chore(deps): update dependency go to v1.24.2 #262
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| pull_request: | |
| push: | |
| tags: | |
| - v*.*.* | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| jobs: | |
| publish: | |
| permissions: | |
| contents: write | |
| id-token: write | |
| packages: write | |
| name: Publish | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Go | |
| uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 | |
| with: | |
| go-version-file: go.mod | |
| - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install GoReleaser | |
| uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0 | |
| with: | |
| install-only: true | |
| version: latest | |
| - name: Run GoReleaser on tag | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| goreleaser release --clean | |
| env: | |
| QUILL_NOTARY_ISSUER: ${{ secrets.QUILL_NOTARY_ISSUER }} | |
| QUILL_NOTARY_KEY: ${{ secrets.QUILL_NOTARY_KEY }} | |
| QUILL_NOTARY_KEY_ID: ${{ secrets.QUILL_NOTARY_KEY_ID }} | |
| QUILL_SIGN_P12: ${{ secrets.QUILL_SIGN_P12 }} | |
| QUILL_SIGN_PASSWORD: ${{ secrets.QUILL_SIGN_PASSWORD }} | |
| - name: Run GoReleaser on PR | |
| if: github.event_name == 'pull_request' | |
| env: | |
| QUILL_NOTARY_ISSUER: ${{ secrets.QUILL_NOTARY_ISSUER }} | |
| QUILL_NOTARY_KEY: ${{ secrets.QUILL_NOTARY_KEY }} | |
| QUILL_NOTARY_KEY_ID: ${{ secrets.QUILL_NOTARY_KEY_ID }} | |
| QUILL_SIGN_P12: ${{ secrets.QUILL_SIGN_P12 }} | |
| QUILL_SIGN_PASSWORD: ${{ secrets.QUILL_SIGN_PASSWORD }} | |
| run: | | |
| goreleaser release --snapshot --clean | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: release | |
| path: dist/* | |
| packages: | |
| permissions: | |
| contents: read | |
| packages: write | |
| needs: publish | |
| concurrency: | |
| group: "packages" | |
| cancel-in-progress: false # we want to avoid conflicts in git push | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Packages Repo | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| repository: descope/packages | |
| ssh-key: ${{ secrets.PACKAGES_DEPLOY_KEY }} | |
| path: packages | |
| - name: Download artifacts | |
| uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 | |
| with: | |
| name: release | |
| path: dist | |
| - name: Install Aptly and Createrepo | |
| run: | | |
| sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys A0546A43624A8331 | |
| echo "deb http://repo.aptly.info/ squeeze main" | sudo tee /etc/apt/sources.list.d/aptly.list | |
| sudo apt-get update | |
| sudo apt-get install -y aptly ca-certificates createrepo-c rsync | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 | |
| id: gpg | |
| with: | |
| gpg_private_key: ${{ secrets.MAVEN_GPG_KEY }} | |
| passphrase: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
| - name: Update APT repository | |
| run: | | |
| # Create a new repository | |
| aptly repo create -distribution=stable -component=main descope | |
| # add the contents of the current repository to the new one | |
| aptly repo add descope packages/ | |
| # add the new dist packages | |
| aptly repo add descope dist/ | |
| # publish it | |
| aptly publish repo descope | |
| rsync -r ~/.aptly/public/* ./packages | |
| - name: Update yum repository | |
| run: | | |
| echo "%_gpg_name ${{ steps.gpg.outputs.name }} <${{ steps.gpg.outputs.email}}>" > ~/.rpmmacros | |
| rpmsign --addsign dist/*.rpm | |
| rsync -r dist/*.rpm ./packages | |
| createrepo_c packages | |
| find packages | |
| gpg --yes --detach-sign --armor packages/repodata/repomd.xml | |
| - name: Commit and push changes | |
| working-directory: packages | |
| run: | | |
| git config --global user.email "devops+pkgs@descope.com" | |
| git config --global user.name "Descope DevOps" | |
| git add -A . | |
| git commit -m "Update packages from ${{ github.repository }}@${{ github.ref }}" | |
| git push |