oh-my-posh/.github/workflows/release.yml
dependabot[bot] bbaaaefdbb
Some checks failed
Code QL / code-ql (push) Has been cancelled
Release / changelog (push) Has been cancelled
Release / artifacts (push) Has been cancelled
chore: bump actions/checkout from 4.1.7 to 4.2.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](692973e3d9...d632683dd7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-26 00:28:27 +00:00

110 lines
4.3 KiB
YAML

name: Release
on:
push:
branches:
- main
paths:
- 'src/**'
- 'packages/**'
- '.github/workflows/**'
jobs:
changelog:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.changelog.outputs.version }}
body: ${{ steps.changelog.outputs.clean_changelog }}
tag: ${{ steps.changelog.outputs.tag }}
skipped: ${{ steps.changelog.outputs.skipped }}
steps:
- name: Checkout code 👋
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Create changelog ✍️
id: changelog
uses: TriPSs/conventional-changelog-action@3a392e9aa44a72686b0fc13259a90d287dd0877c
with:
github-token: ${{ secrets.github_token }}
skip-version-file: "true"
output-file: "false"
skip-commit: "true"
skip-on-empty: "true"
artifacts:
needs: changelog
if: ${{ needs.changelog.outputs.skipped == 'false' }}
runs-on: windows-latest
defaults:
run:
shell: pwsh
working-directory: ${{ github.workspace }}/src
steps:
- name: Checkout code 👋
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Install Go 🗳
uses: ./.github/workflows/composite/bootstrap-go
- name: Tag HEAD 😸
run: |
git config --global user.name "GitHub Actions"
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
git tag ${{ needs.changelog.outputs.tag }}
- name: Prerequisites 🔐
run: |
$PSDefaultParameterValues['Out-File:Encoding']='UTF8'
$shaSigningKeyLocation = Join-Path -Path $env:RUNNER_TEMP -ChildPath sha_signing_key.pem
$env:SIGNING_KEY > $shaSigningKeyLocation
Write-Output "SHA_SIGNING_KEY_LOCATION=$shaSigningKeyLocation" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
# create a base64 encoded value of your certificate using
# [convert]::ToBase64String((Get-Content -path "certificate.pfx" -AsByteStream))
$pfxPath = Join-Path -Path $env:RUNNER_TEMP -ChildPath "code_signing_cert.pfx"
$encodedBytes = [System.Convert]::FromBase64String($env:SIGNING_CERTIFICATE)
Set-Content -Path $pfxPath -Value $encodedBytes -AsByteStream
Write-Output "SIGNING_CERTIFICATE_LOCATION=$pfxPath" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
# requires Windows Dev Kit 10.0.22621.0
$signtool = 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x86/signtool.exe'
Write-Output "SIGNTOOL=$signtool" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
# openssl
$openssl = 'C:/Program Files/Git/usr/bin/openssl.exe'
Write-Output "OPENSSL=$openssl" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
env:
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
SIGNING_CERTIFICATE: ${{ secrets.CERTIFICATE }}
- name: Run GoReleaser 🚀
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200
with:
distribution: goreleaser
version: latest
args: release --clean --skip publish
workdir: src
env:
SIGNING_CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
- name: Zip theme files 🤐
run: |
$compress = @{
Path = "../themes/*.omp.*"
CompressionLevel = "Fastest"
DestinationPath = "./dist/themes.zip"
}
Compress-Archive @compress
- name: Add hashes 🤫
run: |
Get-ChildItem ./dist -Exclude *.yaml,*.sig | Get-Unique |
Foreach-Object {
$zipHash = Get-FileHash $_.FullName -Algorithm SHA256
$zipHash.Hash | Out-File -Encoding 'UTF8' "./dist/$($_.Name).sha256"
}
- name: Release 🎓
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191
with:
tag_name: ${{ needs.changelog.outputs.tag }}
body: ${{ needs.changelog.outputs.body }}
fail_on_unmatched_files: true
token: ${{ secrets.GH_PAT }}
files: |
src/dist/posh-*
src/dist/themes.*
src/dist/checksums.*