Release #624
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| schedule: | |
| - cron: '0 0 * * 1' # every Monday at 00:00 UTC | |
| workflow_dispatch: | |
| permissions: {} | |
| jobs: | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| # https://docs.github.com/en/actions/reference/authentication-in-a-workflow | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Check if any changes since last release | |
| id: check | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| git fetch --tags | |
| TAG=$(git tag --points-at HEAD) | |
| if [ -z "$TAG" ]; then | |
| echo "No tag points at HEAD, checking if changes warrant a release." | |
| # Get the last release tag | |
| LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "") | |
| if [ -n "$LAST_TAG" ]; then | |
| echo "Last release tag: $LAST_TAG" | |
| # Get all changed files since last tag | |
| CHANGED_FILES=$(git diff --name-only "$LAST_TAG"..HEAD) | |
| # Only release if changes include .go files, go.mod, go.sum, or LICENSE | |
| RELEASE_WORTHY_CHANGES=$(echo "$CHANGED_FILES" | grep -E '(\.go$|^go\.mod$|^go\.sum$|^LICENSE$)' || true) | |
| if [ -z "$RELEASE_WORTHY_CHANGES" ]; then | |
| echo "No Go source files, go.mod, go.sum, or LICENSE changed since last release. Skipping release." | |
| echo "need_release=no" >> $GITHUB_OUTPUT | |
| else | |
| echo "Found release-worthy changes since last release:" | |
| echo "$RELEASE_WORTHY_CHANGES" | |
| echo "need_release=yes" >> $GITHUB_OUTPUT | |
| fi | |
| else | |
| echo "No previous tags found. Creating first release." | |
| echo "need_release=yes" >> $GITHUB_OUTPUT | |
| fi | |
| else | |
| RELEASE=$(gh release view "$TAG" --json tagName --jq '.tagName' || echo "none") | |
| if [ "$RELEASE" == "$TAG" ]; then | |
| echo "A release exists for tag $TAG, which has the latest changes, so no need for a new tag or release." | |
| echo "need_release=no" >> $GITHUB_OUTPUT | |
| else | |
| echo "Tag $TAG exists, but no release is associated. Need a new release." | |
| echo "need_release=yes" >> $GITHUB_OUTPUT | |
| echo "existing_tag=$TAG" >> $GITHUB_OUTPUT | |
| fi | |
| fi | |
| - name: Bump version and push tag | |
| id: create_tag | |
| uses: mathieudutour/github-tag-action@a22cf08638b34d5badda920f9daf6e72c477b07b # v6.2 | |
| if: steps.check.outputs.need_release == 'yes' && steps.check.outputs.existing_tag == '' | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| if: steps.check.outputs.need_release == 'yes' | |
| with: | |
| ref: ${{ steps.check.outputs.existing_tag || steps.create_tag.outputs.new_tag }} | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| if: steps.check.outputs.need_release == 'yes' | |
| with: | |
| go-version-file: './go.mod' | |
| check-latest: true | |
| # Cosign is used by goreleaser to sign release artifacts. | |
| - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 | |
| if: steps.check.outputs.need_release == 'yes' | |
| with: | |
| # https://github.com/goreleaser/goreleaser/issues/6195 | |
| cosign-release: "v2.6.1" | |
| - uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 | |
| if: steps.check.outputs.need_release == 'yes' | |
| with: | |
| version: latest | |
| install-only: true | |
| - name: Release | |
| if: steps.check.outputs.need_release == 'yes' | |
| run: make release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| TAG: ${{ steps.check.outputs.existing_tag || steps.create_tag.outputs.new_tag }} |