From d19ff6eb1eeca75e2bb3fbeaf473b3d0dc6ffc81 Mon Sep 17 00:00:00 2001 From: Carlos Alexandro Becker Date: Sun, 18 Sep 2022 21:31:33 -0300 Subject: [PATCH] chore: splitting workflows (#3386) split build & release workflows Signed-off-by: Carlos A Becker --- .github/workflows/build.yml | 72 +---------------------- .github/workflows/release.yml | 104 ++++++++++++++++++++++++++++++++++ 2 files changed, 106 insertions(+), 70 deletions(-) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 397bbf2c042..74c72aa3349 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -4,14 +4,10 @@ on: push: branches: - 'main' - tags: - - 'v*' pull_request: permissions: - contents: write - id-token: write - packages: write + contents: read jobs: govulncheck: @@ -20,34 +16,7 @@ jobs: uses: caarlos0/meta/.github/workflows/semgrep.yml@main ruleguard: uses: caarlos0/meta/.github/workflows/ruleguard.yml@main - goreleaser-check-pkgs: - runs-on: ubuntu-latest - env: - DOCKER_CLI_EXPERIMENTAL: "enabled" - needs: - - goreleaser - if: github.ref == 'refs/heads/main' - strategy: - matrix: - format: [ deb, rpm, apk ] - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3 - with: - fetch-depth: 0 - - uses: arduino/setup-task@ca745e18916de727f841ec824ac20a615f1cddea # v1 - with: - version: 3.x - repo-token: ${{ secrets.GITHUB_TOKEN }} - - uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 # v1 - - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # v3 - with: - path: | - ./dist/*.deb - ./dist/*.rpm - ./dist/*.apk - key: ${{ github.ref }} - - run: task goreleaser:test:${{ matrix.format }} - goreleaser: + test: runs-on: ubuntu-latest env: DOCKER_CLI_EXPERIMENTAL: "enabled" @@ -72,13 +41,6 @@ jobs: with: go-version: '1.19' cache: true - - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # v3 - with: - path: | - ./dist/*.deb - ./dist/*.rpm - ./dist/*.apk - key: ${{ github.ref }} - uses: sigstore/cosign-installer@v2.6.0 - uses: anchore/sbom-action/download-syft@v0.12.0 - name: setup-validate-krew-manifest @@ -96,33 +58,3 @@ jobs: file: ./coverage.txt - run: ./goreleaser check - run: git diff - - name: dockerhub-login - if: startsWith(github.ref, 'refs/tags/v') - uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: ghcr-login - if: startsWith(github.ref, 'refs/tags/v') - uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: snapcraft-login - if: startsWith(github.ref, 'refs/tags/v') - run: snapcraft login --with <(echo "${{ secrets.SNAPCRAFT_LOGIN }}") - - name: goreleaser-release - if: startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' - env: - GITHUB_TOKEN: ${{ secrets.GH_PAT }} - TWITTER_CONSUMER_KEY: ${{ secrets.TWITTER_CONSUMER_KEY }} - TWITTER_CONSUMER_SECRET: ${{ secrets.TWITTER_CONSUMER_SECRET }} - TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_ACCESS_TOKEN }} - TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} - COSIGN_PWD: ${{ secrets.COSIGN_PWD }} - FURY_TOKEN: ${{ secrets.FURY_TOKEN }} - DISCORD_WEBHOOK_ID: ${{ secrets.DISCORD_WEBHOOK_ID }} - DISCORD_WEBHOOK_TOKEN: ${{ secrets.DISCORD_WEBHOOK_TOKEN }} - AUR_KEY: ${{ secrets.AUR_KEY }} - run: task goreleaser diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000000..46b339c86b4 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,104 @@ +name: release + +on: + push: + branches: + - 'main' + tags: + - 'v*' + +permissions: + contents: write + id-token: write + packages: write + +jobs: + goreleaser-check-pkgs: + runs-on: ubuntu-latest + env: + DOCKER_CLI_EXPERIMENTAL: "enabled" + needs: + - goreleaser + if: github.ref == 'refs/heads/main' + strategy: + matrix: + format: [ deb, rpm, apk ] + steps: + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3 + with: + fetch-depth: 0 + - uses: arduino/setup-task@ca745e18916de727f841ec824ac20a615f1cddea # v1 + with: + version: 3.x + repo-token: ${{ secrets.GITHUB_TOKEN }} + - uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 # v1 + - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # v3 + with: + path: | + ./dist/*.deb + ./dist/*.rpm + ./dist/*.apk + key: ${{ github.ref }} + - run: task goreleaser:test:${{ matrix.format }} + goreleaser: + runs-on: ubuntu-latest + env: + DOCKER_CLI_EXPERIMENTAL: "enabled" + steps: + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3 + with: + fetch-depth: 0 + - uses: arduino/setup-task@ca745e18916de727f841ec824ac20a615f1cddea # v1 + with: + version: 3.x + repo-token: ${{ secrets.GITHUB_TOKEN }} + - uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 # v1 + - uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6 # v1 + - name: setup-snapcraft + # FIXME: the mkdirs are a hack for https://github.com/goreleaser/goreleaser/issues/1715 + run: | + sudo apt-get update + sudo apt-get -yq --no-install-suggests --no-install-recommends install snapcraft + mkdir -p $HOME/.cache/snapcraft/download + mkdir -p $HOME/.cache/snapcraft/stage-packages + - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3 + with: + go-version: '1.19' + cache: true + - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # v3 + with: + path: | + ./dist/*.deb + ./dist/*.rpm + ./dist/*.apk + key: ${{ github.ref }} + - uses: sigstore/cosign-installer@v2.6.0 + - uses: anchore/sbom-action/download-syft@v0.12.0 + - name: dockerhub-login + if: startsWith(github.ref, 'refs/tags/v') + uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: ghcr-login + if: startsWith(github.ref, 'refs/tags/v') + uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: snapcraft-login + run: snapcraft login --with <(echo "${{ secrets.SNAPCRAFT_LOGIN }}") + - name: goreleaser-release + env: + GITHUB_TOKEN: ${{ secrets.GH_PAT }} + TWITTER_CONSUMER_KEY: ${{ secrets.TWITTER_CONSUMER_KEY }} + TWITTER_CONSUMER_SECRET: ${{ secrets.TWITTER_CONSUMER_SECRET }} + TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_ACCESS_TOKEN }} + TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} + COSIGN_PWD: ${{ secrets.COSIGN_PWD }} + FURY_TOKEN: ${{ secrets.FURY_TOKEN }} + DISCORD_WEBHOOK_ID: ${{ secrets.DISCORD_WEBHOOK_ID }} + DISCORD_WEBHOOK_TOKEN: ${{ secrets.DISCORD_WEBHOOK_TOKEN }} + AUR_KEY: ${{ secrets.AUR_KEY }} + run: task goreleaser