mirror of
https://github.com/regclient/regclient.git
synced 2025-04-18 22:44:00 +03:00
19a6a46281
- Go to v1.24.2 - ECR Helper to latest commit - anchore/syft to v1.22.0 - library/registry to v3.0.0 - securego/gosec to v2.22.3 - google/osv-scanner to v2.0.1 Signed-off-by: Brandon Mitchell <git@bmitch.net>
163 lines
5.2 KiB
YAML
163 lines
5.2 KiB
YAML
name: Go
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- '**'
|
|
tags:
|
|
- 'v*.*.*'
|
|
pull_request:
|
|
branches: [ main ]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
|
|
build:
|
|
name: Build
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
gover: ["1.22", "1.23", "1.24"]
|
|
|
|
env:
|
|
RELEASE_GO_VER: "1.24"
|
|
# do not automatically upgrade go to a different version: https://go.dev/doc/toolchain
|
|
GOTOOLCHAIN: "local"
|
|
|
|
permissions:
|
|
contents: write # needed for pushing release with softprops/actions-gh-release
|
|
id-token: write # needed for OIDC Token signing with cosign
|
|
|
|
steps:
|
|
- name: Check out code
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: "Set up Go ${{ matrix.gover }}"
|
|
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
|
|
with:
|
|
go-version: "${{ matrix.gover }}"
|
|
check-latest: true
|
|
id: go
|
|
|
|
- name: Get dependencies
|
|
run: |
|
|
go get -v -t -d ./...
|
|
|
|
- name: Verify go fmt
|
|
run: test -z "$(go fmt ./...)"
|
|
|
|
- name: Verify go vet
|
|
run: test -z "$(go vet ./...)"
|
|
|
|
- name: Test
|
|
run: make test
|
|
|
|
- name: Linting
|
|
if: matrix.gover == env.RELEASE_GO_VER
|
|
run: make lint
|
|
|
|
- name: Install syft
|
|
if: startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main'
|
|
uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
|
|
id: syft
|
|
with:
|
|
syft-version: "v1.22.0"
|
|
|
|
- name: Build artifacts
|
|
if: startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main'
|
|
run: make artifacts
|
|
|
|
- name: Install cosign
|
|
if: ( startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main' ) && matrix.gover == env.RELEASE_GO_VER
|
|
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
|
|
with:
|
|
cosign-release: "v2.4.3"
|
|
|
|
- name: Package artifacts
|
|
if: ( startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main' ) && matrix.gover == env.RELEASE_GO_VER
|
|
run: |
|
|
cd artifacts
|
|
for artifact in \
|
|
regbot-darwin-amd64 \
|
|
regbot-darwin-arm64 \
|
|
regbot-linux-amd64 \
|
|
regbot-linux-arm64 \
|
|
regbot-linux-ppc64le \
|
|
regbot-linux-s390x \
|
|
regbot-windows-amd64.exe \
|
|
regctl-darwin-amd64 \
|
|
regctl-darwin-arm64 \
|
|
regctl-linux-amd64 \
|
|
regctl-linux-arm64 \
|
|
regctl-linux-ppc64le \
|
|
regctl-linux-s390x \
|
|
regctl-windows-amd64.exe \
|
|
regsync-darwin-amd64 \
|
|
regsync-darwin-arm64 \
|
|
regsync-linux-amd64 \
|
|
regsync-linux-arm64 \
|
|
regsync-linux-ppc64le \
|
|
regsync-linux-s390x \
|
|
regsync-windows-amd64.exe \
|
|
; do
|
|
cosign sign-blob -y --output-signature "${artifact%.exe}.sig" --output-certificate "${artifact%.exe}.pem" "${artifact}"
|
|
done
|
|
tar -cvzf metadata.tgz *.sig *.pem *.json
|
|
|
|
- name: Gather release details
|
|
if: startsWith( github.ref, 'refs/tags/v' ) && github.repository_owner == 'regclient' && matrix.gover == env.RELEASE_GO_VER
|
|
id: release_details
|
|
run: |
|
|
VERSION=${GITHUB_REF#refs/tags/}
|
|
VALID_RELEASE=false
|
|
if [ -f "release.md" ] && grep -q "Release $VERSION" release.md; then
|
|
VALID_RELEASE=true
|
|
fi
|
|
echo "valid=${VALID_RELEASE}" >>$GITHUB_OUTPUT
|
|
echo "version=${VERSION}" >>$GITHUB_OUTPUT
|
|
|
|
- name: Create release
|
|
if: steps.release_details.outputs.valid == 'true' && matrix.gover == env.RELEASE_GO_VER
|
|
id: release_create
|
|
uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
tag_name: ${{ steps.release_details.outputs.version }}
|
|
body_path: release.md
|
|
draft: false
|
|
prerelease: false
|
|
files: |
|
|
./artifacts/regbot-darwin-amd64
|
|
./artifacts/regbot-darwin-arm64
|
|
./artifacts/regbot-linux-amd64
|
|
./artifacts/regbot-linux-arm64
|
|
./artifacts/regbot-linux-ppc64le
|
|
./artifacts/regbot-linux-s390x
|
|
./artifacts/regbot-windows-amd64.exe
|
|
./artifacts/regctl-darwin-amd64
|
|
./artifacts/regctl-darwin-arm64
|
|
./artifacts/regctl-linux-amd64
|
|
./artifacts/regctl-linux-arm64
|
|
./artifacts/regctl-linux-ppc64le
|
|
./artifacts/regctl-linux-s390x
|
|
./artifacts/regctl-windows-amd64.exe
|
|
./artifacts/regsync-darwin-amd64
|
|
./artifacts/regsync-darwin-arm64
|
|
./artifacts/regsync-linux-amd64
|
|
./artifacts/regsync-linux-arm64
|
|
./artifacts/regsync-linux-ppc64le
|
|
./artifacts/regsync-linux-s390x
|
|
./artifacts/regsync-windows-amd64.exe
|
|
./artifacts/metadata.tgz
|
|
|
|
- name: Save artifacts
|
|
if: github.ref == 'refs/heads/main' && matrix.gover == env.RELEASE_GO_VER
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: binaries
|
|
path: ./artifacts/
|
|
retention-days: 30
|