Allow tags and releases in a single step #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will build a golang project | |
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go | |
| name: Automatically Tag and Release on PR to main | |
| on: | |
| pull_request: | |
| types: | |
| - closed | |
| branches: | |
| - main | |
| jobs: | |
| tag: | |
| if: github.event.pull_request.merged == true | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.merge_commit_sha }} | |
| fetch-depth: '0' | |
| - name: Bump version and push tag | |
| uses: anothrNick/github-tag-action@1.67.0 # Don't use @master or @v1 unless you're happy to test the latest version | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # if you don't want to set write permissions use a PAT token | |
| WITH_V: true | |
| DEFAULT_BRANCH: main | |
| DEFAULT_BUMP: patch | |
| PRERELEASE: false | |
| PRERELEASE_ID: rc | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: write-all | |
| steps: | |
| - name: Set up Go 1.21 | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.21 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Docker Login | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.merge_commit_sha }} | |
| fetch-tags: 1 | |
| fetch-depth: 1 | |
| - name: Release with goreleaser | |
| uses: goreleaser/goreleaser-action@v5 | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| with: | |
| version: latest | |
| args: release --clean | |
| id: goreleaser | |
| - name: Process goreleaser output | |
| id: process_goreleaser_output | |
| run: | | |
| echo "const fs = require('fs');" > process.js | |
| echo 'const artifacts = ${{ steps.goreleaser.outputs.artifacts }}' >> process.js | |
| echo "const firstNonNullDigest = artifacts.find(artifact => artifact.extra && artifact.extra.Digest != null)?.extra.Digest;" >> process.js | |
| echo "console.log(firstNonNullDigest);" >> process.js | |
| echo "fs.writeFileSync('digest.txt', firstNonNullDigest);" >> process.js | |
| node process.js | |
| echo "digest=$(cat digest.txt)" >> $GITHUB_OUTPUT | |
| - name: Attest Binaries | |
| uses: github-early-access/generate-build-provenance@main | |
| with: | |
| subject-path: dist/ochami-init | |
| - name: generate build provenance | |
| uses: github-early-access/generate-build-provenance@main | |
| with: | |
| subject-name: ghcr.io/openchami/ochami-init | |
| subject-digest: ${{ steps.process_goreleaser_output.outputs.digest }} | |
| push-to-registry: true |