56 lines
1.4 KiB
YAML
56 lines
1.4 KiB
YAML
---
|
|
name: "release"
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- "*"
|
|
|
|
jobs:
|
|
release:
|
|
name: "release"
|
|
runs-on: "ubuntu-latest"
|
|
steps:
|
|
|
|
# checkout repo
|
|
- name: "checkout"
|
|
uses: "actions/checkout@v6"
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
# setup go
|
|
- name: "set up go"
|
|
uses: "actions/setup-go@v6"
|
|
with:
|
|
go-version: "stable"
|
|
|
|
# install syft
|
|
- name: "install syft"
|
|
uses: "anchore/sbom-action/download-syft@v0"
|
|
|
|
# run goreleaser
|
|
- name: "run goreleaser"
|
|
uses: "goreleaser/goreleaser-action@v6"
|
|
with:
|
|
version: "v2.8.2"
|
|
args: "release --clean --config ./.github/.goreleaser.yaml"
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
|
|
|
|
# generate sbom
|
|
- name: "generate sbom"
|
|
run: |
|
|
APP_NAME="gogitlabber"
|
|
VERSION=${GITHUB_REF#refs/tags/}
|
|
syft go.mod -o spdx-json=${APP_NAME}-${VERSION}-sbom.spdx.json
|
|
syft go.mod -o cyclonedx-json=${APP_NAME}-${VERSION}-sbom.cyclonedx.json
|
|
|
|
# upload sbom to release
|
|
- name: "upload sbom to release"
|
|
uses: "softprops/action-gh-release@v3"
|
|
with:
|
|
files: |
|
|
gogitlabber-*-sbom.spdx.json
|
|
gogitlabber-*-sbom.cyclonedx.json
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
|