chore: release v0.9.5 (#1839) #155
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2023 Terramate GmbH | |
# SPDX-License-Identifier: MPL-2.0 | |
name: release | |
on: | |
push: | |
tags: | |
- '*' | |
permissions: | |
contents: write | |
packages: write | |
jobs: | |
goreleaser: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: '1.21' | |
- name: Log in to ghcr.io container registry | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
- name: install goreleaser | |
run: | | |
curl -sL https://github.com/goreleaser/goreleaser-pro/releases/download/v1.14.0-pro/goreleaser-pro_Linux_x86_64.tar.gz -o /tmp/goreleaser.tar.gz | |
cd /tmp && tar -xzf goreleaser.tar.gz && chmod +x goreleaser | |
sudo mv /tmp/goreleaser /usr/local/bin/ | |
- name: install cosign | |
run: go install github.com/sigstore/cosign/v2/cmd/[email protected] | |
- name: Create cosign.pub file | |
run: echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub | |
- name: Run GoReleaser | |
run: make release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DISCORD_WEBHOOK_ID: ${{ secrets.DISCORD_WEBHOOK_ID }} | |
DISCORD_WEBHOOK_TOKEN: ${{ secrets.DISCORD_WEBHOOK_TOKEN }} | |
TWITTER_CONSUMER_KEY: ${{ secrets.TWITTER_APP_TERRAMATE_RELEASE_CONSUMER_API_KEY }} | |
TWITTER_CONSUMER_SECRET: ${{ secrets.TWITTER_APP_TERRAMATE_RELEASE_CONSUMER_API_KEY_SECRET }} | |
TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_MINEIROS_IO_ACCESS_TOKEN_KEY }} | |
TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_MINEIROS_IO_ACCESS_TOKEN_SECRET }} | |
GORELEASER_KEY: ${{ secrets.GORELEASER_API_KEY }} | |
FURY_TOKEN: ${{ secrets.FURY_TOKEN}} | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD}} | |
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY }} | |
- name: Locate checksum file | |
id: find_checksum | |
run: | | |
if [ -z "$(ls dist/*checksums.txt)" ]; then | |
echo "Error: Checksum file not found." | |
exit 1 | |
fi | |
echo "CHECKSUM_FILE=$(ls dist/*checksums.txt)" >> $GITHUB_ENV | |
- name: Locate signature file | |
id: find_signature | |
run: | | |
if [ -z "$(ls dist/*checksum*.txt.sig)" ]; then | |
echo "Error: Signature file not found." | |
exit 1 | |
fi | |
echo "SIGNATURE_FILE=$(ls dist/*checksum*.txt.sig)" >> $GITHUB_ENV | |
- name: Verify checksums with cosign | |
run: | | |
cosign verify-blob --key cosign.pub --signature ${{ env.SIGNATURE_FILE }} ${{ env.CHECKSUM_FILE }} |