scan2html/.github/workflows/release-go.yml at main · fatihtokus/scan2html · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
name: Release go

on:
  workflow_call:
    inputs:
      next-version:
        required: true
        description: Next version
        type: string

#permissions:
#  contents: read this doesn't work on master

jobs:
  release-go:
#    permissions:
#      contents: write  # for goreleaser/goreleaser-action to create a GitHub release this doesn't work on master
    name: Release go
    runs-on: ubuntu-latest
    if: ${{ inputs.next-version != '' }}
    steps:
#      - name: Harden Runner
#        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
#        with:
#          egress-policy: audit

      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit

      - name: Checkout code
        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
        with:
          fetch-depth: 0

      - name: Download report_template.html
        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
        with:
          name: report-template

      - name: Use the downloaded report template
        run: |
          ls -l report_template.html
          cat report_template.html

      - name: Set up Go
        uses: actions/setup-go@19bb51245e9c80abacb2e91cc42b33fa478b8639 # v4.2.1
        with:
          go-version-file: go.mod

      - name: Tagging
        run: git tag v${{ inputs.next-version }}

      - name: Cosign install
        uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4

      - name: "save gpg key"
        env:
          GPG_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
        run: |
          echo "$GPG_KEY" > gpg.key

      - name: GoReleaser
        uses: goreleaser/goreleaser-action@v6
        with:
          version: latest
          # this doesn't work
          #prerelease: '{{ .Tag | regexMatch `-rc\.` }}'
          args: release --clean --timeout 60m
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GORELEASER_CURRENT_TAG: v${{ inputs.next-version }}
          GPG_FILE: "gpg.key"

      - name: "remove gpg key"
        run: |
          rm gpg.key