terraformDummyRepo2/.github/workflows/release.yml

# This GitHub action can publish assets for release when a tag is created.
# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
#
# This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your 
# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
# secret. If you would rather own your own GPG handling, please fork this action
# or use an alternative one for key handling.
#
# You will need to pass the `--batch` flag to `gpg` in your signing step 
# in `goreleaser` to indicate this is being used in a non-interactive mode.
#
name: release
on:
  push:
    tags:
      - 'v*'
jobs:
  goreleaser:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Unshallow
        run: git fetch --prune --unshallow
      - name: Set up Go
        uses: actions/setup-go@v4
        with:
          go-version: 1.18
      - name: Import GPG key
        id: import_gpg
        uses: crazy-max/ghaction-import-gpg@v5.3.0
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.PASSPHRASE }}
      - name: setup-syft
        run: |
          curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | \
          sh -s -- -b /usr/local/bin v0.64.0
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v4.2.0
        with:
          version: latest
          args: release --rm-dist
        env:
          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
          # GitHub sets this automatically
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
add autogenerated docs, github releaser and workflows 2022-04-03 04:06:54 +00:00			`# This GitHub action can publish assets for release when a tag is created.`
			`# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).`
			`#`
			`# This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your`
			# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
			`# secret. If you would rather own your own GPG handling, please fork this action`
			`# or use an alternative one for key handling.`
			`#`
			# You will need to pass the `--batch` flag to `gpg` in your signing step
			# in `goreleaser` to indicate this is being used in a non-interactive mode.
			`#`
			`name: release`
			`on:`
			`push:`
			`tags:`
			`- 'v*'`
			`jobs:`
			`goreleaser:`
			`runs-on: ubuntu-latest`
			`steps:`
try to publish sbom with next release 2022-12-24 17:37:41 +00:00			`- name: Checkout`
add autogenerated docs, github releaser and workflows 2022-04-03 04:06:54 +00:00			`uses: actions/checkout@v3`
try to publish sbom with next release 2022-12-24 17:37:41 +00:00			`- name: Unshallow`
add autogenerated docs, github releaser and workflows 2022-04-03 04:06:54 +00:00			`run: git fetch --prune --unshallow`
try to publish sbom with next release 2022-12-24 17:37:41 +00:00			`- name: Set up Go`
Bump actions/setup-go from 3 to 4 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> 2023-03-20 20:22:19 +00:00			`uses: actions/setup-go@v4`
add autogenerated docs, github releaser and workflows 2022-04-03 04:06:54 +00:00			`with:`
updated goreleaser and go version 2022-06-12 14:36:21 +00:00			`go-version: 1.18`
try to publish sbom with next release 2022-12-24 17:37:41 +00:00			`- name: Import GPG key`
add autogenerated docs, github releaser and workflows 2022-04-03 04:06:54 +00:00			`id: import_gpg`
Bump crazy-max/ghaction-import-gpg from 5.2.0 to 5.3.0 Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases) - [Commits](https://github.com/crazy-max/ghaction-import-gpg/compare/v5.2.0...v5.3.0) --- updated-dependencies: - dependency-name: crazy-max/ghaction-import-gpg dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2023-05-08 21:01:02 +00:00			`uses: crazy-max/ghaction-import-gpg@v5.3.0`
updated GHA Update to v2 SDK updated dependencies 2022-08-06 14:21:18 +00:00			`with:`
			`gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}`
			`passphrase: ${{ secrets.PASSPHRASE }}`
try to publish sbom with next release 2022-12-24 17:37:41 +00:00			`- name: setup-syft`
			`run: \|`
			`curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh \| \`
			`sh -s -- -b /usr/local/bin v0.64.0`
			`- name: Run GoReleaser`
update goreleaser version 2023-01-31 19:40:16 +00:00			`uses: goreleaser/goreleaser-action@v4.2.0`
add autogenerated docs, github releaser and workflows 2022-04-03 04:06:54 +00:00			`with:`
			`version: latest`
			`args: release --rm-dist`
			`env:`
			`GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}`
			`# GitHub sets this automatically`
			`GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`