forked from chainguard-dev/malcontent
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5 from egibs/release-automation
Create releases via macos-latest + GoReleaser
- Loading branch information
Showing
3 changed files
with
119 additions
and
135 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,45 +1,36 @@ | ||
name: Cut Release | ||
name: release | ||
|
||
# run only on tags | ||
on: | ||
workflow_dispatch: | ||
push: | ||
tags: | ||
- 'v*' | ||
|
||
permissions: | ||
id-token: write | ||
contents: write | ||
|
||
env: | ||
VERSION_FILE: pkg/version/version.go | ||
id-token: write # needed for federation | ||
contents: write # needed to write releases | ||
|
||
jobs: | ||
tag: | ||
if: ${{ github.repository }} == 'chainguard-dev/bincapz' | ||
runs-on: ubuntu-latest | ||
release: | ||
if: github.ref_type == 'tag' | ||
runs-on: macos-latest | ||
steps: | ||
- uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde | ||
with: | ||
egress-policy: audit | ||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | ||
- uses: chainguard-dev/actions/setup-gitsign@e82b4e5ae10182af72972addcb3fedf7454621c8 | ||
- name: Get Version | ||
id: get-version | ||
run: | | ||
VERSION=$(awk -F'"' '/ID string =/ {print $2}' ${{ env.VERSION_FILE }}) | ||
if [[ ! "${VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | ||
echo "Error: VERSION is not a valid semver" | ||
exit 1 | ||
fi | ||
echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT" | ||
- name: Create Release | ||
env: | ||
GH_TOKEN: ${{ github.token }} | ||
if: ${{ steps.get-version.outputs.VERSION != '' }} | ||
run: | | ||
VERSION=${{ steps.get-version.outputs.VERSION }} | ||
if [[ ! "${VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | ||
echo "Error: VERSION is not a valid semver" | ||
exit 1 | ||
fi | ||
git config --global tag.gpgsign true | ||
git config user.name "github-actions[bot]" | ||
git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | ||
gh release create "$VERSION" --title "$VERSION" --notes "Release $VERSION" --draft | ||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | ||
with: | ||
fetch-depth: 0 | ||
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 | ||
with: | ||
go-version: go.mod | ||
cache: true | ||
- uses: goto-bus-stop/setup-zig@7ab2955eb728f5440978d5824358023be3a2802d | ||
- name: Set output | ||
id: macos_sdk | ||
run: echo "path=$(xcrun --show-sdk-path)" >> $GITHUB_OUTPUT | ||
- uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 | ||
with: | ||
version: latest | ||
args: release --clean | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
SDK_PATH: ${{ steps.macos_sdk.outputs.path }} | ||
VERSION: ${{ github.ref_name }} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,28 +1,104 @@ | ||
# Sourced and adapted from https://github.com/goreleaser/goreleaser-example-zig-cgo/blob/master/.goreleaser.yaml | ||
project_name: bincapz | ||
|
||
before: | ||
hooks: | ||
- go mod tidy | ||
|
||
builds: | ||
- id: bincapz-build | ||
binary: bincapz | ||
main: ./ | ||
- id: bincapz-macos-build | ||
goos: | ||
- darwin | ||
- linux | ||
- windows | ||
- darwin | ||
goarch: | ||
- amd64 | ||
- arm64 | ||
ldflags: | ||
- -s -w | ||
- -X main.BuildVersion={{.Env.VERSION}} | ||
flags: | ||
- -trimpath | ||
mod_timestamp: '{{ .CommitTimestamp }}' | ||
- -trimpath | ||
- -buildmode=pie | ||
env: | ||
- CGO_ENABLED=1 | ||
- >- | ||
{{- if eq .Os "darwin" }} | ||
{{- if eq .Arch "amd64"}}CC=zig c -target x86_64-macos-none -F{{ .Env.SDK_PATH }}/System/Library/Frameworks{{- end }} | ||
{{- if eq .Arch "arm64"}}CC=zig c -target aarch64-macos-none -F{{ .Env.SDK_PATH }}/System/Library/Frameworks{{- end }} | ||
{{- end }} | ||
- >- | ||
{{- if eq .Os "darwin" }} | ||
{{- if eq .Arch "amd64"}}CC=zig c++ -target x86_64-macos-none -F{{ .Env.SDK_PATH }}/System/Library/Frameworks{{- end }} | ||
{{- if eq .Arch "arm64"}}CC=zig c++ -target aarch64-macos-none -F{{ .Env.SDK_PATH }}/System/Library/Frameworks{{- end }} | ||
{{- end }} | ||
- id: bincapz-linux-build | ||
goos: | ||
- linux | ||
goarch: | ||
- amd64 | ||
- arm64 | ||
ldflags: | ||
- -s -w | ||
- -X main.BuildVersion={{.Env.VERSION}} | ||
flags: | ||
- -trimpath | ||
env: | ||
- CGO_ENABLED=1 | ||
- >- | ||
{{- if eq .Os "linux" }} | ||
{{- if eq .Arch "amd64" }}CC=zig c -target x86_64-linux-musl{{- end }} | ||
{{- if eq .Arch "arm64"}}CC=zig c -target aarch64-linux-musl{{- end }} | ||
{{- end }} | ||
- >- | ||
{{- if eq .Os "linux" }} | ||
{{- if eq .Arch "amd64" }}CC=zig c++ -target x86_64-linux-musl{{- end }} | ||
{{- if eq .Arch "arm64"}}CC=zig c++ -target aarch64-linux-musl{{- end }} | ||
{{- end }} | ||
- id: bincapz-windows-build | ||
goos: | ||
- windows | ||
goarch: | ||
- amd64 | ||
- arm64 | ||
ldflags: | ||
- -X main.BuildVersion={{.Version}} | ||
- -s -w | ||
- -X main.BuildVersion={{.Env.VERSION}} | ||
flags: | ||
- -trimpath | ||
env: | ||
- CGO_ENABLED=1 | ||
- >- | ||
{{- if eq .Os "windows" }} | ||
{{- if eq .Arch "amd64" }}CC=zig c -target x86_64-windows-gnu{{- end }} | ||
{{- if eq .Arch "arm64"}}CC=zig c -target aarch64-windows-gnu{{- end }} | ||
{{- end }} | ||
- >- | ||
{{- if eq .Os "windows" }} | ||
{{- if eq .Arch "amd64" }}CC=zig c++ -target x86_64-windows-gnu{{- end }} | ||
{{- if eq .Arch "arm64"}}CC=zig c++ -target aarch64-windows-gnu{{- end }} | ||
{{- end }} | ||
archives: | ||
- format: tar.gz | ||
# this name template makes the OS and Arch compatible with the results of uname. | ||
name_template: >- | ||
{{ .ProjectName }}_ | ||
{{- title .Os }}_ | ||
{{- if eq .Arch "amd64" }}x86_64 | ||
{{- else if eq .Arch "386" }}i386 | ||
{{- else }}{{ .Arch }}{{ end }} | ||
{{- if .Arm }}v{{ .Arm }}{{ end }} | ||
# use zip for windows archives | ||
format_overrides: | ||
- goos: windows | ||
format: zip | ||
checksum: | ||
name_template: 'checksums.txt' | ||
|
||
changelog: | ||
sort: asc | ||
|
||
snapshot: | ||
name_template: "{{ incpatch .Version }}-next" | ||
changelog: | ||
sort: asc | ||
filters: | ||
exclude: | ||
- '^docs:' | ||
- '^test:' |