🧹 remove internal vault since it is easier to configure via inventory… #103

Summary
Jobs
- goreleaser
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/goreleaser.yml at 63a3473

	name: goreleaser

	on:
	push:
	tags:
	- '*'
	workflow_dispatch:

	env:
	REGISTRY: docker.io

	jobs:
	goreleaser:
	permissions:
	# Add "contents" to write release
	contents: 'write'
	# Add "id-token" for google-github-actions/auth
	id-token: 'write'

	runs-on: self-hosted
	timeout-minutes: 120
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	with:
	fetch-depth: 0

	- name: Set up Go
	uses: actions/setup-go@v4
	with:
	go-version: ">=1.20.4"
	cache: false

	- name: 'Authenticate to Google Cloud'
	uses: 'google-github-actions/auth@v1'
	with:
	workload_identity_provider: ${{ secrets.GCP_WIP }}
	service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}

	- id: 'gcp_secrets'
	uses: 'google-github-actions/get-secretmanager-secrets@v1'
	with:
	secrets: \|-
	code_sign_cert_b64:mondoo-base-infra/mondoo_code_sign_certificate_pfx_b64
	code_sign_cert_challenge:mondoo-base-infra/mondoo_code_sign_challenge

	- name: "Write RPM Signing Cert"
	run: \|
	gpgkey="$(mktemp -t gpgkey.XXX)"
	base64 -d <<<"$GPG_KEY" > "$gpgkey"
	echo "GPG_KEY_PATH=$gpgkey" >> $GITHUB_ENV
	env:
	GPG_KEY: '${{ secrets.GPG_KEY}}'

	- name: "Write Windows Signing Cert"
	run: \|
	cert="$(mktemp -t cert.XXX)"
	base64 -d <<<"$CERT_CONTENTS" > "$cert"
	echo "CERT_FILE=$cert" >> $GITHUB_ENV
	env:
	CERT_CONTENTS: '${{ steps.gcp_secrets.outputs.code_sign_cert_b64 }}'

	- name: Install Quill for Mac Signing and Notarization
	run: \|
	curl -sSfL https://raw.githubusercontent.com/anchore/quill/main/install.sh \| sh -s -- -b /tmp v0.2.0
	/tmp/quill help

	- name: Log in to the Container registry
	uses: docker/login-action@v2
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}

	- name: Run GoReleaser
	uses: goreleaser/goreleaser-action@v4
	with:
	distribution: goreleaser
	version: latest
	args: release --clean --timeout 120m
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	NFPM_DEFAULT_RPM_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
	CERT_PASSWORD: ${{ steps.gcp_secrets.outputs.code_sign_cert_challenge }}
	QUILL_SIGN_PASSWORD: ''
	QUILL_SIGN_P12: ${{ secrets.APPLE_SIGN_P12 }}
	QUILL_NOTARY_KEY: ${{ secrets.APPLE_NOTARY_KEY }}
	QUILL_NOTARY_KEY_ID: ${{ secrets.APPLE_NOTARY_KEY_ID }}
	QUILL_NOTARY_ISSUER: ${{ secrets.APPLE_NOTARY_ISSUER }}

	- name: Check RPMs
	run: \|
	rpm -qpi dist/*.rpm

	- name: Publish Release to releases.mondoo.com
	uses: peter-evans/repository-dispatch@v2
	with:
	token: ${{ secrets.RELEASR_ACTION_TOKEN }}
	repository: "mondoohq/releasr"
	event-type: publish-release
	client-payload: '{
	"repository": "${{ github.event.repository.name }}",
	"version": "${{ github.ref_name }}"
	}'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🧹 remove internal vault since it is easier to configure via inventory… #103

Workflow file

🧹 remove internal vault since it is easier to configure via inventory… #103

Jobs

Run details

Workflow file for this run