Merge pull request #36 from TMUniversal/renovate/anchore-sbom-action-0.x #33

Summary
Jobs
- build
- release
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/release.yml at 605d88a

	name: PaperCrypt Release

	on:
	push:
	branches:
	- main

	permissions:
	contents: write
	packages: write

	env:
	DEBIAN_FRONTEND: noninteractive

	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version-file: go.mod
	check-latest: true
	cache-dependency-path: "*/.sum"

	- name: Install dependencies
	run: \|
	sudo apt-get install -y poppler-utils
	which pdftoppm

	- name: Install Task
	uses: arduino/setup-task@v1
	with:
	version: 3.x
	repo-token: ${{ secrets.GITHUB_TOKEN }}

	- name: Install GoReleaser
	uses: goreleaser/goreleaser-action@v5
	with:
	install-only: true

	- name: Build
	run: task build

	- name: Test
	run: task test

	release:
	needs: build
	runs-on: ubuntu-22.04
	env:
	DOCKER_BUILDKIT: 1
	steps:
	- name: Source checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Fetch all tags
	run: git fetch --force --tags

	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version-file: go.mod
	check-latest: true
	cache-dependency-path: "*/.sum"

	- name: Save `go version`
	id: go-version
	run: echo "GOVERSION=$(go version)" >> $GITHUB_OUTPUT

	- name: Install Task
	uses: arduino/setup-task@v1
	with:
	version: 3.x
	repo-token: ${{ secrets.GITHUB_TOKEN }}

	- uses: sigstore/cosign-installer@v3
	- name: Confirm cosign installation
	run: cosign version

	- name: Install dependencies
	run: \|
	sudo apt-get install -y poppler-utils
	which pdftoppm

	- uses: crazy-max/ghaction-upx@v3
	with:
	install-only: true

	- name: Install Task
	uses: arduino/setup-task@v1
	with:
	version: 3.x
	repo-token: ${{ secrets.GITHUB_TOKEN }}

	- name: Install GoReleaser
	uses: goreleaser/goreleaser-action@v5
	with:
	install-only: true

	- uses: anchore/sbom-action/[email protected]

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver: docker
	install: true

	- name: GitHub Container Registry Login
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Decode cosign key
	run: echo "${{ secrets.COSIGN_KEY_BASE64 }}" \| base64 -d > cosign.key

	- name: Publish Release
	run: task release
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	GORELEASER_TOKEN: ${{ secrets.GORELEASER_TOKEN }}
	GOVERSION: ${{ steps.go-version.outputs.GOVERSION }}
	S3_BUCKET: ${{ secrets.S3_BUCKET }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	S3_REGION: ${{ secrets.S3_REGION }}
	S3_ENDPOINT: ${{ secrets.S3_ENDPOINT }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #36 from TMUniversal/renovate/anchore-sbom-action-0.x #33

Workflow file

Merge pull request #36 from TMUniversal/renovate/anchore-sbom-action-0.x #33

Jobs

Run details

Workflow file for this run