Skip to content
release

chore(deps): update dependency cosign to v3 (#189) #51

Sign in to view logs

chore(deps): update dependency cosign to v3 (#189)

chore(deps): update dependency cosign to v3 (#189) #51

Workflow file for this run

.github/workflows/release.yaml at 845a76f
name: release
on:
push:
tags:
- v*
workflow_dispatch:
inputs:
tag:
description: Tag to release
required: true
jobs:
goreleaser:
name: goreleaser
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
packages: write
attestations: write
env:
MACOS_SIGN_P12: ${{ secrets.MACOS_SIGN_P12 }}
MACOS_SIGN_PASSWORD: ${{ secrets.MACOS_SIGN_PASSWORD }}
MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY }}
MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID }}
MACOS_NOTARY_ISSUER_ID: ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
steps:
- name: Generate Token
uses: actions/create-github-app-token@v2
id: app-token
with:
app-id: "${{ secrets.BOT_APP_ID }}"
private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
owner: "${{ github.repository_owner }}"
repositories: |
kat
homebrew-tap
nur-packages
- name: Checkout
uses: actions/checkout@v6
with:
token: "${{ steps.app-token.outputs.token }}"
ref: ${{ github.event.inputs.tag != '' && format('refs/tags/{0}', github.event.inputs.tag) || github.ref }}
fetch-depth: 0
persist-credentials: false
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Set up devbox
uses: jetify-com/devbox-install-action@v0.14.0
with:
enable-cache: true
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- name: Release in devbox
run: devbox run -- task go-release
env:
GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}"
- name: Attest Build Provenance
uses: actions/attest-build-provenance@v3
with:
subject-checksums: ./dist/checksums.txt