Skip to content

Generate trusted_root.json in the TUF server (#1235) #83

Generate trusted_root.json in the TUF server (#1235)

Generate trusted_root.json in the TUF server (#1235) #83

Workflow file for this run

name: Release
on:
push:
tags:
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
jobs:
release:
runs-on: ubuntu-latest
permissions:
id-token: write
packages: write
contents: write
env:
GOPATH: ${{ github.workspace }}
GO111MODULE: on
COSIGN_EXPERIMENTAL: "true"
steps:
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: '1.22'
check-latest: true
- name: Install ko
uses: ko-build/setup-ko@3aebd0597dc1e9d1a26bcfdb7cbeb19c131d3037 # v0.7
- name: Install cosign
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
- name: Install GoReleaser
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v3.1.0
with:
install-only: true
- name: Log into ghcr.io
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Check out code onto GOPATH
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 1
path: ./src/github.com/${{ github.repository }}
- name: Get TAG
id: get_tag
run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
- name: Run goreleaser
working-directory: ./src/github.com/${{ github.repository }}
run: goreleaser release --clean --timeout 120m
env:
GIT_TAG: ${{ steps.get_tag.outputs.TAG }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}