Merge pull request #50 from TMUniversal/renovate/codecov-codecov-acti… #51

Workflow file for this run

.github/workflows/release.yml at 83e5f5d

	name: PaperCrypt Release

	on:
	push:
	branches:
	- main

	env:
	DEBIAN_FRONTEND: noninteractive

	jobs:
	build:
	name: Build and Test
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	fetch-depth: 0

	- name: Set up Go
	uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
	with:
	go-version-file: go.mod
	check-latest: true
	cache-dependency-path: "*/.sum"

	- name: Install Task
	uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # 2.0.0
	with:
	version: 3.x
	repo-token: ${{ secrets.GITHUB_TOKEN }}

	- name: Install GoReleaser
	uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
	with:
	install-only: true

	- name: Install dependencies
	run: \|
	sudo apt-get install -y poppler-utils
	which pdftoppm

	- name: Build
	run: task build

	- name: Test
	run: task test

	no_diff:
	name: Check for go.mod changes, third-party license mismatch
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	fetch-depth: 0

	- name: Set up Go
	uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
	with:
	go-version-file: go.mod
	check-latest: true
	cache-dependency-path: "*/.sum"

	- name: Run `go mod tidy` and abort if changes were made
	run: go mod tidy -v && git diff --exit-code \|\| (echo "go mod tidy made changes" && exit 1)

	- name: Install Task
	uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # 2.0.0
	with:
	version: 3.x
	repo-token: ${{ secrets.GITHUB_TOKEN }}

	- name: Install go-licenses
	run: go install github.com/google/go-licenses@latest

	- name: Check for third-party updates
	run: task docs:third_party && git diff --exit-code \|\| (echo "third-party license mismatch" && exit 1)

	golangci:
	permissions:
	contents: read # for actions/checkout to fetch code
	pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
	name: lint
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
	with:
	go-version: stable
	cache: false
	- name: golangci-lint
	uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0
	with:
	args: --timeout=5m

	release:
	needs: [build, no_diff, golangci]
	name: Release
	runs-on: ubuntu-22.04
	permissions:
	contents: write
	packages: write
	id-token: write
	env:
	DOCKER_BUILDKIT: 1
	steps:
	- name: Source checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	fetch-depth: 0

	- name: Fetch all tags
	run: git fetch --force --tags

	- name: Set up Go
	uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
	with:
	go-version-file: go.mod
	check-latest: true
	cache-dependency-path: "*/.sum"

	- name: Save `go version`
	id: go-version
	run: echo "GOVERSION=$(go version)" >> $GITHUB_OUTPUT

	- name: Set up Node
	uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
	with:
	node-version: 20

	- uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
	- name: Confirm cosign installation
	run: cosign version

	- name: Install dependencies
	run: \|
	sudo apt-get install -y poppler-utils
	which pdftoppm

	- uses: crazy-max/ghaction-upx@0fc45e912669ba9e8fa2b430e97c8da2a632e29b # v3.0.0
	with:
	install-only: true

	- name: Install Task
	uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # 2.0.0
	with:
	version: 3.x
	repo-token: ${{ secrets.GITHUB_TOKEN }}

	- name: Install GoReleaser
	uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
	with:
	install-only: true

	- uses: anchore/sbom-action/download-syft@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8

	- name: Set up QEMU
	uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
	with:
	driver: docker
	install: true

	- name: GitHub Container Registry Login
	uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Decode cosign key
	run: echo "${{ secrets.COSIGN_KEY_BASE64 }}" \| base64 -d > cosign.key

	- name: Publish Release
	run: task release
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	GORELEASER_TOKEN: ${{ secrets.GORELEASER_TOKEN }}
	GOVERSION: ${{ steps.go-version.outputs.GOVERSION }}
	S3_REGION: ${{ secrets.S3_REGION }}
	S3_ENDPOINT: ${{ secrets.S3_ENDPOINT }}
	S3_BUCKET: ${{ secrets.S3_BUCKET }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #50 from TMUniversal/renovate/codecov-codecov-acti… #51

Workflow file

Merge pull request #50 from TMUniversal/renovate/codecov-codecov-acti… #51

Jobs

Run details

Workflow file for this run