Skip to content

Fix release permissions #323

Fix release permissions

Fix release permissions #323

Workflow file for this run

name: Main
on: [push, pull_request]
jobs:
build:
name: Build
runs-on: "ubuntu-latest"
permissions:
id-token: write
packages: write
contents: write
attestations: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: '1.23.x'
check-latest: true
- name: Print Go Version
run: go version
- name: Compute Version
id: version
run: |
echo ${GITHUB_REF}
tag=${GITHUB_REF#refs/tags/}
publish="no"
release="no"
if [ "${tag}" != "${GITHUB_REF}" ]; then
tag=$(echo "${tag}" | sed -e 's/[^a-zA-Z0-9\-\.]/-/g')
version=${tag}
publish="yes"
release="yes"
fi
branch=${GITHUB_REF#refs/heads/}
if [[ -z "${version}" && "${branch}" != "${GITHUB_REF}" ]]; then
branch=$(echo "${branch}" | sed -e 's/[^a-zA-Z0-9\-\.]/-/g')
version=${branch}
if [[ ${branch} = "master" || "${branch}" = "develop" ]]; then
publish="yes"
fi
fi
pr=${GITHUB_REF#refs/pull/}
if [[ -z "${version}" && "${pr}" != "${GITHUB_REF}" ]]; then
pr=$(echo "${pr}" | sed -e 's/[^a-zA-Z0-9\-\.]/-/g')
version=${pr}
fi
if [ -z "${version}" ]; then
echo "Version could not be determined" >&2
exit 1
else
echo CI_VERSION=${version} >> $GITHUB_ENV
echo PUBLISH=${publish} >> $GITHUB_ENV
echo RELEASE=${release} >> $GITHUB_ENV
fi
- name: Test
run: |
make test
- name: Build
run: |
if [[ ${PUBLISH} = "yes" ]]; then
make release
else
make
fi
- uses: actions/attest-build-provenance@v2
if: ${{ env.PUBLISH == 'yes' }}
with:
subject-path: 'release/**/dockcmd*'
- name: Release Artifacts
if: ${{ env.RELEASE == 'yes' }}
run: |
gh release create ${CI_VERSION} --draft --verify-tag --title "Release ${CI_VERSION}"
gh release upload ${CI_VERSION} ./release/*.zip
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
if: ${{ env.PUBLISH == 'yes' }}
uses: docker/setup-qemu-action@v3
- name: Set up Buildx
if: ${{ env.PUBLISH == 'yes' }}
uses: docker/setup-buildx-action@v3
with:
buildkitd-flags: --debug
- name: Login to Docker HUB
if: ${{ env.PUBLISH == 'yes' }}
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Login to GitHub Container Registry
if: ${{ env.PUBLISH == 'yes' }}
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
if: ${{ env.PUBLISH == 'yes' }}
id: push
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
build-args: |
VERSION=${{ env.CI_VERSION }}
tags: |
boxboat/dockcmd:${{ env.CI_VERSION }}
ghcr.io/boxboat/dockcmd:${{ env.CI_VERSION }}
- name: Attest ghcr image
if: ${{ env.PUBLISH == 'yes' }}
uses: actions/attest-build-provenance@v2
with:
subject-name: ghcr.io/boxboat/dockcmd
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true