-
Notifications
You must be signed in to change notification settings - Fork 3
116 lines (101 loc) · 4.22 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
name: Release SDK
on:
workflow_dispatch:
inputs:
version:
description: "Version to release (e.g., v1.0.0)"
required: true
type: string
jobs:
release:
name: Release
runs-on: ${{ vars.RUNNER_RUNS_ON }} # settings > secrets and variables > variables > RUNNER_RUNS_ON
permissions:
contents: write
env:
GPG_PASSPHRASE: ${{ secrets.MAGALUBOT_GPG_PASSPHRASE }}
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 #v5.3.0
with:
go-version: ${{ vars.GO_VERSION }} # settings > secrets and variables > variables > GO_VERSION
cache: true
cache-dependency-path: |
**/go.mod
**/go.sum
- name: Validate version format
id: validate-version
run: |
if [[ ! ${{ github.event.inputs.version }} =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Invalid version format. Must be in format v1.0.0"
exit 1
fi
- name: Run tests
id: run-tests
if: steps.validate-version.outcome == 'success'
run: go test -v ./...
- name: Import and Trust GPG Key
id: import-gpg-key
if: steps.run-tests.outcome == 'success'
env:
GPG_PRIVATE_KEY: ${{ secrets.MAGALUBOT_GPG_PRIVATE_KEY }}
run: |
# Import the private key with passphrase
echo "$GPG_PRIVATE_KEY" | gpg --batch --yes --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE" --import
# Get Key ID and Fingerprint
KEY_ID=$(gpg --list-secret-keys --keyid-format LONG | awk '/sec/ {split($2, a, "/"); print a[2]}')
FINGERPRINT=$(gpg --fingerprint --with-colons $KEY_ID | awk -F: '$1 == "fpr" {print $10; exit}')
# Trust the key ultimately
echo "${FINGERPRINT}:6:" | gpg --import-ownertrust
# Create GPG wrapper script
mkdir -p ~/bin
echo '#!/bin/sh' > ~/bin/git-gpg-wrapper
echo 'echo "$GPG_PASSPHRASE" | gpg --batch --yes --pinentry-mode loopback --passphrase-fd 0 "$@"' >> ~/bin/git-gpg-wrapper
chmod +x ~/bin/git-gpg-wrapper
echo "$HOME/bin" >> $GITHUB_PATH
# Set GPG_TTY to avoid warnings
echo "GPG_TTY=$(tty)" >> $GITHUB_ENV
- name: Configure Git
id: config-git
if: steps.import-gpg-key.outcome == 'success'
run: |
git config --global user.email "${{vars.MAGALUBOT_EMAIL}}"
git config --global user.name "${{vars.MAGALUBOT_USER_NAME}}"
git config --global commit.gpgsign true
git config --global tag.gpgsign true
git config --global gpg.program git-gpg-wrapper
# Get and set the signing key
SIGNING_KEY=$(gpg --list-secret-keys --keyid-format LONG | awk '/sec/ {split($2, a, "/"); print a[2]}')
git config --global user.signingkey $SIGNING_KEY
- name: Create and push tag
id: create-and-push-tag
if: steps.config-git.outcome == 'success'
run: |
git tag -a ${{ github.event.inputs.version }} -m "Release ${{ github.event.inputs.version }}"
git push origin ${{ github.event.inputs.version }}
- name: Publish to Go package registry
id: publish-to-go-package-registry
if: steps.create-and-push-tag.outcome == 'success'
env:
GOPROXY: proxy.golang.org
run: |
go mod tidy
GOPROXY=proxy.golang.org go list -m github.com/${GITHUB_REPOSITORY}@${{ github.event.inputs.version }}
- name: Create release
id: create-release
if: steps.publish-to-go-package-registry.outcome == 'success'
uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda #v2.2.1
with:
files: |
go.mod
go.sum
token: ${{ secrets.GITHUB_TOKEN }}
tag_name: ${{ github.event.inputs.version }}
release_name: ${{ github.event.inputs.version }}
body: "Release ${{ github.event.inputs.version }}"
draft: true
prerelease: false