Skip to content

Release/Tag Workflow followup fixes (#256) #4

Release/Tag Workflow followup fixes (#256)

Release/Tag Workflow followup fixes (#256) #4

Workflow file for this run

name: Tag Release
on:
push:
branches:
- main
permissions:
id-token: write
contents: write
env:
VERSION_FILE: pkg/version/version.go
jobs:
tag:
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10
with:
egress-policy: audit
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
- uses: chainguard-dev/actions/setup-gitsign@e82b4e5ae10182af72972addcb3fedf7454621c8
- name: Get Version
id: get-version
run: |
VERSION=$(awk -F'"' '/ID string =/ {print $2}' ${{ env.VERSION_FILE }})
echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT"
- name: Create Tag
if: ${{ steps.get-version.outputs.VERSION != '' }}
run: |
VERSION=${{ steps.get-version.outputs.VERSION }}
if [ $(git tag -l "$VERSION") ]; then
echo "Tag already exists for version $VERSION"
exit 0
else
git config --global tag.gpgsign true
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git tag $VERSION
git push origin tag $VERSION
gitsign verify $(git rev-list --tags --max-count=1) --certificate-identity-regexp="https://github.com/${{ github.repository }}" --certificate-oidc-issuer="https://token.actions.githubusercontent.com"
fi