-
Notifications
You must be signed in to change notification settings - Fork 0
150 lines (132 loc) · 4.28 KB
/
Copy pathrelease.yml
File metadata and controls
150 lines (132 loc) · 4.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: Release
on:
push:
tags:
- 'v*'
permissions:
contents: write
packages: write
jobs:
release:
name: Build and Release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-go@v5
with:
go-version: '1.25'
- name: Set release variables
id: vars
run: |
TAG="${GITHUB_REF#refs/tags/}"
VERSION="${TAG#v}"
COMMIT="$(git rev-parse --short HEAD)"
DATE="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
echo "commit=${COMMIT}" >> "$GITHUB_OUTPUT"
echo "date=${DATE}" >> "$GITHUB_OUTPUT"
- name: Build binaries
env:
CGO_ENABLED: '0'
VERSION: ${{ steps.vars.outputs.version }}
COMMIT: ${{ steps.vars.outputs.commit }}
DATE: ${{ steps.vars.outputs.date }}
run: |
LDFLAGS="-s -w"
LDFLAGS="${LDFLAGS} -X github.com/dvflw/mantle/internal/version.Version=${VERSION}"
LDFLAGS="${LDFLAGS} -X github.com/dvflw/mantle/internal/version.Commit=${COMMIT}"
LDFLAGS="${LDFLAGS} -X github.com/dvflw/mantle/internal/version.Date=${DATE}"
platforms=(
"linux/amd64"
"linux/arm64"
"darwin/amd64"
"darwin/arm64"
)
mkdir -p dist
for platform in "${platforms[@]}"; do
IFS='/' read -r os arch <<< "${platform}"
output="mantle-${os}-${arch}"
echo "Building ${output}..."
GOOS="${os}" GOARCH="${arch}" go build \
-ldflags "${LDFLAGS}" \
-o "dist/${output}" \
./cmd/mantle/
done
- name: Create tarballs and checksums
run: |
cd dist
for binary in mantle-*; do
tar czf "${binary}.tar.gz" "${binary}"
rm "${binary}"
done
sha256sum *.tar.gz > checksums.txt
- name: Create GitHub Release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG: ${{ steps.vars.outputs.tag }}
run: |
gh release create "${TAG}" \
--title "${TAG}" \
--generate-notes \
dist/*.tar.gz \
dist/checksums.txt
docker:
name: Docker Image
runs-on: ubuntu-latest
needs: release
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set release variables
id: vars
run: |
TAG="${GITHUB_REF#refs/tags/}"
VERSION="${TAG#v}"
COMMIT="$(git rev-parse --short HEAD)"
DATE="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
echo "commit=${COMMIT}" >> "$GITHUB_OUTPUT"
echo "date=${DATE}" >> "$GITHUB_OUTPUT"
- uses: docker/setup-buildx-action@v3
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/dvflw/mantle
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value=latest
- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
VERSION=${{ steps.vars.outputs.version }}
COMMIT=${{ steps.vars.outputs.commit }}
DATE=${{ steps.vars.outputs.date }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ghcr.io/dvflw/mantle:${{ steps.vars.outputs.version }}
format: table
exit-code: '1'
severity: CRITICAL,HIGH