Skip to content

Allow uploading sources #47

Allow uploading sources

Allow uploading sources #47

Workflow file for this run

name: Container
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
env:
# renovate: datasource=go depName=github.com/goreleaser/goreleaser
GORELEASER_VERSION: v1.10.2
jobs:
skip-check:
name: Skip check
continue-on-error: true
runs-on: ubuntu-latest
outputs:
should_skip: ${{ steps.skip-check.outputs.should_skip }}
permissions:
actions: write
contents: read
steps:
- id: skip-check
uses: fkirc/skip-duplicate-actions@9d116fa7e55f295019cfab7e3ab72b478bcf7fdd # tag=v4.0.0
with:
do_not_skip: '["schedule", "workflow_dispatch"]'
paths: |-
[
"**.go",
".dockerignore",
".github/workflows/container.yml",
"Dockerfile*",
"Makefile",
"go.mod",
"go.sum"
]
skip_after_successful_duplicate: false
build-binaries:
name: Build binaries using goreleaser
needs: skip-check
if: ${{ needs.skip-check.outputs.should_skip != 'true' }}
runs-on: ubuntu-latest
container:
image: docker.io/goreleaser/goreleaser-cross:v1.18.3
options: --privileged
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GORELEASER_CURRENT_TAG: "${{ env.goreleaser_current_tag }}"
steps:
- name: Check out the code
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
- name: Set up Go
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # tag=v3.2.1
with:
go-version-file: 'go.mod'
cache: true
- name: Run Goreleaser
run: goreleaser release --rm-dist --skip-validate --skip-publish --snapshot --debug
- name: Archive generated artifacts
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
with:
name: parca-debuginfo-dist-container
if-no-files-found: error
path: |
goreleaser/dist
!goreleaser/dist/*.txt
build-and-push-container:
name: Container build and push (when merged)
needs: build-binaries
runs-on: ubuntu-latest
container:
# https://github.com/containers/podman/tree/main/contrib/podmanimage
# Specifying SHA repeatedly fails:
# @sha256:421ac576cebff98e90c531e7b9ce4482370ecc7cee59abc2341714031bfb5f43
image: quay.io/containers/podman:v4.1.1
options: >-
--device /dev/fuse:rw
--privileged
--security-opt label=disable
--security-opt seccomp=unconfined
permissions:
id-token: write
packages: write
contents: read
steps:
- name: Install dependencies
run: dnf install --assumeyes --repo fedora git make jq
- name: Check out code into the Go module directory
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
- name: Set up Go
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # tag=v3.2.1
with:
go-version-file: 'go.mod'
check-latest: true
- uses: actions/download-artifact@v3
with:
name: parca-debuginfo-dist-container
path: goreleaser/dist
- name: Build container
run: make container
- name: Check images are created
run: podman images | grep 'ghcr.io/parca-dev/parca-debuginfo'
- name: Install cosign
if: ${{ github.event_name != 'pull_request' }}
uses: sigstore/cosign-installer@09a077b27eb1310dcfb21981bee195b30ce09de0 # tag=v2.5.0
- name: Login to registry
if: ${{ github.event_name != 'pull_request' }}
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | podman login -u parca-dev --password-stdin ghcr.io
- name: Install crane
if: ${{ github.event_name != 'pull_request' }}
uses: imjasonh/setup-crane@e82f1b9a8007d399333baba4d75915558e9fb6a4 # tag=v0.2
- name: Push and sign container
if: ${{ github.event_name != 'pull_request' }}
env:
COSIGN_EXPERIMENTAL: true
run: |
make push-container
make sign-container