-
Notifications
You must be signed in to change notification settings - Fork 2
112 lines (94 loc) · 3.59 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name: Release
on:
pull_request:
# push:
# tags:
# - "v*.*.*"
jobs:
release:
name: Release
runs-on: ubuntu-latest
if: github.ref_type == 'tag'
permissions:
packages: write
contents: write # required for goreleaser
steps:
# - name: Install Cosign
# uses: sigstore/cosign-installer@main
# with:
# cosign-release: 'v2.2.3'
# - name: Install Chainloop
# run: |
# curl -sfL https://docs.chainloop.dev/install.sh | bash -s -- --version v${{ env.CHAINLOOP_VERSION }}
# - name: Checkout
# uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
# with:
# fetch-depth: 0
# - name: Initialize Attestation
# run: chainloop attestation init # --contract-revision 2
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.21
- name: Docker login to Github Packages
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Run Go Releaser
id: release
uses: goreleaser/goreleaser-action@v3
with:
distribution: goreleaser
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
# - uses: anchore/sbom-action@v0
# with:
# image: ${{ env.IMAGE }}
# format: cyclonedx-json
# artifact-name: sbom.cyclonedx.json
# output-file: /tmp/sbom.cyclonedx.json
# env:
# IMAGE: ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
# - uses: anchore/sbom-action@v0
# with:
# image: ${{ env.IMAGE }}
# format: spdx-json
# artifact-name: sbom.spdx.json
# output-file: /tmp/sbom.spdx.json
# env:
# IMAGE: ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
# - name: Add Container Image Artifact
# run: chainloop attestation add --name image --value ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
# - name: Add CycloneDX SBOM Artifact
# run: chainloop attestation add --name sbom --value /tmp/sbom.cyclonedx.json
# - name: Add SPDX SBOM Artifact
# run: chainloop attestation add --name sbom-spdx --value /tmp/sbom.spdx.json
# - name: Add Binary Artifact
# run: |
# BINARY_PATH="$(echo -n '${{ steps.release.outputs.metadata }}' | jq -r '"dist/" + .project_name + "_" + .version + "_" + .runtime.goos + "_" + .runtime.goarch + ".tar.gz"')"
# chainloop attestation add --name binary --value ${BINARY_PATH}
# - name: Finish and Record Attestation
# if: ${{ success() }}
# run: |
# chainloop attestation status --full
# chainloop attestation push --key env://CHAINLOOP_SIGNING_KEY
# env:
# CHAINLOOP_SIGNING_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
# CHAINLOOP_SIGNING_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
# - name: Mark attestation as failed
# if: ${{ failure() }}
# run: |
# chainloop attestation reset
# - name: Mark attestation as cancelled
# if: ${{ cancelled() }}
# run: |
# chainloop attestation reset --trigger cancellation
env:
CHAINLOOP_VERSION: 0.89.0
CHAINLOOP_ROBOT_ACCOUNT: ${{ secrets.CHAINLOOP_ROBOT_ACCOUNT }}