Skip to content

Cut Release

Cut Release #98

Workflow file for this run

# Copyright 2024 Chainguard, Inc.
# SPDX-License-Identifier: Apache-2.0
name: Cut Release
on:
workflow_dispatch:
permissions: {}
env:
VERSION_FILE: "pkg/release/version.go"
jobs:
tag:
if: ${{ github.repository == 'chainguard-dev/malcontent' }}
runs-on: ubuntu-24.04-arm
permissions:
id-token: write
contents: write
steps:
- uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0
with:
egress-policy: block
allowed-endpoints: >
*.blob.core.windows.net:443
*.githubapp.com:443
api.github.com:443
github.com:443
octo-sts.dev:443
release-assets.githubusercontent.com:443
- uses: chainguard-dev/actions/setup-gitsign@f0be69916b439d0fcced2451b23d0f27cd46d545 # main
- name: Set up Octo-STS
uses: octo-sts/action@f603d3be9d8dd9871a265776e625a27b00effe05 # v1.1.1
id: octo-sts
with:
scope: chainguard-dev/malcontent
identity: release
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
# zizmor: ignore[artipacked] - credentials needed for gh release create
with:
token: ${{ steps.octo-sts.outputs.token }}
- name: Get Version
id: get-version
run: |
VERSION=$(awk -F'"' '/ID string =/ {print $2}' "${VERSION_FILE}")
if [[ ! "${VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: VERSION is not a valid semver"
exit 1
fi
echo "VERSION=${VERSION}" >> "${GITHUB_OUTPUT}"
- name: Create Release
env:
GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
VERSION: ${{ steps.get-version.outputs.VERSION }}
if: ${{ steps.get-version.outputs.VERSION != '' }}
run: |
if [[ ! "${VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: VERSION is not a valid semver"
exit 1
fi
git config --global tag.gpgsign true
gh release create "${VERSION}" --title "${VERSION}" --notes "Release ${VERSION}" --draft