name: release on: workflow_dispatch: inputs: version: description: Version required: true jobs: build: runs-on: ubuntu-latest permissions: id-token: write contents: write steps: - name: checkout uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 - name: shellcheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0 - name: Setup go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: go-version-file: './go.mod' check-latest: true - name: Install GoReleaser uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0 with: install-only: true - name: Install cosign uses: sigstore/cosign-installer@dd6b2e2b610a11fd73dd187a43d57cc1394e35f9 # v3.0.5 - name: Install syft uses: anchore/sbom-action/download-syft@4d571ad1038a9cc29d676154ef265ab8f9027042 # v0.14.0 - name: Install tools run: | ./setup.sh - name: Lint run: | go vet -v ./... goimports -w -l . go mod tidy git diff --exit-code - name: Set up QEMU uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 # v2.7.0 - name: Login to registry uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: quay.io username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Tag run: | git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" tag='${{ github.event.inputs.version }}' git tag --annotate --message "Tag for release $tag" "$tag" git push origin "refs/tags/$tag" - name: Build env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | set -o nounset set -o pipefail echo "Building release ${{ github.event.inputs.version }}" ./build.sh --release