name: release on: workflow_dispatch: inputs: version: description: Version required: true permissions: {} jobs: build: runs-on: ubuntu-latest permissions: id-token: write contents: write steps: - name: checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: shellcheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0 - name: Setup go uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version: '1.25' check-latest: true cache: false - name: Install GoReleaser uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 with: install-only: true - name: Install cosign uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - name: Install syft uses: anchore/sbom-action/download-syft@62ad5284b8ced813296287a0b63906cb364b73ee # v0.22.0 - name: Install tools run: | ./setup.sh - name: Lint run: | go vet -v ./... goimports -w -l . go mod tidy git diff --exit-code - name: Set up QEMU uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Login to registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: quay.io username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Tag run: | git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" tag='${{ github.event.inputs.version }}' git tag --annotate --message "Tag for release $tag" "$tag" git push origin "refs/tags/$tag" - name: Build env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | set -o nounset set -o pipefail echo "Building release ${{ github.event.inputs.version }}" ./build.sh --release