Merge pull request #3763 from saschagrunert/logging #317

Workflow file for this run

.github/workflows/release.yml at 27310fb

	---
	name: release

	on:
	push:
	tags:
	- 'v*'

	permissions:
	contents: read

	jobs:
	release:
	runs-on: ubuntu-latest

	permissions:
	id-token: write
	contents: write

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
	with:
	disable-sudo: true
	egress-policy: audit

	- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.5.2
	with:
	fetch-depth: 1

	- name: Set up Go
	id: go
	uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
	with:
	go-version: '1.23'
	check-latest: true

	- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0

	- name: Install bom
	uses: kubernetes-sigs/release-actions/setup-bom@2f8b9ec22aedc9ce15039b6c7716aa6c2907df1c # v0.2.0

	- name: Build and publish release
	uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
	if: contains(github.ref, 'refs/tags')
	with:
	args: release --clean
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
	with:
	name: artifacts
	path: dist/*

	attestation:
	runs-on: ubuntu-latest

	permissions:
	id-token: write
	contents: write

	needs:
	- release

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
	with:
	disable-sudo: true
	egress-policy: audit

	- name: Check out code onto GOPATH
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	with:
	fetch-depth: 1

	- name: Set tag output
	id: tag
	run: echo "tag_name=${GITHUB_REF#refs/*/}" >> "$GITHUB_OUTPUT"

	- name: Install tejolote
	uses: kubernetes-sigs/release-actions/setup-tejolote@2f8b9ec22aedc9ce15039b6c7716aa6c2907df1c # v0.2.0

	- run: \|
	tejolote attest --artifacts github://kubernetes/release/${{ steps.tag.outputs.tag_name }} github://kubernetes/release/"${GITHUB_RUN_ID}" --output release.intoto.json --sign
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Release
	uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
	with:
	files: release.intoto.json
	tag_name: "${{ steps.tag.outputs.tag_name }}"
	token: ${{ secrets.GITHUB_TOKEN }}
	env:
	GITHUB_REPOSITORY: kubernetes/release

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #3763 from saschagrunert/logging #317

Workflow file

Merge pull request #3763 from saschagrunert/logging #317

Jobs

Run details

Workflow file for this run