Skip to content

fix(deps): bump containerd for console CLI remediation (#770) #158

fix(deps): bump containerd for console CLI remediation (#770)

fix(deps): bump containerd for console CLI remediation (#770) #158

Workflow file for this run

name: CD / CLI
on:
push:
tags:
- 'v*.*.*'
jobs:
# Release binaries with GoReleaser
release:
runs-on: ubuntu-latest
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
steps:
- uses: jlumbroso/free-disk-space@v1.3.1
with:
tool-cache: false
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-go@v4.1.0
with:
go-version-file: go.mod
- run: make install-cli
- name: Run Plural PR Contracts Validation
run: |
plural pr contracts --file test/contracts.yaml --validate || { echo "❌ Contract validation failed! Blocking release."; exit 1; }
- name: Get Previous Tag
id: prev
uses: WyriHaximus/github-action-get-previous-tag@v1
env:
INPUT_PREFIX: v
- name: Install Cosign
uses: sigstore/cosign-installer@v3.6.0
- name: GoReleaser (Release)
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser-pro
version: '~> v2'
args: release --clean --timeout 90m
env:
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
GITLAB_CLIENT_SECRET: ${{ secrets.GITLAB_CLIENT_SECRET }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
GORELEASER_CURRENT_TAG: ${{ github.ref_name }}
GORELEASER_PREVIOUS_TAG: ${{ steps.release.outputs.prev }}