mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 03:55:54 +00:00
11898d512a
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
74 lines
2.2 KiB
YAML
74 lines
2.2 KiB
YAML
name: Release
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v*'
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
GO111MODULE: on
|
|
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
|
|
steps:
|
|
- name: Checkout Source
|
|
uses: actions/checkout@v3
|
|
- name: Unshallow
|
|
run: git fetch --prune --unshallow
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: '1.19.3'
|
|
- name: Install Cosign
|
|
uses: sigstore/cosign-installer@v2
|
|
with:
|
|
cosign-release: 'v1.6.0'
|
|
- name: Store Cosign private key in a file
|
|
run: 'echo "$COSIGN_KEY" > /tmp/cosign.key'
|
|
shell: bash
|
|
env:
|
|
COSIGN_KEY: ${{secrets.COSIGN_KEY}}
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v2
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v2
|
|
- name: Login to DockerHub
|
|
uses: docker/login-action@v2
|
|
with:
|
|
username: ${{secrets.DOCKER_USERNAME}}
|
|
password: ${{secrets.DOCKER_PASSWORD}}
|
|
- name: Generate SBOM
|
|
uses: CycloneDX/gh-gomod-generate-sbom@v1
|
|
with:
|
|
version: v1
|
|
args: mod -licenses -json -output bom.json
|
|
- name: Docker meta
|
|
uses: docker/metadata-action@v4
|
|
id: meta
|
|
with:
|
|
images: securego/gosec
|
|
flavor: |
|
|
latest=true
|
|
tags: |
|
|
type=sha,format=long
|
|
type=semver,pattern={{version}}
|
|
- name: Release Binaries
|
|
uses: goreleaser/goreleaser-action@v4
|
|
with:
|
|
version: latest
|
|
args: release --rm-dist
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
|
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
|
|
- name: Release Docker Image
|
|
uses: docker/build-push-action@v3
|
|
with:
|
|
platforms: linux/amd64,linux/arm/v7,linux/arm64
|
|
tags: ${{steps.meta.outputs.tags}}
|
|
labels: ${{steps.meta.outputs.labels}}
|
|
push: true
|
|
build-args: GO_VERSION=1.19
|
|
- name: Sign Docker Image
|
|
run: cosign sign -key /tmp/cosign.key ${TAGS}
|
|
env:
|
|
TAGS: ${{steps.meta.outputs.tags}}
|
|
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
|