Skip to content

chore: release v0.9.5 (#1839) #155

chore: release v0.9.5 (#1839)

chore: release v0.9.5 (#1839) #155

Workflow file for this run

# Copyright 2023 Terramate GmbH
# SPDX-License-Identifier: MPL-2.0
name: release
on:
push:
tags:
- '*'
permissions:
contents: write
packages: write
jobs:
goreleaser:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-go@v4
with:
go-version: '1.21'
- name: Log in to ghcr.io container registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: install goreleaser
run: |
curl -sL https://github.com/goreleaser/goreleaser-pro/releases/download/v1.14.0-pro/goreleaser-pro_Linux_x86_64.tar.gz -o /tmp/goreleaser.tar.gz
cd /tmp && tar -xzf goreleaser.tar.gz && chmod +x goreleaser
sudo mv /tmp/goreleaser /usr/local/bin/
- name: install cosign
run: go install github.com/sigstore/cosign/v2/cmd/[email protected]
- name: Create cosign.pub file
run: echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub
- name: Run GoReleaser
run: make release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DISCORD_WEBHOOK_ID: ${{ secrets.DISCORD_WEBHOOK_ID }}
DISCORD_WEBHOOK_TOKEN: ${{ secrets.DISCORD_WEBHOOK_TOKEN }}
TWITTER_CONSUMER_KEY: ${{ secrets.TWITTER_APP_TERRAMATE_RELEASE_CONSUMER_API_KEY }}
TWITTER_CONSUMER_SECRET: ${{ secrets.TWITTER_APP_TERRAMATE_RELEASE_CONSUMER_API_KEY_SECRET }}
TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_MINEIROS_IO_ACCESS_TOKEN_KEY }}
TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_MINEIROS_IO_ACCESS_TOKEN_SECRET }}
GORELEASER_KEY: ${{ secrets.GORELEASER_API_KEY }}
FURY_TOKEN: ${{ secrets.FURY_TOKEN}}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD}}
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY }}
- name: Locate checksum file
id: find_checksum
run: |
if [ -z "$(ls dist/*checksums.txt)" ]; then
echo "Error: Checksum file not found."
exit 1
fi
echo "CHECKSUM_FILE=$(ls dist/*checksums.txt)" >> $GITHUB_ENV
- name: Locate signature file
id: find_signature
run: |
if [ -z "$(ls dist/*checksum*.txt.sig)" ]; then
echo "Error: Signature file not found."
exit 1
fi
echo "SIGNATURE_FILE=$(ls dist/*checksum*.txt.sig)" >> $GITHUB_ENV
- name: Verify checksums with cosign
run: |
cosign verify-blob --key cosign.pub --signature ${{ env.SIGNATURE_FILE }} ${{ env.CHECKSUM_FILE }}