build(release): disable winget release step #54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PaperCrypt Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| jobs: | |
| build: | |
| name: Build and Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
| with: | |
| go-version-file: go.mod | |
| check-latest: true | |
| cache-dependency-path: "**/*.sum" | |
| - name: Install Task | |
| uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # 2.0.0 | |
| with: | |
| version: 3.x | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install GoReleaser | |
| uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 | |
| with: | |
| install-only: true | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get install -y poppler-utils | |
| which pdftoppm | |
| - name: Build | |
| run: task build | |
| - name: Test | |
| run: task test | |
| no_diff: | |
| name: Check for go.mod changes, third-party license mismatch | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
| with: | |
| go-version-file: go.mod | |
| check-latest: true | |
| cache-dependency-path: "**/*.sum" | |
| - name: Run `go mod tidy` and abort if changes were made | |
| run: go mod tidy -v && git diff --exit-code || (echo "go mod tidy made changes" && exit 1) | |
| - name: Install Task | |
| uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # 2.0.0 | |
| with: | |
| version: 3.x | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install go-licenses | |
| run: go install github.com/google/go-licenses@latest | |
| - name: Check for third-party updates | |
| run: task docs:third_party && git diff --exit-code || (echo "third-party license mismatch" && exit 1) | |
| golangci: | |
| permissions: | |
| contents: read # for actions/checkout to fetch code | |
| pull-requests: read # for golangci/golangci-lint-action to fetch pull requests | |
| name: lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
| with: | |
| go-version: stable | |
| cache: false | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0 | |
| with: | |
| args: --timeout=5m | |
| release: | |
| needs: [build, no_diff, golangci] | |
| name: Release | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| steps: | |
| - name: Source checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| fetch-depth: 0 | |
| - name: Fetch all tags | |
| run: git fetch --force --tags | |
| - name: Set up Go | |
| uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
| with: | |
| go-version-file: go.mod | |
| check-latest: true | |
| cache-dependency-path: "**/*.sum" | |
| - name: Save `go version` | |
| id: go-version | |
| run: echo "GOVERSION=$(go version)" >> $GITHUB_OUTPUT | |
| - name: Set up Node | |
| uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
| with: | |
| node-version: 20 | |
| - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 | |
| - name: Confirm cosign installation | |
| run: cosign version | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get install -y poppler-utils | |
| which pdftoppm | |
| - uses: crazy-max/ghaction-upx@0fc45e912669ba9e8fa2b430e97c8da2a632e29b # v3.0.0 | |
| with: | |
| install-only: true | |
| - name: Install Task | |
| uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # 2.0.0 | |
| with: | |
| version: 3.x | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install GoReleaser | |
| uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 | |
| with: | |
| install-only: true | |
| - uses: anchore/sbom-action/download-syft@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | |
| with: | |
| driver: docker | |
| install: true | |
| - name: GitHub Container Registry Login | |
| uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Decode cosign key | |
| run: echo "${{ secrets.COSIGN_KEY_BASE64 }}" | base64 -d > cosign.key | |
| - name: Publish Release | |
| run: task release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| GORELEASER_TOKEN: ${{ secrets.GORELEASER_TOKEN }} | |
| GOVERSION: ${{ steps.go-version.outputs.GOVERSION }} | |
| S3_REGION: ${{ secrets.S3_REGION }} | |
| S3_ENDPOINT: ${{ secrets.S3_ENDPOINT }} | |
| S3_BUCKET: ${{ secrets.S3_BUCKET }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |