From 4e1ad18a43e01886c0db3677a6e66e663e999251 Mon Sep 17 00:00:00 2001 From: Carlos Alexandro Becker Date: Tue, 18 Jun 2024 00:26:21 -0300 Subject: [PATCH] wip --- .github/workflows/release.yml | 28 +++++++++++++++++++++++----- .goreleaser.4.yml | 3 ++- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ee8bf59..0d7d688 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,7 +12,7 @@ permissions: jobs: goreleaser: - runs-on: windows-latest + runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: @@ -20,9 +20,27 @@ jobs: - uses: actions/setup-go@v4 with: go-version: "stable" - - run: "choco install syft -y" - shell: powershell - - run: "./goreleaser.exe release --clean --verbose -f .goreleaser.4.yml --skip-validate" - shell: powershell + - uses: goreleaser/goreleaser-action@v6 + id: goreleaser + with: + version: latest + args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # parse artifacts to the format required for image attestation + - run: | + echo "digest=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test(":v"))|.extra.Digest')" >> "$GITHUB_OUTPUT" + echo "name=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test(":v"))|.name|split(":")[0]')" >> "$GITHUB_OUTPUT" + id: image_metadata + env: + ARTIFACTS: ${{steps.goreleaser.outputs.artifacts}} + # attest archives + - uses: actions/attest-build-provenance@v1 + with: + subject-path: "dist/*.tar.gz" + # attest image + - uses: actions/attest-build-provenance@v1 + with: + subject-digest: ${{steps.image_metadata.outputs.digest}} + subject-name: ${{steps.image_metadata.outputs.name}} + push-to-registry: true diff --git a/.goreleaser.4.yml b/.goreleaser.4.yml index 3c3b27e..838a564 100644 --- a/.goreleaser.4.yml +++ b/.goreleaser.4.yml @@ -1,3 +1,4 @@ +version: 2 # yaml-language-server: $schema=https://goreleaser.com/static/schema-pro.json # This is an example goreleaser.yaml file with some sane defaults. # Make sure to check the documentation at http://goreleaser.com @@ -34,7 +35,7 @@ brews: pull_request: base: master enabled: true - check_boxes: true + # check_boxes: true branch: foo release: