Skip to content

v0.10.0

v0.10.0 #100

Workflow file for this run

name: release
on:
push:
tags:
- "v*.*.*"
jobs:
build-and-run-tests:
name: Build & run tests
runs-on: ubuntu-latest
steps:
- name: Checkout
# https://github.com/actions/checkout/tree/v4.1.1
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Get GO version
id: goversion
run: echo "goversion=$(<.goversion)" > "${GITHUB_OUTPUT}"
- name: Set up Go
# https://github.com/actions/setup-go/tree/v5.0.0
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
go-version: ${{steps.goversion.outputs.goversion}}
- name: Generate files
run: go generate ./...
- name: Build
run: go build ./...
- name: Run go vet
run: go vet ./...
- name: Run go tests
run: go test -failfast ./...
- name: Run go tests (noquic)
run: go test -failfast -tags noquic ./...
- name: Run go tests (-race)
run: go test -race -timeout=5m -failfast ./...
- name: Run govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest && govulncheck ./...
- name: Build test docker image
run: |
touch version.sh
docker build -t c2fmzq/tlsproxy:test .
docker run --rm --interactive c2fmzq/tlsproxy:test -v
create-release:
name: Create release
needs: build-and-run-tests
runs-on: ubuntu-latest
steps:
- name: Checkout
# https://github.com/actions/checkout/tree/v4.1.1
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Get GO version
id: goversion
run: echo "goversion=$(<.goversion)" > "${GITHUB_OUTPUT}"
- name: Set up Go
# https://github.com/actions/setup-go/tree/v5.0.0
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
go-version: ${{steps.goversion.outputs.goversion}}
- name: Extract release notes
run: |
./scripts/release-notes.sh "${GITHUB_REF_NAME}" > release-notes.md
if [[ $(stat -c %s release-notes.md) == 0 ]]; then
echo "No release notes for ${GITHUB_REF_NAME}. Please update CHANGELOG.md"
exit 1
fi
- name: Build release binaries
run: |
export GNUPGHOME="$(mktemp -d)"
chmod 700 "${GNUPGHOME}"
cleanup() {
rm -rf "${GNUPGHOME}"
}
trap cleanup EXIT
# The key is generated with:
# GPG_PASSPHRASE=$(dd if=/dev/random bs=32 count=1 | base64)
# gpg --passphrase "${GPG_PASSPHRASE}" --quick-generate-key c2FmZQ-bot ed25519 sign never
# gpg --local-user [email protected] --sign-key c2FmZQ-bot
# gpg --armor --export c2FmZQ-bot > keys/c2FmZQ-bot.pub
# gpg --passphrase "${GPG_PASSPHRASE}" --armor --export-secret-keys c2FmZQ-bot | base64 -w0
echo "${GPG_PRIVATE_KEY}" | base64 -d | gpg --batch --pinentry-mode loopback --passphrase "${GPG_PASSPHRASE}" --import
./scripts/build-release-binaries.sh
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Create release
# https://github.com/softprops/action-gh-release/releases/tag/v2.0.4
uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564
with:
token: ${{ secrets.UPDATE_TOKEN }}
draft: false
prerelease: ${{ contains(github.ref, '-') }}
body_path: release-notes.md
fail_on_unmatched_files: true
files: bin/*
push-to-registry:
name: Push image to docker hub
needs:
- build-and-run-tests
- create-release
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Check out the repo
# https://github.com/actions/checkout/tree/v4.1.1
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Install cosign
# https://github.com/sigstore/cosign-installer/releases/tag/v3.4.0
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4
- name: Cosign version
run: cosign version
- name: Log in to docker hub
# https://github.com/docker/login-action/tree/v3.0.0
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Get release version
run: |
echo "VERSION=${GITHUB_REF_NAME}" > version.sh
echo "BUILD_TAGS='$(echo ${GITHUB_REF_NAME} | sed -re 's/^v[^+]+[+]?//' -e 's/[.]/,/g')'" >> version.sh
- name: Set up QEMU
# https://github.com/docker/setup-qemu-action/releases/tag/v3.0.0
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3
- name: Set up Docker Buildx
# https://github.com/docker/setup-buildx-action/releases/tag/v3.0.0
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226
- name: Extract metadata (tags, labels) for Docker
id: meta
# https://github.com/docker/metadata-action/releases/tag/v5.0.0
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934
with:
images: c2fmzq/tlsproxy
flavor: ${{ (contains(github.ref, '+') || contains(github.ref, '-')) && 'latest=false' || 'latest=auto' }}
- name: Build and push docker image
# https://github.com/docker/build-push-action/releases/tag/v5.1.0
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56
id: build-and-push
with:
context: .
file: ./Dockerfile
push: true
platforms: linux/amd64,linux/arm64,linux/arm/v7
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Sign docker image
run: |
images=""
for tag in ${TAGS}; do
images+="${tag}@${DIGEST} "
done
# Sign with key
cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${images}
# Sign with oidc
unset COSIGN_PRIVATE_KEY COSIGN_PASSWORD
cosign sign --yes ${images}
env:
TAGS: ${{ steps.meta.outputs.tags }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
DIGEST: ${{ steps.build-and-push.outputs.digest }}