Release SDK #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release SDK | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "Version to release (e.g., v1.0.0)" | |
| required: true | |
| type: string | |
| jobs: | |
| release: | |
| name: Release | |
| runs-on: ${{ vars.RUNNER_RUNS_ON }} | |
| permissions: | |
| contents: write | |
| env: | |
| GPG_PASSPHRASE: ${{ secrets.MAGALUBOT_GPG_PASSPHRASE }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.23" | |
| cache: true | |
| cache-dependency-path: | | |
| **/go.mod | |
| **/go.sum | |
| - name: Validate version format | |
| id: validate-version | |
| run: | | |
| if [[ ! ${{ github.event.inputs.version }} =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| echo "Invalid version format. Must be in format v1.0.0" | |
| exit 1 | |
| fi | |
| - name: Run tests | |
| id: run-tests | |
| if: steps.validate-version.outcome == 'success' | |
| run: go test -v ./... | |
| - name: Import and Trust GPG Key | |
| id: import-gpg-key | |
| if: steps.run-tests.outcome == 'success' | |
| env: | |
| GPG_PRIVATE_KEY: ${{ secrets.MAGALUBOT_GPG_PRIVATE_KEY }} | |
| run: | | |
| # Import the private key with passphrase | |
| echo "$GPG_PRIVATE_KEY" | gpg --batch --yes --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE" --import | |
| # Get Key ID and Fingerprint | |
| KEY_ID=$(gpg --list-secret-keys --keyid-format LONG | awk '/sec/ {split($2, a, "/"); print a[2]}') | |
| FINGERPRINT=$(gpg --fingerprint --with-colons $KEY_ID | awk -F: '$1 == "fpr" {print $10; exit}') | |
| # Trust the key ultimately | |
| echo "${FINGERPRINT}:6:" | gpg --import-ownertrust | |
| # Create GPG wrapper script | |
| mkdir -p ~/bin | |
| echo '#!/bin/sh' > ~/bin/git-gpg-wrapper | |
| echo 'echo "$GPG_PASSPHRASE" | gpg --batch --yes --pinentry-mode loopback --passphrase-fd 0 "$@"' >> ~/bin/git-gpg-wrapper | |
| chmod +x ~/bin/git-gpg-wrapper | |
| echo "$HOME/bin" >> $GITHUB_PATH | |
| # Set GPG_TTY to avoid warnings | |
| echo "GPG_TTY=$(tty)" >> $GITHUB_ENV | |
| - name: Configure Git | |
| id: config-git | |
| if: steps.import-gpg-key.outcome == 'success' | |
| run: | | |
| git config --global user.email "${{vars.MAGALUBOT_EMAIL}}" | |
| git config --global user.name "${{vars.MAGALUBOT_USER_NAME}}" | |
| git config --global commit.gpgsign true | |
| git config --global tag.gpgsign true | |
| git config --global gpg.program git-gpg-wrapper | |
| # Get and set the signing key | |
| SIGNING_KEY=$(gpg --list-secret-keys --keyid-format LONG | awk '/sec/ {split($2, a, "/"); print a[2]}') | |
| git config --global user.signingkey $SIGNING_KEY | |
| - name: Create and push tag | |
| id: create-and-push-tag | |
| if: steps.config-git.outcome == 'success' | |
| run: | | |
| git tag -a ${{ github.event.inputs.version }} -m "Release ${{ github.event.inputs.version }}" | |
| git push origin ${{ github.event.inputs.version }} | |
| - name: Publish to Go package registry | |
| id: publish-to-go-package-registry | |
| if: steps.create-and-push-tag.outcome == 'success' | |
| env: | |
| GOPROXY: proxy.golang.org | |
| run: | | |
| go mod tidy | |
| GOPROXY=proxy.golang.org go list -m github.com/${GITHUB_REPOSITORY}@${{ github.event.inputs.version }} | |
| - name: Create release | |
| id: create-release | |
| if: steps.publish-to-go-package-registry.outcome == 'success' | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: | | |
| go.mod | |
| go.sum | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| tag_name: ${{ github.event.inputs.version }} | |
| release_name: ${{ github.event.inputs.version }} | |
| body: "Release ${{ github.event.inputs.version }}" | |
| draft: true | |
| prerelease: false | |