fix(release): correct go-licenses v2 module path #4
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Engine | |
| on: | |
| push: | |
| tags: | |
| - 'engine/v*' | |
| permissions: | |
| contents: write | |
| packages: write | |
| jobs: | |
| release: | |
| name: Build and Release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.25' | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: docker/setup-qemu-action@v3 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Set goreleaser tag | |
| run: | | |
| # Strip "engine/" prefix so goreleaser sees a clean semver tag | |
| TAG="${GITHUB_REF#refs/tags/engine/}" | |
| echo "GORELEASER_CURRENT_TAG=${TAG}" >> "$GITHUB_ENV" | |
| # Create a local tag alias so goreleaser can validate the tag against | |
| # the current commit. Goreleaser reads tags but never pushes them, so | |
| # this won't pollute the remote. The namespaced tag (engine/vX.Y.Z) is | |
| # what triggered this workflow; goreleaser needs the plain vX.Y.Z form. | |
| git tag "${TAG}" | |
| - name: Generate NOTICE | |
| run: | | |
| go install github.com/google/go-licenses/v2@v2.0.1 | |
| go-licenses report ./... > NOTICE | |
| working-directory: packages/engine | |
| - name: Run goreleaser | |
| uses: goreleaser/goreleaser-action@v6 | |
| with: | |
| version: '~> v2' | |
| args: release --clean | |
| workdir: packages/engine | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| trivy: | |
| name: Trivy Scan | |
| runs-on: ubuntu-latest | |
| needs: release | |
| steps: | |
| - name: Extract version | |
| id: vars | |
| run: | | |
| TAG="${GITHUB_REF#refs/tags/engine/v}" | |
| echo "version=${TAG}" >> "$GITHUB_OUTPUT" | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@0.28.0 | |
| with: | |
| image-ref: "ghcr.io/dvflw/mantle:${{ steps.vars.outputs.version }}" | |
| format: table | |
| exit-code: '1' | |
| severity: CRITICAL,HIGH |