Merge pull request #1595 from imjasonh/bump-apko-2 #64

Workflow file for this run

.github/workflows/release.yaml at 71c88c3

	name: Create Release

	on:
	push:
	tags:
	- 'v' # Push events to matching v, i.e. v1.0, v20.15.10

	jobs:
	cli:
	name: Release the CLI
	runs-on: ubuntu-latest

	# https://docs.github.com/en/actions/reference/authentication-in-a-workflow
	permissions:
	id-token: write
	contents: write

	steps:
	- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
	with:
	egress-policy: audit

	- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

	- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
	with:
	go-version-file: './go.mod'
	check-latest: true

	- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0

	- uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
	with:
	version: latest
	install-only: true

	# Federate to create a token to authenticate with the homebrew-tap repository.
	- uses: octo-sts/action@6177b4481c00308b3839969c3eca88c96a91775f # v1.0.0
	id: octo-sts
	with:
	scope: chainguard-dev/homebrew-tap
	identity: melange

	- name: Release
	run: make release
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.octo-sts.outputs.token }}

	ko-build:
	name: Release melange image
	runs-on: ubuntu-latest
	needs:
	- cli

	# https://docs.github.com/en/actions/reference/authentication-in-a-workflow
	permissions:
	id-token: write
	packages: write
	contents: read

	env:
	KO_DOCKER_REPO: ghcr.io/${{ github.repository }}
	COSIGN_YES: "true"

	steps:
	- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
	with:
	egress-policy: audit

	- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

	- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
	with:
	go-version-file: './go.mod'
	check-latest: true

	- uses: ko-build/setup-ko@3aebd0597dc1e9d1a26bcfdb7cbeb19c131d3037 # v0.7

	- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0

	- uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ github.token }}

	- name: Publish/Sign melange image
	run: \|
	make sign-image

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #1595 from imjasonh/bump-apko-2 #64

Workflow file

Merge pull request #1595 from imjasonh/bump-apko-2 #64

Jobs

Run details

Workflow file for this run