130 lines (127 loc) · 3.93 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: build
on:
push:
tags:
- v*
branches:
- main
pull_request:
permissions:
contents: write
id-token: write
packages: write
jobs:
govulncheck:
uses: caarlos0/meta/.github/workflows/govulncheck.yml@main
semgrep:
uses: caarlos0/meta/.github/workflows/semgrep.yml@main
ruleguard:
uses: caarlos0/meta/.github/workflows/ruleguard.yml@main
unit-tests:
strategy:
matrix:
os: [ ubuntu-latest, macos-latest, windows-latest ]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-go@v3
with:
go-version: '~1.19'
cache: true
- uses: arduino/setup-task@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: setup-tparse
run: go install github.com/mfridman/tparse@latest
- run: task setup
- name: test
run: ./scripts/test.sh test ${{ matrix.os }}
- uses: codecov/codecov-action@v3
if: matrix.os == 'ubuntu-latest'
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./coverage.txt
acceptance-tests:
strategy:
matrix:
pkgFormat: [ deb, rpm, apk ]
pkgPlatform: [ amd64, arm64, 386, ppc64le, armv6, armv7, s390x ]
runs-on: ubuntu-latest
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
NO_TEST_PPC64LE: "true"
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: '~1.19'
cache: true
- uses: arduino/setup-task@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- run: task setup
- name: setup-tparse
run: go install github.com/mfridman/tparse@latest
- name: acceptance
run: ./scripts/test.sh acceptance ubuntu-latest
env:
TEST_PATTERN: "/${{ matrix.pkgFormat }}/${{ matrix.pkgPlatform }}/"
goreleaser:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
needs:
- unit-tests
- Acceptance-Tests
permissions:
contents: write
id-token: write
packages: write
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-go@v3
with:
go-version: '~1.19'
cache: true
- uses: arduino/setup-task@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- uses: sigstore/cosign-installer@v2.5.1
- uses: anchore/sbom-action/download-syft@v0.12.0
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- run: task setup
- run: task build
- uses: docker/login-action@v2
if: startsWith(github.ref, 'refs/tags/v')
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- uses: docker/login-action@v2
if: startsWith(github.ref, 'refs/tags/v')
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: goreleaser/goreleaser-action@v3
if: success()
with:
version: latest
args: release --rm-dist
distribution: goreleaser-pro
env:
GITHUB_TOKEN: ${{ secrets.GH_PAT }}
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
TWITTER_CONSUMER_KEY: ${{ secrets.TWITTER_CONSUMER_KEY }}
TWITTER_CONSUMER_SECRET: ${{ secrets.TWITTER_CONSUMER_SECRET }}
TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_ACCESS_TOKEN }}
TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
DISCORD_WEBHOOK_ID: ${{ secrets.DISCORD_WEBHOOK_ID }}
DISCORD_WEBHOOK_TOKEN: ${{ secrets.DISCORD_WEBHOOK_TOKEN }}
FURY_TOKEN: ${{ secrets.FURY_TOKEN }}
AUR_KEY: ${{ secrets.AUR_KEY }}