version bump #7
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| on: | |
| push: | |
| tags: | |
| - v[0-9]+.[0-9]+ | |
| permissions: read-all | |
| jobs: | |
| docker-hub: | |
| name: Docker Hub | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| id-token: write # To perform keyless signing with cosign | |
| environment: | |
| name: docker | |
| url: https://hub.docker.com/r/ericornelissen/ades | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| with: | |
| persist-credentials: false | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 | |
| with: | |
| cosign-release: v2.2.3 | |
| - name: Get release version | |
| id: version | |
| shell: bash | |
| run: | | |
| echo "version=${GITHUB_REF#refs/tags/}" >>"$GITHUB_OUTPUT" | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 | |
| with: | |
| username: ${{ vars.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build and push to Docker Hub | |
| id: docker | |
| uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 | |
| with: | |
| context: . | |
| file: Containerfile | |
| push: true | |
| tags: >- | |
| ericornelissen/ades:latest, | |
| ericornelissen/ades:${{ steps.version.outputs.version }} | |
| - name: Sign container image | |
| env: | |
| DIGEST: ${{ steps.docker.outputs.digest }} | |
| REF: ${{ github.sha }} | |
| REPO: ${{ github.repository }} | |
| WORKFLOW: ${{ github.workflow }} | |
| run: | | |
| cosign sign --yes \ | |
| -a "ref=${REF}" \ | |
| -a "repo=${REPO}" \ | |
| -a "workflow=${WORKFLOW}" \ | |
| "docker.io/ericornelissen/ades@${DIGEST}" | |
| github-release: | |
| name: GitHub Release | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| attestations: write # To create GitHub Attestations | |
| contents: write # To create a GitHub Release | |
| id-token: write # To perform keyless signing with cosign for attestations | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| with: | |
| persist-credentials: false | |
| - name: Install Go | |
| uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Get release version | |
| id: version | |
| shell: bash | |
| run: | | |
| echo "version=${GITHUB_REF#refs/tags/}" >>"$GITHUB_OUTPUT" | |
| - name: Compile | |
| run: go run tasks.go build-all | |
| - name: Create GitHub release | |
| uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
| with: | |
| tag: ${{ steps.version.outputs.version }} | |
| name: Release ${{ steps.version.outputs.version }} | |
| body: ${{ steps.version.outputs.version }} | |
| artifacts: ./_compiled/* | |
| - name: Attest build provenance | |
| uses: actions/attest-build-provenance@619dbb2e03e0189af0c55118e7d3c5e129e99726 # v2.0.0 | |
| with: | |
| subject-path: ./_compiled/* |