🧹 clean up gitlab discovery and fix bad platformids for tf (#1797) #165

Summary
Jobs
- goreleaser
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/goreleaser.yml at f773931

	name: goreleaser

	on:
	push:
	tags:
	- '*'
	workflow_dispatch:
	inputs:
	skip-publish:
	description: 'Skip publishing to releases.mondoo.com?'
	type: boolean
	required: false
	default: false


	env:
	REGISTRY: docker.io

	jobs:
	goreleaser:
	permissions:
	# Add "contents" to write release
	contents: 'write'
	# Add "id-token" for google-github-actions/auth
	id-token: 'write'

	runs-on: self-hosted
	timeout-minutes: 120
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	with:
	fetch-depth: 0

	- name: Set up Go
	uses: actions/setup-go@v4
	with:
	go-version: ">=1.21.0"
	cache: false

	- name: 'Authenticate to Google Cloud'
	uses: 'google-github-actions/auth@v1'
	with:
	workload_identity_provider: ${{ secrets.GCP_WIP }}
	service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}

	- id: 'gcp_secrets'
	uses: 'google-github-actions/get-secretmanager-secrets@v1'
	with:
	secrets: \|-
	code_sign_cert_b64:mondoo-base-infra/mondoo_code_sign_certificate_pfx_b64
	code_sign_cert_challenge:mondoo-base-infra/mondoo_code_sign_challenge

	- name: "Write RPM Signing Cert"
	run: \|
	gpgkey="$(mktemp -t gpgkey.XXX)"
	base64 -d <<<"$GPG_KEY" > "$gpgkey"
	echo "GPG_KEY_PATH=$gpgkey" >> $GITHUB_ENV
	env:
	GPG_KEY: '${{ secrets.GPG_KEY}}'

	- name: "Write Windows Signing Cert"
	run: \|
	cert="$(mktemp -t cert.XXX)"
	base64 -d <<<"$CERT_CONTENTS" > "$cert"
	echo "CERT_FILE=$cert" >> $GITHUB_ENV
	env:
	CERT_CONTENTS: '${{ steps.gcp_secrets.outputs.code_sign_cert_b64 }}'

	- name: Configure DigiCert Signing Variables
	shell: bash
	run: \|
	# CertLocker Authentication Certifiate
	CERT_PATH="$(mktemp -t cert.XXX)"
	echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" \| base64 --decode > ${CERT_PATH}
	echo "SM_CLIENT_CERT_FILE=${CERT_PATH}" >> "$GITHUB_ENV"
	echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
	# CertLocker API Key & Host
	echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
	echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
	# DigiCert CertLocker Code Signing Certificate
	echo "SM_CODE_SIGNING_CERT_SHA1_HASH=${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}" >> "$GITHUB_ENV"
	echo "SM_CERT_ALIAS=${{ secrets.SM_CERT_ALIAS }}" >> "$GITHUB_ENV"

	# - name: Install jSign (Windows Signing Tool) -- Required for public runners
	# run: \|
	# curl -LO https://github.com/ebourg/jsign/releases/download/5.0/jsign_5.0_all.deb
	# sudo dpkg -i ./jsign_5.0_all.deb

	- name: Install Quill for Mac Signing and Notarization
	run: \|
	curl -sSfL https://raw.githubusercontent.com/anchore/quill/main/install.sh \| sh -s -- -b /tmp
	/tmp/quill help

	- name: Log in to the Container registry
	uses: docker/login-action@v2
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}

	- name: Run GoReleaser
	uses: goreleaser/goreleaser-action@v4
	with:
	distribution: goreleaser
	version: latest
	args: release --clean --timeout 120m
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	CERT_PASSWORD: ${{ steps.gcp_secrets.outputs.code_sign_cert_challenge }}
	NFPM_DEFAULT_RPM_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
	QUILL_SIGN_PASSWORD: ''
	QUILL_SIGN_P12: ${{ secrets.APPLE_SIGN_P12 }}
	QUILL_NOTARY_KEY: ${{ secrets.APPLE_NOTARY_KEY }}
	QUILL_NOTARY_KEY_ID: ${{ secrets.APPLE_NOTARY_KEY_ID }}
	QUILL_NOTARY_ISSUER: ${{ secrets.APPLE_NOTARY_ISSUER }}

	- name: Check RPMs
	run: \|
	rpm -qpi dist/*.rpm
	- name: Output Quill Logs
	if: ${{ failure() }}
	run: \|
	for f in $(find /tmp -name 'quill-*.log' 2>/dev/null); do
	echo "=== $f ==="
	ls -l $f
	cat $f
	done

	- name: Publish Release to releases.mondoo.com
	if: ${{ ! inputs.skip-publish }}
	uses: peter-evans/repository-dispatch@v2
	with:
	token: ${{ secrets.RELEASR_ACTION_TOKEN }}
	repository: "mondoohq/releasr"
	event-type: publish-release
	client-payload: '{
	"repository": "${{ github.event.repository.name }}",
	"version": "${{ github.ref_name }}"
	}'

	- name: Cleanup
	if: always()
	run:
	rm -f ${CERT_PATH}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🧹 clean up gitlab discovery and fix bad platformids for tf (#1797) #165

Workflow file

🧹 clean up gitlab discovery and fix bad platformids for tf (#1797) #165

Jobs

Run details

Workflow file for this run