Skip to content

ci: bump actions/cache from 4.3.0 to 5.0.5 #1303

ci: bump actions/cache from 4.3.0 to 5.0.5

ci: bump actions/cache from 4.3.0 to 5.0.5 #1303

Workflow file for this run

name: Release Hub
on:
pull_request:
branches:
- main
push:
branches:
- main
tags:
- v*.*.*
workflow_dispatch:
inputs: {}
permissions:
contents: write
id-token: write
attestations: write
env:
GOTOOLCHAIN: local
jobs:
release:
runs-on: ubuntu-latest
environment: ${{ startsWith(github.ref, 'refs/tags/v') && 'release' || '' }}
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
with:
cache: false
go-version: "1.26"
check-latest: true
cache-dependency-path: |
go.sum
caddy/go.sum
- name: Login to Docker Hub
if: startsWith(github.ref, 'refs/tags/v')
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Import GPG key
if: startsWith(github.ref, 'refs/tags/v')
id: import_gpg
uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
- name: Set GoReleaser Git tags
run: |
tags=$(git tag --list --sort=-version:refname 'v*')
echo "GORELEASER_CURRENT_TAG=$(awk 'NR==1 {print;exit}' <<< "$tags")" >> "$GITHUB_ENV"
echo "GORELEASER_PREVIOUS_TAG=$(awk 'NR==2 {print;exit}' <<< "$tags")" >> "$GITHUB_ENV"
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89 # v7.2.2
with:
version: latest
args: ${{ startsWith(github.ref, 'refs/tags/v') && 'release' || 'build --single-target --snapshot' }} --clean --timeout 60m
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_FINGERPRINT: ${{ startsWith(github.ref, 'refs/tags/v') && steps.import_gpg.outputs.fingerprint || '' }}
- name: Attest release artifacts
if: startsWith(github.ref, 'refs/tags/v')
uses: actions/attest@a1948c3f048ba23858d222213b7c278aabede763 # v4.1.1
with:
subject-path: |
${{ github.workspace }}/dist/**/mercure
${{ github.workspace }}/dist/*.tar.gz
${{ github.workspace }}/dist/*.zip
${{ github.workspace }}/dist/*.apk
${{ github.workspace }}/dist/*.deb
${{ github.workspace }}/dist/*.rpm
${{ github.workspace }}/dist/checksums.txt
- name: Inspect Caddy Docker manifest
id: caddy_image
if: startsWith(github.ref, 'refs/tags/v')
run: |
digest=$(docker buildx imagetools inspect --format '{{.Manifest.Digest}}' "dunglas/mercure:${GITHUB_REF_NAME}")
echo "digest=${digest}" >> "${GITHUB_OUTPUT}"
- name: Attest Caddy Docker manifest
if: startsWith(github.ref, 'refs/tags/v')
uses: actions/attest@a1948c3f048ba23858d222213b7c278aabede763 # v4.1.1
with:
# docker.io/ prefix is required: actions/attest splits subject-name
# on the first '/' to find the registry. We only push to Docker Hub.
subject-name: docker.io/dunglas/mercure
subject-digest: ${{ steps.caddy_image.outputs.digest }}
push-to-registry: true
- name: Inspect legacy Docker image
id: legacy_image
if: startsWith(github.ref, 'refs/tags/v')
run: |
digest=$(docker buildx imagetools inspect --format '{{.Manifest.Digest}}' "dunglas/mercure:legacy-${GITHUB_REF_NAME}")
echo "digest=${digest}" >> "${GITHUB_OUTPUT}"
- name: Attest legacy Docker image
if: startsWith(github.ref, 'refs/tags/v')
uses: actions/attest@a1948c3f048ba23858d222213b7c278aabede763 # v4.1.1
with:
subject-name: docker.io/dunglas/mercure
subject-digest: ${{ steps.legacy_image.outputs.digest }}
push-to-registry: true
- name: Display version
run: dist/caddy_linux_amd64_v1/mercure version
- name: Upload snapshot
if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: snapshot
path: dist/*
retention-days: 1