Skip to content

GHA: add contents and packages permissions #27

GHA: add contents and packages permissions

GHA: add contents and packages permissions #27

Workflow file for this run

name: Build
on:
push:
branches:
- '*'
tags:
- 'v*'
workflow_dispatch:
permissions:
contents: write
packages: write
jobs:
build:
runs-on: ubuntu-latest
steps:
# dependencies
- name: Install GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
install-only: true
- name: qemu
uses: docker/setup-qemu-action@v3
- name: buildx
uses: docker/setup-buildx-action@v3
# checkout
- name: checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
# setup go
- name: go
uses: actions/setup-go@v5
with:
go-version: 1.23
- name: go info
run: |
go version
go env
# cache
- name: cache
uses: actions/cache@v4
with:
path: vendor
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
# vendor
- name: vendor
run: |
make vendor
# git status
- name: git status
run: git status
# build
- name: build
if: startsWith(github.ref, 'refs/tags/') == false
run: |
make snapshot
mv dist/crs_linux_amd64_v1 dist/crs_linux_amd64
# publish
- name: publish
if: startsWith(github.ref, 'refs/tags/')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REF: ${{ github.ref }}
run: |
make publish
mv dist/crs_linux_amd64_v1 dist/crs_linux_amd64
# artifacts
- name: artifact_linux
if: ${{!github.event.repository.private}}
uses: actions/upload-artifact@v4
with:
name: build_linux
path: dist/*linux*
# docker login
- name: docker login
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin
# docker build (latest & tag)
- name: release tag
if: startsWith(github.ref, 'refs/tags/') == true
uses: little-core-labs/get-git-tag@v3.0.2
id: releasetag
with:
tagRegex: "v?(.+)"
- name: docker - build release
if: startsWith(github.ref, 'refs/tags/') == true
uses: docker/build-push-action@v6
with:
context: .
file: ./docker/Dockerfile
platforms: linux/amd64,linux/arm64,linux/arm/v7
pull: true
push: true
tags: |
saltydk/crs:${{ steps.releasetag.outputs.tag }}
saltydk/crs:latest
# docker build (branch)
- name: branch name
if: startsWith(github.ref, 'refs/tags/') == false
id: branch-name
uses: tj-actions/branch-names@v8
- name: docker tag
if: startsWith(github.ref, 'refs/tags/') == false
uses: frabert/replace-string-action@master
id: dockertag
with:
pattern: '[:\.\/]+'
string: "${{ steps.branch-name.outputs.current_branch }}"
replace-with: '-'
flags: 'g'
- name: docker - build branch
if: startsWith(github.ref, 'refs/tags/') == false
uses: docker/build-push-action@v6
with:
context: .
file: ./docker/Dockerfile
platforms: linux/amd64,linux/arm64,linux/arm/v7
pull: true
push: true
tags: |
saltydk/crs:${{ steps.dockertag.outputs.replaced }}
# cleanup
- name: cleanup
run: |
rm -f ${HOME}/.docker/config.json