:00
|
|
|
uses: docker/login-action@v3
|
2022-02-22 20:33:42 +00:00
|
|
|
with:
|
|
|
|
username: ${{secrets.DOCKER_USERNAME}}
|
|
|
|
password: ${{secrets.DOCKER_PASSWORD}}
|
2021-06-21 09:50:44 +01:00
|
|
|
- name: Generate SBOM
|
2023-06-19 08:15:01 +01:00
|
|
|
uses: CycloneDX/gh-gomod-generate-sbom@v2
|
2021-06-21 09:50:44 +01:00
|
|
|
with:
|
2021-10-15 09:57:09 +01:00
|
|
|
version: v1
|
|
|
|
args: mod -licenses -json -output bom.json
|
2022-02-22 20:33:42 +00:00
|
|
|
- name: Docker meta
|
2023-09-18 02:56:22 +01:00
|
|
|
uses: docker/metadata-action@v5
|
2022-02-22 20:33:42 +00:00
|
|
|
id: meta
|
|
|
|
with:
|
|
|
|
images: securego/gosec
|
|
|
|
flavor: |
|
|
|
|
latest=true
|
|
|
|
tags: |
|
|
|
|
type=sha,format=long
|
|
|
|
type=semver,pattern={{version}}
|
2020-04-09 12:01:40 +01:00
|
|
|
- name: Release Binaries
|
2024-06-10 02:23:27 +01:00
|
|
|
uses: goreleaser/goreleaser-action@v6
|
2020-04-09 12:01:40 +01:00
|
|
|
with:
|
|
|
|
version: latest
|
2023-02-06 13:39:25 +00:00
|
|
|
args: release --clean
|
2020-04-09 12:01:40 +01:00
|
|
|
env:
|
2022-02-22 20:33:42 +00:00
|
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
|
|
|
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
|
2020-04-09 12:01:40 +01:00
|
|
|
- name: Release Docker Image
|
2024-06-24 02:57:09 +01:00
|
|
|
uses: docker/build-push-action@v6
|
2023-10-09 09:35:36 +01:00
|
|
|
id: relimage
|
2020-04-09 12:01:40 +01:00
|
|
|
with:
|
2023-11-16 04:40:03 +00:00
|
|
|
platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le
|
2022-02-22 20:33:42 +00:00
|
|
|
tags: ${{steps.meta.outputs.tags}}
|
|
|
|
labels: ${{steps.meta.outputs.labels}}
|
|
|
|
push: true
|
2024-08-19 08:17:50 +01:00
|
|
|
build-args: GO_VERSION=1.23
|
2022-02-22 20:33:42 +00:00
|
|
|
- name: Sign Docker Image
|
2024-10-01 16:10:45 +01:00
|
|
|
run: cosign sign --yes --key /tmp/cosign.key ${DIGEST} --registry-username="$secrets.DOCKER_USERNAME" --registry-password="::add-mask::$secrets.DOCKER_PASSWORD"
|
2022-02-22 20:33:42 +00:00
|
|
|
env:
|
|
|
|
TAGS: ${{steps.meta.outputs.tags}}
|
|
|
|
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
|
2023-05-17 14:27:49 +01:00
|
|
|
COSIGN_PRIVATE_KEY: /tmp/cosign.key
|
2023-10-09 09:35:36 +01:00
|
|
|
DIGEST: ${{steps.relimage.outputs.digest}}
|