Merge pull request #468 from SerheyDolgushev/fix/CVE-2024-32473 #1090
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| pull_request: | |
| push: | |
| permissions: | |
| contents: write | |
| id-token: write | |
| packages: write | |
| jobs: | |
| releaser: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| env: | |
| # We need to set DOCKER_CLI_EXPERIMENTAL=enabled for the docker manifest commands to work | |
| DOCKER_CLI_EXPERIMENTAL: "enabled" | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| # We need QEMU to use buildx and be able to build ARM Docker images | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Login into Github Docker Registry | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| - | |
| name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| - | |
| name: Set AUTOUPDATE_CHANNEL on tags | |
| run: echo "AUTOUPDATE_CHANNEL=stable" >> $GITHUB_ENV | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| - | |
| name: Prepare | |
| run: go generate ./ | |
| - | |
| name: Check Git status | |
| id: git | |
| run: | | |
| RESULT=$(git status --untracked-files=no --porcelain) | |
| echo "gitstatus=$RESULT" >> $GITHUB_OUTPUT | |
| - | |
| name: Check if go prepare updated generated Go code | |
| if: steps.git.outputs.gitstatus != '' && startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| echo '"go generate" changed some Go generated code, run "symfony cloud:self-update" then "go generate ./" locally and make a Pull Request with the changes' | |
| git diff | |
| exit 1 | |
| - | |
| name: Test | |
| run: go test -v ./... | |
| - name: Validate build | |
| run: go run . | |
| - | |
| name: Set up cosign | |
| uses: sigstore/cosign-installer@v3 | |
| - | |
| name: Run GoReleaser for snapshot | |
| uses: goreleaser/goreleaser-action@v5 | |
| # only for PRs and push on branches | |
| if: ${{ !startsWith(github.ref, 'refs/tags/v') }} | |
| with: | |
| version: latest | |
| args: release --clean --snapshot --skip-publish --skip-sign | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - | |
| name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v5 | |
| # only for tags | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| with: | |
| version: latest | |
| args: release --clean | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| TAP_GITHUB_TOKEN: ${{ secrets.GH_PAT }} | |
| - | |
| name: Archive binaries | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| retention-days: 5 | |
| name: binaries | |
| path: dist | |
| - | |
| name: Archive Linux binary | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| retention-days: 5 | |
| name: linux-binary | |
| path: dist/symfony-cli_linux_amd64.tar.gz | |
| - | |
| name: Install Cloudsmith CLI | |
| run: pip install --upgrade cloudsmith-cli | |
| - | |
| name: Cloudsmith Uploads | |
| env: | |
| CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| for filename in dist/*.deb; do | |
| cloudsmith push deb symfony/stable/any-distro/any-version $filename | |
| done | |
| for filename in dist/*.rpm; do | |
| cloudsmith push rpm symfony/stable/any-distro/any-version $filename | |
| done | |
| for filename in dist/*.apk; do | |
| cloudsmith push alpine symfony/stable/alpine/any-version $filename | |
| done |