name: Release on: push: branches: - main paths: - 'src/**' - 'packages/**' - '.github/workflows/**' jobs: changelog: runs-on: macos-latest outputs: version: ${{ steps.changelog.outputs.version }} body: ${{ steps.changelog.outputs.clean_changelog }} tag: ${{ steps.changelog.outputs.tag }} skipped: ${{ steps.changelog.outputs.skipped }} steps: - name: Checkout code 👋 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Create changelog ✍️ id: changelog uses: TriPSs/conventional-changelog-action@3c4970b6573374889b897403d2f1278c395ea0df with: github-token: ${{ secrets.github_token }} skip-version-file: "true" output-file: "false" skip-commit: "true" skip-on-empty: "true" artifacts: needs: changelog if: ${{ needs.changelog.outputs.skipped == 'false' }} runs-on: windows-latest defaults: run: shell: pwsh working-directory: ${{ github.workspace }}/src steps: - name: Checkout code 👋 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Install Go 🗳 uses: ./.github/workflows/composite/bootstrap-go - name: Tag HEAD 😸 run: | git config --global user.name "GitHub Actions" git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" git tag ${{ needs.changelog.outputs.tag }} - name: Prerequisites 🔐 run: | $PSDefaultParameterValues['Out-File:Encoding']='UTF8' $shaSigningKeyLocation = Join-Path -Path $env:RUNNER_TEMP -ChildPath sha_signing_key.pem $env:SIGNING_KEY > $shaSigningKeyLocation Write-Output "SHA_SIGNING_KEY_LOCATION=$shaSigningKeyLocation" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append # create a base64 encoded value of your certificate using # [convert]::ToBase64String((Get-Content -path "certificate.pfx" -AsByteStream)) $pfxPath = Join-Path -Path $env:RUNNER_TEMP -ChildPath "code_signing_cert.pfx" $encodedBytes = [System.Convert]::FromBase64String($env:SIGNING_CERTIFICATE) Set-Content -Path $pfxPath -Value $encodedBytes -AsByteStream Write-Output "SIGNING_CERTIFICATE_LOCATION=$pfxPath" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append # requires Windows Dev Kit 10.0.22621.0 $signtool = 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x86/signtool.exe' Write-Output "SIGNTOOL=$signtool" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append # openssl $openssl = 'C:/Program Files/Git/usr/bin/openssl.exe' Write-Output "OPENSSL=$openssl" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append env: SIGNING_KEY: ${{ secrets.SIGNING_KEY }} SIGNING_CERTIFICATE: ${{ secrets.CERTIFICATE }} - name: Run GoReleaser 🚀 uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf with: distribution: goreleaser version: v2.3.2 args: release --clean --skip publish workdir: src env: SIGNING_CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }} - name: Zip theme files 🤐 run: | $compress = @{ Path = "../themes/*.omp.*" CompressionLevel = "Fastest" DestinationPath = "./dist/themes.zip" } Compress-Archive @compress - name: Add hashes 🤫 run: | Get-ChildItem ./dist -Exclude *.yaml,*.sig | Get-Unique | Foreach-Object { $zipHash = Get-FileHash $_.FullName -Algorithm SHA256 $zipHash.Hash | Out-File -Encoding 'UTF8' "./dist/$($_.Name).sha256" } - name: Release 🎓 uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 with: tag_name: ${{ needs.changelog.outputs.tag }} body: ${{ needs.changelog.outputs.body }} fail_on_unmatched_files: true token: ${{ secrets.GH_PAT }} files: | src/dist/posh-* src/dist/themes.* src/dist/checksums.*