-
Notifications
You must be signed in to change notification settings - Fork 2
160 lines (131 loc) · 4.41 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
name: Release
on:
push:
branches: [main]
permissions:
contents: write
packages: write
attestations: write
env:
SVU_VERSION: "2.2.0"
GO_VERSION: "1.23"
UPX_VERSION: "4.2.4"
jobs:
tag:
name: Determine Version
runs-on: ubuntu-latest
outputs:
VERSION: ${{ steps.tag.outputs.VERSION }}
PREV_VERSION: ${{ steps.tag.outputs.PREV_VERSION }}
SAME_VERSION: ${{ steps.tag.outputs.SAME_VERSION }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: get-tags
run: git fetch --force --tags
- name: Get svu
run: |
URL="https://github.com/caarlos0/svu/releases/download/v${SVU_VERSION}/svu_${SVU_VERSION}_linux_amd64.tar.gz"
wget --quiet $URL --output-document svu.tar.gz
tar -xzf svu.tar.gz
chmod +x svu
sudo mv svu /usr/local/bin/
svu --version
- id: tag
run: |
VERSION=$(svu next --tag-mode all-branches)
PREV_VERSION=$(svu current --tag-mode all-branches)
if [ "$VERSION" = "$PREV_VERSION" ]; then
echo "no new version detected"
SAME_VERSION=true
echo "SAME_VERSION=true" >> $GITHUB_OUTPUT
else
echo "new version detected"
SAME_VERSION=false
echo "SAME_VERSION=false" >> $GITHUB_OUTPUT
# Check if the tag already exists before creating it
if git rev-parse "v$VERSION" >/dev/null 2>&1; then
echo "Tag v$VERSION already exists, skipping tag creation."
else
git tag "$VERSION"
git push --tags
fi
fi
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
echo "PREV_VERSION=$PREV_VERSION" >> $GITHUB_OUTPUT
goreleaser:
name: Release
needs: [tag]
if: ${{ needs.tag.outputs.SAME_VERSION == 'false' }}
runs-on: ubuntu-latest
env:
GORELEASER_CURRENT_TAG: ${{ needs.tag.outputs.VERSION }}
GORELEASER_PREVIOUS_TAG: ${{ needs.tag.outputs.PREV_VERSION }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- run: git fetch --force --tags
- uses: actions/[email protected]
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: Get UPX
run: |
URL="https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-amd64_linux.tar.xz"
wget --quiet $URL --output-document upx.tar.xz
tar -xf upx.tar.xz
chmod +x upx-${UPX_VERSION}-amd64_linux/upx
sudo mv upx-${UPX_VERSION}-amd64_linux/upx /usr/local/bin/
rm -rf upx.tar.xz upx-${UPX_VERSION}-amd64_linux
upx --version
- uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser
args: release --clean
version: '~> v2'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# - name: Generate artifact attestation
# uses: actions/attest-build-provenance@v1
# with:
# subject-path: 'dist/mywhoop_*.zip'
Docker:
name: Docker Image Build and Push
needs: [tag, goreleaser]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push Docker Image
uses: docker/build-push-action@v6
id: build-and-push
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ghcr.io/${{ github.repository }}:${{ needs.tag.outputs.VERSION }}
build-args: |
VERSION=${{ needs.tag.outputs.VERSION }}
# - name: Generate SBOM attestation
# uses: actions/attest-sbom@v1
# with:
# subject-name: ${{ github.repository }}
# subject-digest: ${{ steps.build-and-push.outputs.digest }}
# sbom-path: 'sbom.json'
# push-to-registry: true