Skip to content

wip

wip #70

Workflow file for this run

name: release
on:
push:
tags:
- v*
permissions:
contents: write
id-token: write
packages: write
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-go@v5
with:
go-version: "stable"
- uses: goreleaser/goreleaser-action@v6
id: goreleaser
with:
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# parse artifacts to the format required for image attestation
- run: |
echo "digest=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test(":v"))|.extra.Digest')" >> "$GITHUB_OUTPUT"
echo "name=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test(":v"))|.name|split(":")[0]')" >> "$GITHUB_OUTPUT"
id: image_metadata
env:
ARTIFACTS: ${{steps.goreleaser.outputs.artifacts}}
# attest archives
- uses: actions/attest-build-provenance@v1
with:
subject-path: "dist/*.tar.gz"
# attest image
- uses: actions/attest-build-provenance@v1
with:
subject-digest: ${{steps.image_metadata.outputs.digest}}
subject-name: ${{steps.image_metadata.outputs.name}}
push-to-registry: true