Skip to content

feat: nonce handling with signer (backport #3196) #3599

feat: nonce handling with signer (backport #3196)

feat: nonce handling with signer (backport #3196) #3599

Workflow file for this run

name: ci-release
# Run this workflow on push events (i.e. PR merge) to main or release branches,
# push events for new semantic version tags, all PRs, and manual triggers.
on:
push:
branches:
- main
- "v[0-9]+.x"
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+"
pull_request:
workflow_dispatch:
# Inputs the workflow accepts.
inputs:
version:
# Friendly description to be shown in the UI instead of 'name'
description: "Semver type of new version (major / minor / patch)"
# Input has to be provided for the workflow to run
required: true
type: choice
options:
- patch
- minor
- major
jobs:
lint:
uses: ./.github/workflows/lint.yml
markdown-linter:
uses: ./.github/workflows/markdown-linter.yml
test:
uses: ./.github/workflows/test.yml
goreleaser-check:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
- uses: goreleaser/goreleaser-action@v5
with:
version: latest
args: check
# If this was a workflow dispatch event, we need to generate and push a tag
# for goreleaser to grab
version_bump:
needs: [lint, test, goreleaser-check]
runs-on: ubuntu-latest
permissions: "write-all"
steps:
- uses: actions/checkout@v4
- name: Bump version and push tag
# Placing the if condition here is a workaround for needing to block
# on this step during workflow dispatch events but the step not
# needing to run on tags. If we had the if condition on the full
# version_bump section, it would skip and not run, which would result
# in goreleaser not running either.
if: ${{ github.event_name == 'workflow_dispatch' }}
uses: mathieudutour/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
default_bump: ${{ inputs.version }}
# Generate the release with goreleaser to include pre-built binaries
goreleaser:
needs: version_bump
runs-on: ubuntu-latest
if: |
github.event_name == 'workflow_dispatch' ||
(github.event_name == 'push' && contains(github.ref, 'refs/tags/'))
permissions: "write-all"
steps:
- uses: actions/checkout@v3
- run: git fetch --force --tags
- uses: actions/setup-go@v4
with:
go-version: 1.22.0
- name: Create .release-env file
run: |-
echo 'GITHUB_TOKEN=${{secrets.GORELEASER_ACCESS_TOKEN}}' >> .release-env
- name: Create prebuilt binaries and attach them to the GitHub release
run: make prebuilt-binary