mirror of
https://github.com/securego/gosec.git
synced 2024-12-28 13:35:52 +00:00
699cb55eb3
Change-Id: I8c9767333830999d35119505fa70de1b133ba36f Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
77 lines
2.4 KiB
YAML
77 lines
2.4 KiB
YAML
name: Release
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v*'
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
GO111MODULE: on
|
|
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
|
|
steps:
|
|
- name: Checkout Source
|
|
uses: actions/checkout@v4
|
|
- name: Unshallow
|
|
run: git fetch --prune --unshallow
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.23.3'
|
|
- name: Install Cosign
|
|
uses: sigstore/cosign-installer@v3
|
|
with:
|
|
cosign-release: 'v2.4.1'
|
|
- name: Store Cosign private key in a file
|
|
run: 'echo "$COSIGN_KEY" > /tmp/cosign.key'
|
|
shell: bash
|
|
env:
|
|
COSIGN_KEY: ${{secrets.COSIGN_KEY}}
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
- name: Login to DockerHub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{secrets.DOCKER_USERNAME}}
|
|
password: ${{secrets.DOCKER_PASSWORD}}
|
|
- name: Generate SBOM
|
|
uses: CycloneDX/gh-gomod-generate-sbom@v2
|
|
with:
|
|
version: v1
|
|
args: mod -licenses -json -output bom.json
|
|
- name: Docker meta
|
|
uses: docker/metadata-action@v5
|
|
id: meta
|
|
with:
|
|
images: securego/gosec
|
|
flavor: |
|
|
latest=true
|
|
tags: |
|
|
type=sha,format=long
|
|
type=semver,pattern={{version}}
|
|
- name: Release Binaries
|
|
uses: goreleaser/goreleaser-action@v6
|
|
with:
|
|
version: latest
|
|
args: release --clean
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
|
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
|
|
- name: Release Docker Image
|
|
uses: docker/build-push-action@v6
|
|
id: relimage
|
|
with:
|
|
platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le
|
|
tags: ${{steps.meta.outputs.tags}}
|
|
labels: ${{steps.meta.outputs.labels}}
|
|
push: true
|
|
build-args: GO_VERSION=1.23
|
|
- name: Sign Docker Image
|
|
run: cosign sign --yes --key /tmp/cosign.key ${DIGEST} --registry-username="$secrets.DOCKER_USERNAME" --registry-password="::add-mask::$secrets.DOCKER_PASSWORD"
|
|
env:
|
|
TAGS: ${{steps.meta.outputs.tags}}
|
|
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
|
|
COSIGN_PRIVATE_KEY: /tmp/cosign.key
|
|
DIGEST: ${{steps.relimage.outputs.digest}}
|