mirror of
https://github.com/block/goose.git
synced 2026-05-21 02:10:14 +00:00
150 lines
4.8 KiB
YAML
150 lines
4.8 KiB
YAML
# This workflow is main release, needs to be manually tagged & pushed.
|
|
on:
|
|
push:
|
|
paths-ignore:
|
|
- "documentation/**"
|
|
tags:
|
|
- "v1.*"
|
|
|
|
name: Release
|
|
|
|
# Permissions needed for AWS OIDC authentication in called workflows
|
|
permissions:
|
|
id-token: write # Required for AWS OIDC authentication in called workflow
|
|
contents: write # Required for creating releases and by actions/checkout
|
|
actions: read # May be needed for some workflows
|
|
attestations: write # Required for SLSA build provenance attestations
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
# ------------------------------------
|
|
# 1) Build CLI for multiple OS/Arch
|
|
# ------------------------------------
|
|
build-cli:
|
|
uses: ./.github/workflows/build-cli.yml
|
|
|
|
# ------------------------------------
|
|
# 2) Upload Install CLI Script
|
|
# ------------------------------------
|
|
install-script:
|
|
name: Upload Install Script
|
|
runs-on: ubuntu-latest
|
|
needs: [build-cli]
|
|
steps:
|
|
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
|
with:
|
|
name: download_cli.sh
|
|
path: download_cli.sh
|
|
|
|
# ------------------------------------------------------------
|
|
# 3) Bundle Desktop App (macOS)
|
|
# ------------------------------------------------------------
|
|
bundle-desktop:
|
|
uses: ./.github/workflows/bundle-desktop.yml
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
with:
|
|
signing: true
|
|
secrets:
|
|
OSX_CODESIGN_ROLE: ${{ secrets.OSX_CODESIGN_ROLE }}
|
|
|
|
# ------------------------------------------------------------
|
|
# 4) Bundle Desktop App (macOS)
|
|
# ------------------------------------------------------------
|
|
bundle-desktop-intel:
|
|
uses: ./.github/workflows/bundle-desktop-intel.yml
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
with:
|
|
signing: true
|
|
secrets:
|
|
OSX_CODESIGN_ROLE: ${{ secrets.OSX_CODESIGN_ROLE }}
|
|
|
|
# ------------------------------------------------------------
|
|
# 5) Bundle Desktop App (Linux)
|
|
# ------------------------------------------------------------
|
|
bundle-desktop-linux:
|
|
uses: ./.github/workflows/bundle-desktop-linux.yml
|
|
|
|
# # ------------------------------------------------------------
|
|
# # 6) Bundle Desktop App (Windows)
|
|
# # ------------------------------------------------------------
|
|
bundle-desktop-windows:
|
|
uses: ./.github/workflows/bundle-desktop-windows.yml
|
|
with:
|
|
signing: true
|
|
secrets:
|
|
WINDOWS_CODESIGN_CERTIFICATE: ${{ secrets.WINDOWS_CODESIGN_CERTIFICATE }}
|
|
WINDOW_SIGNING_ROLE: ${{ secrets.WINDOW_SIGNING_ROLE }}
|
|
WINDOW_SIGNING_ROLE_TAG: ${{ secrets.WINDOW_SIGNING_ROLE_TAG }}
|
|
|
|
# ------------------------------------
|
|
# 7) Create/Update GitHub Release
|
|
# ------------------------------------
|
|
release:
|
|
name: Release
|
|
runs-on: ubuntu-latest
|
|
needs: [build-cli, install-script, bundle-desktop, bundle-desktop-intel, bundle-desktop-linux, bundle-desktop-windows]
|
|
permissions:
|
|
contents: write
|
|
id-token: write # Required for Sigstore OIDC signing
|
|
attestations: write # Required for SLSA build provenance attestations
|
|
steps:
|
|
- name: Download all artifacts
|
|
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
|
with:
|
|
merge-multiple: true
|
|
|
|
- name: Attest build provenance
|
|
uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
|
|
with:
|
|
subject-path: |
|
|
goose-*.tar.bz2
|
|
goose-*.zip
|
|
Goose*.zip
|
|
*.deb
|
|
*.rpm
|
|
*.flatpak
|
|
download_cli.sh
|
|
|
|
# Create/update the versioned release
|
|
- name: Release versioned
|
|
uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
artifacts: |
|
|
goose-*.tar.bz2
|
|
goose-*.zip
|
|
Goose*.zip
|
|
*.deb
|
|
*.rpm
|
|
*.flatpak
|
|
download_cli.sh
|
|
allowUpdates: true
|
|
omitBody: true
|
|
omitPrereleaseDuringUpdate: true
|
|
|
|
# Create/update the stable release
|
|
- name: Release stable
|
|
uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0
|
|
with:
|
|
tag: stable
|
|
name: Stable
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
artifacts: |
|
|
goose-*.tar.bz2
|
|
goose-*.zip
|
|
Goose*.zip
|
|
*.deb
|
|
*.rpm
|
|
*.flatpak
|
|
download_cli.sh
|
|
allowUpdates: true
|
|
omitBody: true
|
|
omitPrereleaseDuringUpdate: true
|