mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-23 09:06:29 +01:00
2b90cdba52
* ci: reject tags if not signed by Matthew Holt's key * ci: don't reject tags if an intermediate commits are not signed
93 lines
3 KiB
YAML
93 lines
3 KiB
YAML
name: Release
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v*.*.*'
|
|
|
|
jobs:
|
|
release:
|
|
name: Release
|
|
strategy:
|
|
matrix:
|
|
os: [ ubuntu-latest ]
|
|
go: [ '1.15' ]
|
|
runs-on: ${{ matrix.os }}
|
|
|
|
steps:
|
|
- name: Install Go
|
|
uses: actions/setup-go@v2
|
|
with:
|
|
go-version: ${{ matrix.go }}
|
|
|
|
- name: Checkout code
|
|
uses: actions/checkout@v2
|
|
|
|
# So GoReleaser can generate the changelog properly
|
|
- name: Unshallowify the repo clone
|
|
run: git fetch --prune --unshallow
|
|
|
|
# https://github.community/t5/GitHub-Actions/How-to-get-just-the-tag-name/m-p/32167/highlight/true#M1027
|
|
- name: Print Go version and environment
|
|
id: vars
|
|
run: |
|
|
printf "Using go at: $(which go)\n"
|
|
printf "Go version: $(go version)\n"
|
|
printf "\n\nGo environment:\n\n"
|
|
go env
|
|
printf "\n\nSystem environment:\n\n"
|
|
env
|
|
echo "::set-output name=version_tag::${GITHUB_REF/refs\/tags\//}"
|
|
echo "::set-output name=short_sha::$(git rev-parse --short HEAD)"
|
|
echo "::set-output name=go_cache::$(go env GOCACHE)"
|
|
|
|
# Parse semver
|
|
TAG=${GITHUB_REF/refs\/tags\//}
|
|
SEMVER_RE='[^0-9]*\([0-9]*\)[.]\([0-9]*\)[.]\([0-9]*\)\([0-9A-Za-z\.-]*\)'
|
|
TAG_MAJOR=`echo ${TAG#v} | sed -e "s#$SEMVER_RE#\1#"`
|
|
TAG_MINOR=`echo ${TAG#v} | sed -e "s#$SEMVER_RE#\2#"`
|
|
TAG_PATCH=`echo ${TAG#v} | sed -e "s#$SEMVER_RE#\3#"`
|
|
TAG_SPECIAL=`echo ${TAG#v} | sed -e "s#$SEMVER_RE#\4#"`
|
|
echo "::set-output name=tag_major::${TAG_MAJOR}"
|
|
echo "::set-output name=tag_minor::${TAG_MINOR}"
|
|
echo "::set-output name=tag_patch::${TAG_PATCH}"
|
|
echo "::set-output name=tag_special::${TAG_SPECIAL}"
|
|
|
|
- name: Validate commits and tag signatures
|
|
run: |
|
|
|
|
# Import Matt Holt's key
|
|
curl 'https://github.com/mholt.gpg' | gpg --import
|
|
|
|
echo "Verifying the tag: ${{ steps.vars.outputs.version_tag }}"
|
|
# tags are only accepted if signed by Matt's key
|
|
git verify-tag "${{ steps.vars.outputs.version_tag }}" || exit 1
|
|
|
|
- name: Cache the build cache
|
|
uses: actions/cache@v2
|
|
with:
|
|
path: ${{ steps.vars.outputs.go_cache }}
|
|
key: ${{ runner.os }}-go${{ matrix.go }}-release-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go${{ matrix.go }}-release
|
|
|
|
# GoReleaser will take care of publishing those artifacts into the release
|
|
- name: Run GoReleaser
|
|
uses: goreleaser/goreleaser-action@v2
|
|
with:
|
|
version: latest
|
|
args: release --rm-dist
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
TAG: ${{ steps.vars.outputs.version_tag }}
|
|
|
|
# Only publish on non-special tags (e.g. non-beta)
|
|
- name: Publish .deb to Gemfury
|
|
if: ${{ steps.vars.outputs.tag_special == '' }}
|
|
env:
|
|
GEMFURY_PUSH_TOKEN: ${{ secrets.GEMFURY_PUSH_TOKEN }}
|
|
run: |
|
|
for filename in dist/*.deb; do
|
|
curl -F package=@"$filename" https://${GEMFURY_PUSH_TOKEN}:@push.fury.io/caddy/
|
|
done
|
|
|