-
Notifications
You must be signed in to change notification settings - Fork 47
79 lines (69 loc) · 2.81 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
name: NSC client tool release
on:
# We use goreleaser in release mode, so if we do a workflow_dispatch rule here then we should prompt for a tag to check out.
push:
tags:
# From 2.7.6 onwards, we use the vX.Y.Z tag naming pattern.
# Before then, we used non-version tags.
# Going forward, for new releases, we only need to support v.
- 'v[0-9]*'
permissions:
# Control the GITHUB_TOKEN permissions; GitHub's docs on which permission scopes control what are a little lacking.
# By having this block, all permissions not listed here are set to none.
# <https://goreleaser.com/ci/actions/> documents which scopes are needed for it.
#
# Uploading archives as release artifacts is bundled into the contents: permission key.
# The packages: permission is for pushing docker images to github (ghcr.io) instead.
contents: write
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
# If we do docker image builds, multi-arch, then because goreleaser can't do image builds
# in the style of 'crane' or 'ko', and needs a local docker daemon, then at this point
# we'd set up QEMU and Buildx; in other projects, we have success using:
# docker/setup-qemu-action@v1
# docker/setup-buildx-action@v1
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.21'
check-latest: true
- name: Install cosign
uses: sigstore/cosign-installer@main
# This is used inside goreleaser, not as a separate step in this file
- name: Basic integrity checks
# TODO: If we switch from vendor to modules, consider a Retracted check here
run: |
go vet ./...
- name: Create GitHub App Token
id: token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.NATSIO_ARTIFACT_CROSS_REPO_PUSHER_APP_ID }}
private-key: ${{ secrets.NATSIO_ARTIFACT_CROSS_REPO_PUSHER_PRIVATE_KEY }}
owner: "nats-io"
repositories: "homebrew-nats-tools"
- name: Run GoReleaser
id: goreleaser
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser-pro
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_APP_TOKEN: ${{ steps.token.outputs.token }}
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
SIGNING_KEY_COSIGN: ${{ secrets.RELEASE_SIGNING_KEY_COSIGN }}
SIGNING_KEY_SSH: ${{ secrets.RELEASE_SIGNING_KEY_SSH }}
COSIGN_PASSWORD: ""
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: homebrew-formula-nsc.rb
path: build/nsc.rb