Update Makefile LDFLAG #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .github/workflows/release.yml | |
| name: goreleaser | |
| on: | |
| pull_request: | |
| push: | |
| # run only against tags | |
| tags: | |
| - "*" | |
| jobs: | |
| goreleaser: | |
| runs-on: ubuntu-latest | |
| env: | |
| WORKSPACE: ${{github.workspace}} | |
| # Define job outputs from steps outputs | |
| # It is | |
| outputs: | |
| hashes: ${{ steps.publish-artifacts.outputs.hashes }} | |
| image: ${{ steps.publish-artifacts.outputs.name }} | |
| digest: ${{ steps.publish-artifacts.outputs.digest }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Publish Artifacts | |
| id : publish-artifacts | |
| uses: ./.github/actions/publish-release | |
| with: | |
| go-version: 1.21.6 | |
| github_token : ${{ secrets.GITHUB_TOKEN }} | |
| registry: ghcr.io | |
| registry_username: ${{ github.actor }} | |
| registry_password: ${{ secrets.GITHUB_TOKEN }} | |
| # Job generating provenance for blobs artifacts requiring checksum hash in base64 format | |
| # upload-assets is set to true to add in-toto attestation to the release | |
| binary-provenance: | |
| needs: [goreleaser] | |
| permissions: | |
| actions: read # To read the workflow path. | |
| id-token: write # To sign the provenance. | |
| contents: write # To add assets to a release. | |
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | |
| with: | |
| base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" | |
| upload-assets: true | |
| # Job generating provenance for container images requiring an image and an image digest | |
| image-provenance: | |
| needs: [goreleaser] | |
| permissions: | |
| actions: read | |
| id-token: write | |
| packages: write | |
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | |
| with: | |
| image: ${{ needs.goreleaser.outputs.image }} | |
| digest: ${{ needs.goreleaser.outputs.digest }} | |
| registry-username: ${{ github.actor }} | |
| secrets: | |
| registry-password: ${{ secrets.GITHUB_TOKEN }} | |
| verify-provenance: | |
| needs: [goreleaser, binary-provenance,image-provenance] | |
| runs-on: ubuntu-latest | |
| env: | |
| WORKSPACE: ${{github.workspace}} | |
| permissions: | |
| actions: read | |
| id-token: write | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Verify provenance attestations | |
| id : slsa-verifier | |
| uses: ./.github/actions/verify-attestations | |
| with: | |
| go-version: 1.21.6 | |
| github_token : ${{ secrets.GITHUB_TOKEN }} | |
| image: ${{needs.goreleaser.outputs.image}}@${{needs.goreleaser.outputs.digest}} |