-
Notifications
You must be signed in to change notification settings - Fork 0
149 lines (138 loc) · 4.97 KB
/
publish_release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# This workflow will build a .NET project
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-net
name: Publish Release
on:
push:
tags:
- v*
workflow_dispatch:
inputs:
draft:
description: 'Draft release?'
required: true
default: 'false'
version:
description: 'Version'
required: false
default: 'v'
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
release:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
packages: write
attestations: write
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: 9.x
- name: Build and Test
run: dotnet test --verbosity normal
- name: Generate Semantic Version
id: generate_semver
if: ${{ inputs.version == 'v' && github.event_name == 'workflow_dispatch' }}
uses: zwaldowski/semver-release-action@v4
with:
github_token: ${{ github.token }}
bump: patch
prefix: v
dry_run: true
- name: Set version
id: set_version
run: |
VERSION_TAG=${{ (inputs.version != 'v' && inputs.version) || steps.generate_semver.outputs.version_tag || github.ref_name }}
VERSION=${VERSION_TAG//v/}
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "version_tag=$VERSION_TAG" >> $GITHUB_OUTPUT
# Binaries
- name: Publish Windows
run: dotnet publish -r win-x64 /p:Version=${{ steps.set_version.outputs.version }} -o ./publish/win-x64 ./src
- name: Publish Linux
run: dotnet publish -r linux-x64 /p:Version=${{ steps.set_version.outputs.version }} -o ./publish/linux-x64 ./src
- name: Publish OSX-x64
run: dotnet publish -r osx-x64 /p:Version=${{ steps.set_version.outputs.version }} -o ./publish/osx-x64 ./src
- name: Publish OSX-ARM
run: dotnet publish -r osx-arm64 /p:Version=${{ steps.set_version.outputs.version }} -o ./publish/osx-arm64 ./src
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: './publish/**'
- name: Zip Artifacts
run: |
mkdir -p ./release
zip -r ./release/win-x64.zip ./publish/win-x64
tar -czvf ./release/linux-x64.tar.gz ./publish/linux-x64
tar -czvf ./release/osx-x64.tar.gz ./publish/osx-x64
tar -czvf ./release/osx-arm64.tar.gz ./publish/osx-arm64
- name: Generate ZIP attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: './release/*'
# Docker
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Docker Login
uses: docker/[email protected]
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/[email protected]
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
${{ !contains(steps.set_version.outputs.version_tag, '-') && 'latest' || '' }}
${{ steps.set_version.outputs.version_tag }}
${{ (github.ref_type == 'branch' && github.ref_name) || ''}}
- name: Build Docker image
id: push
uses: docker/[email protected]
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Generate image artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
- name: Install cosign
uses: sigstore/[email protected]
with:
cosign-release: 'v2.2.4'
- name: Sign the published Docker image
env:
TAGS: ${{ steps.meta.outputs.tags }}
DIGEST: ${{ steps.push.outputs.digest }}
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
# Release
- id: dockertag
run: echo "tag=$(echo "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.set_version.outputs.version_tag }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Create GitHub Release
uses: ncipollo/[email protected]
with:
artifacts: ./release/*
token: ${{ github.token }}
tag: ${{ steps.set_version.outputs.version_tag }}
commit: ${{ github.sha }}
generateReleaseNotes: true
body: |
## Release ${{ steps.set_version.outputs.version_tag }}
#### Docker image:
```
${{ steps.dockertag.outputs.tag }}
```
draft: ${{ inputs.draft }}
prerelease: ${{ contains(steps.set_version.outputs.version_tag, '-') }}
allowUpdates: true