build: use go 1.22.11 (#127) #118
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: publish | |
on: | |
push: | |
branches: ['main'] | |
tags: | |
- 'v*.*.*' | |
concurrency: ${{ github.ref }} | |
jobs: | |
create-draft-release: | |
runs-on: ubuntu-latest | |
outputs: | |
RELEASE_ID: ${{ steps.create-release.outputs.result }} | |
steps: | |
- run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV" | |
- uses: actions/github-script@v7 | |
id: create-release | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
result-encoding: string | |
script: | | |
try { | |
const response = await github.rest.repos.createRelease({ | |
draft: true, | |
generate_release_notes: true, | |
name: process.env.RELEASE_TAG, | |
owner: context.repo.owner, | |
prerelease: false, | |
repo: context.repo.repo, | |
tag_name: process.env.RELEASE_TAG, | |
}); | |
return response.data.id; | |
} catch (error) { | |
core.setFailed(error.message); | |
} | |
build-binaries: | |
strategy: | |
matrix: | |
os: [linux, darwin, freebsd, windows] | |
arch: [amd64, arm64] | |
runs-on: ubuntu-latest | |
needs: [create-draft-release] | |
permissions: | |
actions: write | |
attestations: write | |
checks: write | |
contents: write | |
id-token: write | |
packages: write | |
statuses: write | |
steps: | |
- run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV" | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: '0' | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: 1.22.x | |
- name: Build binary | |
run: GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} make build | |
- name: Upload release asset | |
if: startsWith(github.ref, 'refs/tags/') | |
run: | | |
_filename=bursa-${{ env.RELEASE_TAG }}-${{ matrix.os }}-${{ matrix.arch }} | |
if [[ ${{ matrix.os }} == windows ]]; then | |
_filename=${_filename}.exe | |
fi | |
cp bursa ${_filename} | |
curl \ | |
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
-H "Content-Type: application/octet-stream" \ | |
--data-binary @${_filename} \ | |
https://uploads.github.com/repos/${{ github.repository_owner }}/bursa/releases/${{ needs.create-draft-release.outputs.RELEASE_ID }}/assets?name=${_filename} | |
- name: Attest binary | |
uses: actions/attest-build-provenance@v2 | |
with: | |
subject-path: 'bursa' | |
build-images: | |
runs-on: ubuntu-latest | |
needs: [create-draft-release] | |
permissions: | |
actions: write | |
attestations: write | |
checks: write | |
contents: write | |
id-token: write | |
packages: write | |
statuses: write | |
steps: | |
- run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV" | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: '0' | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: blinklabs | |
password: ${{ secrets.DOCKER_PASSWORD }} # uses token | |
- name: Login to GHCR | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
registry: ghcr.io | |
- id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
blinklabs/bursa | |
ghcr.io/${{ github.repository }} | |
tags: | | |
# Only version, no revision | |
type=match,pattern=v(.*)-(.*),group=1 | |
# branch | |
type=ref,event=branch | |
# semver | |
type=semver,pattern={{version}} | |
- name: Build images | |
uses: docker/build-push-action@v6 | |
id: push | |
with: | |
outputs: "type=registry,push=true" | |
platforms: linux/amd64,linux/arm64 | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Attest Docker Hub image | |
uses: actions/attest-build-provenance@v2 | |
with: | |
subject-name: index.docker.io/blinklabs/bursa | |
subject-digest: ${{ steps.push.outputs.digest }} | |
push-to-registry: true | |
- name: Attest GHCR image | |
uses: actions/attest-build-provenance@v2 | |
with: | |
subject-name: ghcr.io/${{ github.repository }} | |
subject-digest: ${{ steps.push.outputs.digest }} | |
push-to-registry: true | |
# Update Docker Hub from README | |
- name: Docker Hub Description | |
uses: peter-evans/dockerhub-description@v4 | |
with: | |
username: blinklabs | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
repository: blinklabs/bursa | |
readme-filepath: ./README.md | |
short-description: "Bursa is a programmatic Cardano wallet and CLI tool" | |
finalize-release: | |
runs-on: ubuntu-latest | |
needs: [create-draft-release, build-binaries, build-images] | |
steps: | |
- uses: actions/github-script@v7 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
try { | |
await github.rest.repos.updateRelease({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
release_id: ${{ needs.create-draft-release.outputs.RELEASE_ID }}, | |
draft: false, | |
}); | |
} catch (error) { | |
core.setFailed(error.message); | |
} | |
# This updates the documentation on pkg.go.dev and the latest version available via the Go module proxy | |
- name: Pull new module version | |
if: startsWith(github.ref, 'refs/tags/') | |
uses: andrewslotin/[email protected] |