name: release-please on: push: branches: - main permissions: contents: write pull-requests: write concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: false jobs: release-please: runs-on: ubuntu-latest outputs: release_created: ${{ steps.release.outputs.release_created }} tag_name: ${{ steps.release.outputs.tag_name }} version: ${{ steps.release.outputs.version }} html_url: ${{ steps.release.outputs.html_url }} steps: - uses: actions/create-github-app-token@v2 id: app-token with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} # I can't use the action because it doesn't support the --draft flag, # and it doesn't support uploading assets. # # - uses: googleapis/release-please-action@v4 # with: # token: ${{ steps.app-token.outputs.token }} # config-file: release-please-config.json - name: Install release-please run: npm -g install release-please - name: release-please github-release id: release run: | release-please \ --token ${{ steps.app-token.outputs.token }} \ --repo-url ${{ github.repository }} \ github-release \ --draft | tee rp-out.log # parse the js object and store it - this is brittle! cat rp-out.log | sed -n '/^\[/,$p' > rp-out.js # if it's just "[]" assume no-op if [ "$(cat rp-out.js)" = "[]" ]; then exit 0 fi # convert js object to json - assumes there's only one release # this'll have to be refactored if there are multiple releases node -e "console.log(JSON.stringify($(cat rp-out.js)))" | jq '.[0]' > rp-out.json echo "json output: $(cat rp-out.json)" # now set outputs echo "release_created=true" >> "$GITHUB_OUTPUT" echo "id=$( jq -r '.id' rp-out.json)" >> "$GITHUB_OUTPUT" echo "name=$( jq -r '.name' rp-out.json)" >> "$GITHUB_OUTPUT" echo "tag_name=$( jq -r '.tagName' rp-out.json)" >> "$GITHUB_OUTPUT" echo "sha=$( jq -r '.sha' rp-out.json)" >> "$GITHUB_OUTPUT" echo "notes=$( jq '.notes' rp-out.json)" >> "$GITHUB_OUTPUT" echo "html_url=$( jq -r '.url' rp-out.json)" >> "$GITHUB_OUTPUT" echo "draft=$( jq -r '.draft' rp-out.json)" >> "$GITHUB_OUTPUT" echo "upload_url=$(jq -r '.uploadUrl' rp-out.json)" >> "$GITHUB_OUTPUT" echo "path=$( jq -r '.path' rp-out.json)" >> "$GITHUB_OUTPUT" echo "version=$( jq -r '.version' rp-out.json)" >> "$GITHUB_OUTPUT" echo "major=$( jq -r '.major' rp-out.json)" >> "$GITHUB_OUTPUT" echo "minor=$( jq -r '.minor' rp-out.json)" >> "$GITHUB_OUTPUT" echo "patch=$( jq -r '.patch' rp-out.json)" >> "$GITHUB_OUTPUT" - name: release-please release-pr id: release-pr if: ${{ ! steps.release.outputs.release_created }} run: | release-please \ --token ${{ steps.app-token.outputs.token }} \ --repo-url ${{ github.repository }} \ release-pr | tee rp-out.log # parse the js object and store it - this is brittle! cat rp-out.log | sed -n '/^\[/,$p' > rp-out.js # if it's just "[]" assume no-op if [ "$(cat rp-out.js)" = "[]" ]; then exit 0 fi # set outputs echo "prs_created=true" >> "$GITHUB_OUTPUT" node -e "console.log('pr=' +JSON.stringify($(cat rp-out.js)[0]))" >> "$GITHUB_OUTPUT" node -e "console.log('prs='+JSON.stringify($(cat rp-out.js) ))" >> "$GITHUB_OUTPUT" build-artifacts: runs-on: ubuntu-latest needs: release-please if: needs.release-please.outputs.release_created outputs: tag_name: ${{ needs.release-please.outputs.tag_name }} version: ${{ needs.release-please.outputs.version }} env: VERSION: ${{ needs.release-please.outputs.version }} strategy: matrix: goos: [linux, darwin] goarch: [amd64, arm64] include: - goos: freebsd goarch: amd64 - goos: linux goarch: '386' - goos: linux goarch: arm variant: 'v6' - goos: linux goarch: arm variant: 'v7' - goos: linux goarch: ppc64le - goos: linux goarch: s390x - goos: solaris goarch: amd64 - goos: windows goarch: amd64 extension: .exe - goos: windows goarch: '386' extension: .exe steps: - uses: actions/create-github-app-token@v2 id: app-token with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: go-version-file: go.mod - name: Build Artifacts for ${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.variant }} run: | export COMMIT=${{ github.sha }} make bin/gomplate_${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.variant }}${{ matrix.extension }}_checksum_sha256.txt \ VERSION=$VERSION make bin/gomplate_${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.variant }}${{ matrix.extension }}_checksum_sha512.txt \ VERSION=$VERSION if [ "${{ matrix.goos }}-${{ matrix.goarch }}" = "windows-amd64" ]; then make bin/gomplate_windows-amd64.zip VERSION=$VERSION fi - name: Save Artifacts uses: actions/upload-artifact@v4 with: name: build-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.variant }} path: bin/* retention-days: 1 create-release: runs-on: ubuntu-latest needs: build-artifacts env: VERSION: ${{ needs.build-artifacts.outputs.version }} TAG_NAME: ${{ needs.build-artifacts.outputs.tag_name }} steps: - uses: actions/create-github-app-token@v2 id: app-token with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - uses: actions/download-artifact@v4 - name: Organize Artifacts run: | mv build*/* . rm -rf build* - name: Aggregate Checksums run: | # duplicate the make bin/checksums_sha(256|512).txt targets without # invoking make cat gomplate_*_checksum_sha256.txt > checksums-${TAG_NAME}_sha256.txt cat gomplate_*_checksum_sha512.txt > checksums-${TAG_NAME}_sha512.txt # clean up a bit to make the upload simpler rm *_checksum*.txt - name: Upload Release Assets run: | ls -alh assets="checksums-${TAG_NAME}_sha256.txt checksums-${TAG_NAME}_sha512.txt" for f in gomplate_*; do assets="$assets ${f}" done echo "uploading assets: $assets" gh release upload ${TAG_NAME} $assets \ --clobber --repo ${{ github.repository }} env: GH_TOKEN: ${{ steps.app-token.outputs.token }} - name: Publish Release run: | gh release edit ${TAG_NAME} \ --discussion-category "General" \ --repo ${{ github.repository }} \ --draft=false env: GH_TOKEN: ${{ steps.app-token.outputs.token }} - name: Upload archive checksums id: archive-checksums # has to happen post-publish so the URL works run: | archive=https://github.com/${{ github.repository }}/archive/refs/tags/${TAG_NAME}.tar.gz archiveFile=archive.tar.gz curl -f -sSL -o $archiveFile $archive sha256sum $archiveFile | cut -f1 -d\ > ${TAG_NAME}.sha256 sha512sum $archiveFile | cut -f1 -d\ > ${TAG_NAME}.sha512 echo "sha256sum=$(cat ${TAG_NAME}.sha256)" >> $GITHUB_OUTPUT echo "sha512sum=$(cat ${TAG_NAME}.sha512)" >> $GITHUB_OUTPUT gh release upload ${TAG_NAME} ${TAG_NAME}.sha256 ${TAG_NAME}.sha512 \ --repo ${{ github.repository }} env: GH_TOKEN: ${{ steps.app-token.outputs.token }}