show go version #22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .github/workflows/release.yml | |
| name: goreleaser | |
| on: | |
| #pull_request: | |
| push: | |
| # run only against tags | |
| tags: | |
| - "*" | |
| branches: | |
| - update-go1.25.1 # TODO : remove after | |
| jobs: | |
| setup-go-version-from-file: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: setup go version | |
| id: setup-go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: ${{ github.workspace }}/go.mod # same version than the one in the go.mod | |
| - name: Show go version from command | |
| run: go version | |
| - name: Show go version from github action | |
| run: echo ${{ steps.setup-go.outputs.go-version }} | |
| goreleaser: | |
| runs-on: ubuntu-latest | |
| env: | |
| WORKSPACE: ${{github.workspace}} | |
| # Define job outputs from steps outputs | |
| # It is | |
| outputs: | |
| hashes: ${{ steps.publish-artifacts.outputs.hashes }} | |
| image: ${{ steps.publish-artifacts.outputs.name }} | |
| digest: ${{ steps.publish-artifacts.outputs.digest }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Publish Artifacts | |
| id : publish-artifacts | |
| uses: ./.github/actions/publish-release | |
| with: | |
| go-version-file: ${{ github.workspace }}/go.mod # same version than the one in the go.mod | |
| github_token : ${{ secrets.GITHUB_TOKEN }} | |
| registry: ghcr.io | |
| registry_username: ${{ github.actor }} | |
| registry_password: ${{ secrets.GITHUB_TOKEN }} | |
| # Job generating provenance for blobs artifacts requiring checksum hash in base64 format | |
| # upload-assets is set to true to add in-toto attestation to the release | |
| binary-provenance: | |
| needs: [goreleaser] | |
| permissions: | |
| actions: read # To read the workflow path. | |
| id-token: write # To sign the provenance. | |
| contents: write # To add assets to a release. | |
| uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0 | |
| with: | |
| base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" | |
| upload-assets: true | |
| # Job generating provenance for container images requiring an image and an image digest | |
| image-provenance: | |
| needs: [goreleaser] | |
| permissions: | |
| actions: read | |
| id-token: write | |
| packages: write | |
| uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0 | |
| with: | |
| image: ${{ needs.goreleaser.outputs.image }} | |
| digest: ${{ needs.goreleaser.outputs.digest }} | |
| registry-username: ${{ github.actor }} | |
| secrets: | |
| registry-password: ${{ secrets.GITHUB_TOKEN }} | |
| verify-provenance: | |
| needs: [goreleaser, binary-provenance,image-provenance] | |
| runs-on: ubuntu-latest | |
| env: | |
| WORKSPACE: ${{github.workspace}} | |
| permissions: | |
| actions: read | |
| id-token: write | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Verify provenance attestations | |
| id : slsa-verifier | |
| uses: ./.github/actions/verify-attestations | |
| with: | |
| go-version-file: ${{ github.workspace }}/go.mod # same version than the one in the go.mod | |
| github_token : ${{ secrets.GITHUB_TOKEN }} | |
| image: ${{needs.goreleaser.outputs.image}}@${{needs.goreleaser.outputs.digest}} |