name: Release on: push: branches: - main paths: - 'src/**' - 'packages/**' - '.github/workflows/**' jobs: changelog: runs-on: macos-latest outputs: version: ${{ steps.changelog.outputs.version }} body: ${{ steps.changelog.outputs.clean_changelog }} tag: ${{ steps.changelog.outputs.tag }} skipped: ${{ steps.changelog.outputs.skipped }} steps: - name: Checkout code 👋 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Create changelog ✍️ id: changelog uses: TriPSs/conventional-changelog-action@3c4970b6573374889b897403d2f1278c395ea0df with: github-token: ${{ secrets.github_token }} skip-version-file: "true" output-file: "false" skip-commit: "true" skip-on-empty: "true" artifacts: needs: changelog if: ${{ needs.changelog.outputs.skipped == 'false' }} runs-on: windows-latest defaults: run: shell: pwsh working-directory: ${{ github.workspace }}/src steps: - name: Checkout code 👋 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Install Go 🗳 uses: ./.github/workflows/composite/bootstrap-go - name: Tag HEAD 😸 run: | git config --global user.name "GitHub Actions" git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" git tag ${{ needs.changelog.outputs.tag }} - name: Prerequisites 🔐 run: | $PSDefaultParameterValues['Out-File:Encoding']='UTF8' $shaSigningKeyLocation = Join-Path -Path $env:RUNNER_TEMP -ChildPath sha_signing_key.pem $env:SIGNING_KEY > $shaSigningKeyLocation Write-Output "SHA_SIGNING_KEY_LOCATION=$shaSigningKeyLocation" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append # install code signing dlib nuget.exe install Microsoft.Trusted.Signing.Client -Version 1.0.60 -ExcludeVersion -OutputDirectory $env:RUNNER_TEMP Write-Output "SIGNTOOLDLIB=$env:RUNNER_TEMP/Microsoft.Trusted.Signing.Client/bin/x64/Azure.CodeSigning.Dlib.dll" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append # requires Windows Dev Kit 10.0.22621.0 $signtool = 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/signtool.exe' Write-Output "SIGNTOOL=$signtool" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append # openssl $openssl = 'C:/Program Files/Git/usr/bin/openssl.exe' Write-Output "OPENSSL=$openssl" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append env: SIGNING_KEY: ${{ secrets.SIGNING_KEY }} - name: Run GoReleaser 🚀 uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf with: distribution: goreleaser version: v2.3.2 args: release --clean --skip publish workdir: src env: AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - name: Zip theme files 🤐 run: | $compress = @{ Path = "../themes/*.omp.*" CompressionLevel = "Fastest" DestinationPath = "./dist/themes.zip" } Compress-Archive @compress - name: Add hashes 🤫 run: | Get-ChildItem ./dist -Exclude *.yaml,*.sig | Get-Unique | Foreach-Object { $zipHash = Get-FileHash $_.FullName -Algorithm SHA256 $zipHash.Hash | Out-File -Encoding 'UTF8' "./dist/$($_.Name).sha256" } - name: Release 🎓 uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 with: tag_name: ${{ needs.changelog.outputs.tag }} body: ${{ needs.changelog.outputs.body }} fail_on_unmatched_files: true token: ${{ secrets.GH_PAT }} files: | src/dist/posh-* src/dist/themes.* src/dist/checksums.*