Build #164

Workflow file for this run

	name: Build

	on:
	workflow_run:
	workflows: ["test"]
	branches: [main]
	types:
	- completed
	workflow_dispatch:

	permissions:
	contents: read

	env:
	GO_VERSION: 1.22
	MAGEARGS: -v -d build/magefiles -w .

	jobs:
	check_release:
	permissions:
	contents: write
	pull-requests: write
	if: ${{ github.event.workflow_run.conclusion == 'success' }}
	runs-on: ubuntu-latest
	outputs:
	release_created: ${{ steps.release_please.outputs.release_created }}
	release_tag: ${{ steps.release_please.outputs.tag_name }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v1
	with:
	egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
	- name: Run release please
	uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4
	id: release_please
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	build:
	needs: check_release
	permissions:
	contents: write
	runs-on: ubuntu-latest
	strategy:
	matrix:
	arch: [amd64,arm,arm64]
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v1
	with:
	egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
	- name: Set app version for release
	if: ${{ needs.check_release.outputs.release_created }}
	run: echo "APPVERSION=${{ needs.check_release.outputs.release_tag }}" >> $GITHUB_ENV
	- name: Checkout source
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
	with:
	fetch-depth: 0
	- name: Setup Go
	id: setup_go
	uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5
	with:
	go-version: ${{ env.GO_VERSION }}
	- name: Install Mage
	uses: magefile/mage-action@6a5dcb5fe61f43d7c08a98bc3cf9bc63c308c08e # v3
	with:
	install-only: true
	- name: Build with Mage
	run: mage ${MAGEARGS} build:ci
	env:
	TARGETARCH: ${{ matrix.arch }}
	- name: Package with Mage
	run: mage ${MAGEARGS} package:ci
	env:
	TARGETARCH: ${{ matrix.arch }}
	- name: Install cosign
	id: cosign_install
	uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3
	with:
	cosign-release: 'v2.2.2'
	- name: Sign artifacts with cosign
	id: cosign_sign
	shell: bash
	run: \|
	shopt -s nullglob
	echo Need to sign dist/pkg/.{rpm,deb,zst} fyne-cross/dist/linux-${{ matrix.arch }}/.tar.xz
	for artifact in dist/pkg/.{rpm,deb,zst} fyne-cross/dist/linux-${{ matrix.arch }}/.tar.xz; do
	echo Signing ${artifact}
	cosign --verbose=true sign-blob --yes --key cosign.key --output-signature=${artifact}.sig ${artifact}
	done
	env:
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
	- name: Upload build artifacts
	id: upload_artifacts
	if: ${{ ! needs.check_release.outputs.release_created }}
	uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
	with:
	name: build-${{ matrix.arch }}-${{ github.sha }}
	path: \|
	dist/pkg
	fyne-cross/dist/linux-${{ matrix.arch }}
	- name: Upload release artifacts
	id: upload_release
	if: ${{ needs.check_release.outputs.release_created }}
	run: \|
	gh release upload ${{ needs.check_release.outputs.release_tag }} dist/pkg/*.{rpm,deb,zst,sig}
	gh release upload ${{ needs.check_release.outputs.release_tag }} fyne-cross/dist/linux-${{ matrix.arch }}/*-${{ matrix.arch }}.tar.xz{,.sig}
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	build_container:
	needs: check_release
	permissions:
	contents: write
	packages: write
	runs-on: ubuntu-20.04
	strategy:
	matrix:
	platform:
	- linux/amd64
	- linux/arm/v7
	- linux/arm64
	env:
	REGISTRY: ghcr.io
	IMAGE: ${{ github.repository }}
	steps:
	- name: Checkout repo
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
	with:
	fetch-depth: 0
	- name: Set up environment
	run: \|
	echo "APPVERSION=$(git describe --tags --always --dirty)" >> $GITHUB_ENV
	- name: Set app version for release
	if: ${{ needs.check_release.outputs.release_created }}
	run: echo "APPVERSION=${{ needs.check_release.outputs.release_tag }}" >> $GITHUB_ENV
	- name: Set up QEMU
	uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3
	- name: Log in to the Container registry
	id: registry_login
	uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Get Docker metadata
	id: docker_metadata
	uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5
	with:
	images: \|
	${{ env.REGISTRY }}/${{ env.IMAGE }}
	tags: \|
	type=raw,value=latest
	type=edge
	type=sha
	type=ref,event=branch
	type=ref,event=pr
	type=schedule
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
	type=raw,value=${{ env.APPVERSION }}
	- name: Build container image
	id: build_image
	uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v5
	with:
	context: .
	push: true
	tags: ${{ steps.docker_metadata.outputs.tags }}
	labels: ${{ steps.docker_metadata.outputs.labels }}
	platforms: ${{ matrix.platform }}
	build-args: \|
	GO_VERSION=${GO_VERSION}
	- name: Check and install cosign
	uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3
	with:
	cosign-release: 'v2.2.2'
	- name: Sign image with a key
	env:
	DIGEST: ${{ steps.build_image.outputs.digest }}
	TAGS: ${{ steps.docker_metadata.outputs.tags }}
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
	run: \|
	images=""
	for tag in ${TAGS}; do
	images+="${tag}@${DIGEST} "
	done
	cosign --verbose=true sign --yes --key cosign.key \
	-a "repo=${{ github.repository }}" \
	-a "ref=${{ github.ref }}" \
	${images}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build #164

Workflow file

Build #164

Jobs

Run details

Workflow file for this run