mirror of
https://github.com/alibaba/open-code-review.git
synced 2026-07-09 17:28:58 +00:00
Sigstore provenance verification only supports GitHub-hosted runners, causing E422 on publish. Remove --provenance and the unused id-token permission.
107 lines
2.8 KiB
YAML
107 lines
2.8 KiB
YAML
name: Release
|
|
|
|
on:
|
|
push:
|
|
tags: ['v*']
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: self-hosted
|
|
container:
|
|
image: golang:1.26.4
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- goos: linux
|
|
goarch: amd64
|
|
- goos: linux
|
|
goarch: arm64
|
|
- goos: darwin
|
|
goarch: amd64
|
|
- goos: darwin
|
|
goarch: arm64
|
|
- goos: windows
|
|
goarch: amd64
|
|
- goos: windows
|
|
goarch: arm64
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Trust workspace
|
|
run: git config --global safe.directory '*'
|
|
|
|
- name: Build
|
|
env:
|
|
GOOS: ${{ matrix.goos }}
|
|
GOARCH: ${{ matrix.goarch }}
|
|
CGO_ENABLED: '0'
|
|
run: |
|
|
VERSION=${GITHUB_REF_NAME}
|
|
GIT_COMMIT=$(git rev-parse --short HEAD)
|
|
BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
|
|
LD_FLAGS="-s -w -X main.Version=${VERSION} -X main.GitCommit=${GIT_COMMIT} -X main.BuildDate=${BUILD_DATE}"
|
|
BIN_NAME=opencodereview-${{ matrix.goos }}-${{ matrix.goarch }}
|
|
if [ "${{ matrix.goos }}" = "windows" ]; then
|
|
BIN_NAME="${BIN_NAME}.exe"
|
|
fi
|
|
go build -ldflags "${LD_FLAGS}" -o "${BIN_NAME}" ./cmd/opencodereview
|
|
echo "bin_name=${BIN_NAME}" >> $GITHUB_ENV
|
|
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: binary-${{ matrix.goos }}-${{ matrix.goarch }}
|
|
path: ${{ env.bin_name }}
|
|
|
|
release:
|
|
needs: build
|
|
runs-on: self-hosted
|
|
container:
|
|
image: ubuntu:24.04
|
|
steps:
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
pattern: binary-*
|
|
merge-multiple: true
|
|
|
|
- name: Generate checksums
|
|
run: sha256sum opencodereview-* | sort > sha256sum.txt
|
|
|
|
- name: Create GitHub Release
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
files: |
|
|
opencodereview-*
|
|
sha256sum.txt
|
|
generate_release_notes: true
|
|
|
|
npm-publish:
|
|
needs: release
|
|
runs-on: self-hosted
|
|
container:
|
|
image: node:20
|
|
permissions:
|
|
contents: read
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Trust workspace
|
|
run: git config --global safe.directory '*'
|
|
|
|
- name: Install jq
|
|
run: apt-get update && apt-get install -y jq
|
|
|
|
- name: Inject version from tag
|
|
run: jq --arg v "${GITHUB_REF_NAME#v}" '.version = $v' package.json > package.json.tmp && mv package.json.tmp package.json
|
|
|
|
- name: Configure npm registry
|
|
run: echo "//registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}" > ~/.npmrc
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
|
|
- name: Publish to npm
|
|
run: npm publish --access public
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|