Skip to content
release

Update images digests (#598) #78

Sign in to view logs

Update images digests (#598)

Update images digests (#598) #78

Workflow file for this run

.github/workflows/release.yml at 8591920
name: release
on:
push:
tags:
- 'v*'
permissions: {}
jobs:
goreleaser:
permissions:
contents: write # To publish the release.
id-token: write # To federate for the GPG key.
runs-on: ubuntu-latest
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- run: git fetch --prune --unshallow
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version-file: './.go-version'
cache: false
# This is provisioned here: https://github.com/chainguard-dev/secrets/blob/main/terraform-provider-apko.tf
- uses: step-security/google-github-auth@40f6deebd366f16c782d7a0ad0844e3b96a032a6 # v2.1.10
id: auth
with:
workload_identity_provider: "projects/12758742386/locations/global/workloadIdentityPools/github-pool/providers/github-provider"
service_account: "terraform-provider-apko@chainguard-github-secrets.iam.gserviceaccount.com"
- uses: google-github-actions/setup-gcloud@6a7c903a70c8625ed6700fa299f5ddb4ca6022e9 # v2.1.5
with:
project_id: "chainguard-github-secrets"
- uses: google-github-actions/get-secretmanager-secrets@50ec04d56ddf2740b0bde82926cc742f90e06d2b # v2.2.4
id: secrets
with:
secrets: |-
token:chainguard-github-secrets/terraform-provider-apko-signing-key
- id: import_gpg
uses: step-security/ghaction-import-gpg@c86c374c0659a6c2d1284bccf8af889e73ce8fe0 # v6.3.0
with:
gpg_private_key: ${{ steps.secrets.outputs.token }}
- run: |
gpg --keyserver keys.openpgp.org --send-keys ${{ steps.import_gpg.outputs.fingerprint }}
- uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
with:
version: latest
args: release --clean
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}