Bump dcarbone/install-jq-action from 2 to 3 (#737) #299

Workflow file for this run

.github/workflows/release.yml at 82877e2

	name: release

	on:
	push:
	tags:
	- "v*"

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}

	jobs:
	pre-build:
	runs-on: ubuntu-latest
	outputs:
	tag: ${{ steps.tag.outputs.tag }}
	trail_name: ${{ steps.prep.outputs.trail_name }}
	trail_template_file: ${{ steps.prep.outputs.trail_template_file }}
	steps:
	- uses: actions/checkout@v6

	- name: Get tag
	id: tag
	uses: dawidd6/action-get-tag@v1

	- name: Prepare
	id: prep
	run: \|
	echo "TRAIL_NAME=${{ steps.tag.outputs.tag }}" >> $GITHUB_STATE
	echo "trail_name=${{ steps.tag.outputs.tag }}" >> $GITHUB_OUTPUT

	echo "TRAIL_TEMPLATE_FILE=release-flow-template.yml" >> $GITHUB_STATE
	echo "trail_template_file=release-flow-template.yml" >> $GITHUB_OUTPUT

	init-kosli:
	needs: [pre-build]
	uses: ./.github/workflows/init_kosli.yml
	with:
	FLOW_NAME: cli-release
	TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }}
	FLOW_TEMPLATE_FILE: ${{ needs.pre-build.outputs.trail_template_file }}
	KOSLI_ORG: kosli-public
	report_to_kosli: release
	secrets:
	kosli_api_token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }}
	pr_github_token: ${{ secrets.GITHUB_TOKEN }}

	never-alone-trail:
	needs: [pre-build, init-kosli]
	uses: ./.github/workflows/never_alone_trail.yml
	with:
	FLOW_NAME: cli-release-never-alone
	TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }}
	SOURCE_FLOW_NAME: cli
	ATTESTATION_NAME: never-alone-data
	PARENT_FLOW_NAME: cli-release
	PARENT_TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }}
	KOSLI_ORG: kosli-public
	secrets:
	kosli_api_token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }}
	pr_github_token: ${{ secrets.GITHUB_TOKEN }}

	test:
	needs: [pre-build, init-kosli]
	uses: ./.github/workflows/test.yml
	with:
	AWS_ACCOUNT_ID: 772819027869
	AWS_REGION: eu-central-1
	FLOW_NAME: cli-release
	TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }}
	KOSLI_ORG: kosli-public
	report_to_kosli: release
	secrets:
	github_access_token: ${{ secrets.KOSLI_GITHUB_TOKEN }}
	gitlab_access_token: ${{ secrets.KOSLI_GITLAB_TOKEN }}
	azure_access_token: ${{ secrets.KOSLI_AZURE_TOKEN }}
	azure_client_id: ${{ secrets.AZURE_CLIENT_ID }}
	azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
	bitbucket_access_token: ${{ secrets.KOSLI_BITBUCKET_ACCESS_TOKEN }}
	slack_webhook: ${{ secrets.MERKELY_SLACK_CI_FAILURES_WEBHOOK }}
	slack_channel: ci-failures
	jira_api_token: ${{ secrets.KOSLI_JIRA_API_TOKEN }}
	snyk_token: ${{ secrets.SNYK_TOKEN }}
	kosli_reporting_api_token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }}
	kosli_querying_api_token: ${{ secrets.KOSLI_API_TOKEN_PROD }}
	sonarqube_token: ${{ secrets.KOSLI_SONARQUBE_TOKEN }}

	docker:
	needs: [pre-build, init-kosli, test]
	uses: ./.github/workflows/docker.yml
	with:
	tag: ${{ needs.pre-build.outputs.tag }}
	platforms: linux/amd64,linux/arm64
	flow_name: cli-release
	trail_name: ${{ needs.pre-build.outputs.trail_name }}
	kosli_org: kosli-public
	report_to_kosli: release
	secrets:
	slack_webhook: ${{ secrets.MERKELY_SLACK_CI_FAILURES_WEBHOOK }}
	slack_channel: ci-failures
	kosli_api_token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }}
	snyk_token: ${{ secrets.SNYK_TOKEN }}

	goreleaser:
	needs: [test]
	runs-on: ubuntu-latest
	permissions:
	contents: write
	id-token: write
	attestations: write
	outputs:
	artifacts: ${{ steps.prepare-artifacts-list.outputs.artifacts }}
	steps:
	- name: Checkout
	uses: actions/checkout@v6
	with:
	fetch-depth: 0

	- name: Install Jq
	uses: dcarbone/install-jq-action@v3

	- name: Set up Go
	uses: actions/setup-go@v6
	with:
	go-version-file: '.go-version'
	check-latest: true

	# Use release notes from the tag body when present (set by interactive `make release` or `make release tag=vX.Y.Z` with dist/release_notes.md). Otherwise GoReleaser uses its default changelog.
	# Write to repo root so GoReleaser's --clean (which removes dist/) does not delete the file before it is read.
	- name: Get release notes from tag
	id: get-tag-notes
	run: \|
	TAG="${GITHUB_REF#refs/tags/}"
	BODY=$(git tag -l --format='%(contents:body)' "$TAG")
	if [ -n "$BODY" ]; then
	printf '%s' "$BODY" > release_notes.md
	echo "args=--release-notes=release_notes.md" >> $GITHUB_OUTPUT
	fi

	- name: Run GoReleaser
	uses: goreleaser/goreleaser-action@v7
	with:
	version: latest
	args: release --clean ${{ steps.get-tag-notes.outputs.args }}
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	FURY_TOKEN: ${{ secrets.FURY_TOKEN }}

	- uses: actions/upload-artifact@v7
	with:
	name: dist
	path: dist
	retention-days: 1

	- name: Prepare artifacts list
	id: prepare-artifacts-list
	run: \|
	ARTIFACTS=$(jq '[reduce .[] as $item (
	[];
	if ($item.type == "Archive") then
	. + [{ template_name: ($item.goos + "-" + $item.goarch), path: $item.path }]
	elif ($item.type == "Linux Package") then
	. + [{ template_name: (($item.extra.Ext \| ltrimstr(".")) + "-pkg-" + $item.goarch), path: $item.path }]
	else
	.
	end
	)][]' dist/artifacts.json)

	echo "artifacts<<nEOFn" >> $GITHUB_OUTPUT
	echo "${ARTIFACTS}" >> $GITHUB_OUTPUT
	echo "nEOFn" >> $GITHUB_OUTPUT

	binary-provenance:
	needs: [goreleaser, pre-build]
	name: Artifacts Binary Provenance
	uses: ./.github/workflows/binary_provenance.yml
	with:
	dir: dist
	artifacts: ${{ needs.goreleaser.outputs.artifacts }}
	flow_name: cli-release
	trail_name: ${{ needs.pre-build.outputs.trail_name }}
	kosli_org: kosli-public
	secrets:
	kosli_api_token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }}

	homebrew-pr:
	needs: [goreleaser, pre-build]
	name: Bump Homebrew formula
	runs-on: ubuntu-latest
	steps:
	- uses: mislav/bump-homebrew-formula-action@v4
	if: ${{ !contains(github.ref, '-') }} # skip prereleases
	with:
	# A PR will be sent to github.com/Homebrew/homebrew-core to update this formula:
	formula-name: kosli-cli
	env:
	# the personal access token should have "repo" & "workflow" scopes
	COMMITTER_TOKEN: ${{ secrets.COMMITTER_TOKEN }}

	docs-gen:
	needs: [goreleaser, pre-build]
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v6
	with:
	fetch-depth: 0 # needed to be able to generate legacy versions reference.

	- name: Set up Go
	uses: actions/setup-go@v6
	with:
	go-version-file: '.go-version'
	check-latest: true

	- name: Generate docs
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	# legacy-ref should happen first as it has the side effect of deleting generated files outside the legacy_ref
	run: \|
	make legacy-ref-docs
	make cli-docs

	- name: Generate json
	run: \|
	echo '{"currentversion": "${{ needs.pre-build.outputs.tag }}"}' > docs.kosli.com/assets/metadata.json

	- name: Deploy
	uses: s0/git-publish-subdir-action@develop
	env:
	REPO: self
	BRANCH: docs-main
	FOLDER: docs.kosli.com
	TARGET_DIR: docs.kosli.com
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	MESSAGE: "Release: {msg}"

	docs-repo-dispatch:
	needs: [pre-build, goreleaser]
	runs-on: ubuntu-latest
	steps:
	- name: Repository Dispatch
	uses: peter-evans/repository-dispatch@v4
	with:
	token: ${{ secrets.DOCS_REPO_ACCESS_TOKEN }}
	repository: kosli-dev/docs
	event-type: cli-release
	client-payload: '{"kosli_cli_tag": "${{ needs.pre-build.outputs.tag }}"}'

	evidence-reporter-upload-package-and-deploy:
	needs: [pre-build, goreleaser]
	runs-on: ubuntu-latest
	steps:
	- name: Repository Dispatch
	uses: peter-evans/repository-dispatch@v4
	with:
	token: ${{ secrets.KOSLI_REPORTER_REPO_ACCESS_TOKEN }}
	repository: kosli-dev/terraform-aws-evidence-reporter
	event-type: upload-package
	client-payload: '{"kosli_cli_tag": "${{ needs.pre-build.outputs.tag }}"}'

	environment-reporter-upload-package-and-deploy:
	needs: [pre-build, goreleaser]
	runs-on: ubuntu-latest
	steps:
	- name: Repository Dispatch
	uses: peter-evans/repository-dispatch@v4
	with:
	token: ${{ secrets.KOSLI_REPORTER_REPO_ACCESS_TOKEN }}
	repository: kosli-dev/terraform-aws-kosli-reporter
	event-type: upload-package
	client-payload: '{"kosli_cli_tag": "${{ needs.pre-build.outputs.tag }}"}'

	environment-reporter-upload-layer:
	needs: [pre-build, goreleaser]
	uses: ./.github/workflows/upload-cli-layer.yml
	with:
	tag: ${{ needs.pre-build.outputs.tag }}
	AWS_ACCOUNT_ID: 585008075785
	AWS_REGION: eu-central-1

	slack-notification-on-failure:
	runs-on: ubuntu-24.04
	permissions:
	actions: read
	contents: read
	needs:
	[
	pre-build,
	init-kosli,
	never-alone-trail,
	test,
	docker,
	goreleaser,
	binary-provenance,
	homebrew-pr,
	docs-gen,
	docs-repo-dispatch,
	evidence-reporter-upload-package-and-deploy,
	environment-reporter-upload-package-and-deploy,
	environment-reporter-upload-layer
	]
	if: ${{ always() && contains(join(needs.*.result, ','), 'failure') && github.ref == 'refs/heads/master' }}
	steps:
	- name: Slack Notification on Failure
	uses: kosli-dev/reusable-actions/.github/actions/send-ci-failure-slack-message@main
	with:
	slack_url: ${{ secrets.MERKELY_SLACK_CI_FAILURES_WEBHOOK }}
	github_token: ${{ secrets.GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump dcarbone/install-jq-action from 2 to 3 (#737) #299

Workflow file

Bump dcarbone/install-jq-action from 2 to 3 (#737) #299

Uh oh!

Workflow file for this run