fix(deps): update module github.com/open-feature/flagd/core to v0.10.… #903

Workflow file for this run

.github/workflows/release-please.yaml at d33c7a5

	on:
	push:
	branches:
	- main

	env:
	# Stringified list of items that should be published
	PUBLISHABLE_ITEMS: '["flagd","flagd-proxy"]'
	REGISTRY: ghcr.io
	REPO_OWNER: ${{ github.repository_owner }}
	DEFAULT_GO_VERSION: '~1.21'
	PUBLIC_KEY_FILE: publicKey.pub
	GOPRIVATE: buf.build/gen/go

	name: Release Please
	jobs:
	release-please:
	name: Release Please
	runs-on: ubuntu-latest
	# Release-please creates a PR that tracks all changes
	steps:
	- name: Get current date
	id: date
	run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
	- uses: google-github-actions/release-please-action@v3
	id: release
	with:
	command: manifest
	token: ${{secrets.GITHUB_TOKEN}}
	default-branch: main
	signoff: "OpenFeature Bot <[email protected]>"
	- name: Dump Release Please Output
	env:
	RELEASE_PLEASE_OUTPUT: ${{ toJson(steps.release.outputs) }}
	run: \|
	echo "$RELEASE_PLEASE_OUTPUT"
	- name: Determine what should be published
	uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
	id: items-to-publish
	env:
	CHANGED_ITEMS: "${{ steps.release.outputs.paths_released }}"
	with:
	# Release please outputs a string representation of an array under the key paths_released
	# This script parses the output, and filters each of the changed items (provided as paths to the root of the package, e.g. flagd or core)
	# to remove any values not present in the PUBLISHABLE_ITEMS array. This filtered array is then stringified and exported as items-to-publish.outputs.result
	# this can be picked up by subsequent jobs and used in a matrix to loop over the PUBLISHABLE_ITEMS within the release
	script: \|
	const changedItems = JSON.parse(process.env.CHANGED_ITEMS \|\| '[]');
	console.log("changed items", changedItems);
	const eligibleItems = JSON.parse(process.env.PUBLISHABLE_ITEMS \|\| '[]');
	console.log("eligible items", eligibleItems);
	const itemsToPublish = changedItems.filter(i => eligibleItems.includes(i));
	console.log("items to publish", itemsToPublish);
	return itemsToPublish;
	outputs:
	date: ${{ steps.date.outputs.date }}
	items_to_publish: ${{ steps.items-to-publish.outputs.result }}
	flagd_version: ${{ steps.release.outputs.flagd--version }}
	flagd_tag_name: ${{ steps.release.outputs.flagd--tag_name }}
	flagd-proxy_version: ${{ steps.release.outputs.flagd-proxy--version }}
	flagd-proxy_tag_name: ${{ steps.release.outputs.flagd-proxy--tag_name }}

	container-release:
	name: Build and push containers to GHCR
	needs: release-please
	runs-on: ubuntu-latest
	if: ${{ needs.release-please.outputs.items_to_publish != '' && toJson(fromJson(needs.release-please.outputs.items_to_publish)) != '[]' }}
	strategy:
	matrix:
	path: ${{ fromJSON(needs.release-please.outputs.items_to_publish) }}

	env:
	TAG: ${{ needs.release-please.outputs[format('{0}_tag_name', matrix.path)] }}
	VERSION: v${{ needs.release-please.outputs[format('{0}_version', matrix.path)] }}
	steps:
	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
	with:
	ref: ${{ env.TAG }}

	- name: Log in to the Container registry
	uses: docker/login-action@3d58c274f17dffee475a5520cbe67f0a882c4dbb
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Extract metadata (tags, labels) for Docker
	id: meta
	uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81
	with:
	images: ${{ env.REGISTRY }}/${{ matrix.path }}

	- name: Set up QEMU
	uses: docker/setup-qemu-action@master
	with:
	platforms: all

	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@master

	- name: Build
	id: build
	uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5
	with:
	builder: ${{ steps.buildx.outputs.name }}
	context: .
	file: ./${{ matrix.path }}/build.Dockerfile
	platforms: linux/amd64,linux/arm64
	push: true
	tags: \|
	${{ env.REGISTRY }}/${{ env.REPO_OWNER }}/${{ matrix.path }}:latest
	${{ env.REGISTRY }}/${{ env.REPO_OWNER }}/${{ matrix.path }}:${{ env.VERSION }}
	labels: ${{ steps.meta.outputs.labels }}
	build-args: \|
	VERSION=${{ env.VERSION }}
	COMMIT=${{ github.sha }}
	DATE=${{ needs.release-please.outputs.date }}
	- name: Install Cosign
	uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4

	- name: Sign the image
	run: \|
	cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ env.REPO_OWNER }}/${{ matrix.path }}@${{ steps.build.outputs.digest }}
	cosign public-key --key env://COSIGN_PRIVATE_KEY --outfile ${{ env.PUBLIC_KEY_FILE }}
	env:
	COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
	COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}

	- name: Generate image SBOM file name
	id: image-sbom-file-gen
	run: echo "IMG_SBOM_FILE=${{ format('{0}-{1}-sbom.spdx', matrix.path, env.VERSION) }}" >> $GITHUB_OUTPUT

	- name: SBOM for latest image
	uses: anchore/sbom-action@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0
	with:
	image: ${{ env.REGISTRY }}/${{ env.REPO_OWNER }}/${{ matrix.path }}:${{ env.VERSION }}
	artifact-name: ${{ steps.image-sbom-file-gen.outputs.IMG_SBOM_FILE }}
	output-file: ${{ steps.image-sbom-file-gen.outputs.IMG_SBOM_FILE }}

	- name: Bundle release assets
	uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
	with:
	tag_name: ${{ env.TAG }}
	files: \|
	${{ env.PUBLIC_KEY_FILE }}
	${{ steps.image-sbom-file-gen.outputs.IMG_SBOM_FILE }}

	release-go-binaries:
	name: Create and publish binaries to GitHub
	needs: release-please
	runs-on: ubuntu-latest
	if: ${{ needs.release-please.outputs.items_to_publish != '' && toJson(fromJson(needs.release-please.outputs.items_to_publish)) != '[]' }}
	strategy:
	matrix:
	path: ${{ fromJSON(needs.release-please.outputs.items_to_publish) }}

	env:
	TAG: ${{ needs.release-please.outputs[format('{0}_tag_name', matrix.path)] }}
	VERSION: v${{ needs.release-please.outputs[format('{0}_version', matrix.path)] }}
	VERSION_NO_PREFIX: ${{ needs.release-please.outputs[format('{0}_version', matrix.path)] }}
	COMMIT: ${{ github.sha }}
	DATE: ${{ needs.release-please.outputs.date }}
	BUILD_ARGS: '-a -ldflags "-X main.version=${VERSION} -X main.commit=${COMMIT} -X main.date=${DATE}"'
	steps:
	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
	with:
	ref: ${{ env.TAG }}
	- name: Set up Go
	uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
	with:
	go-version: ${{ env.DEFAULT_GO_VERSION }}
	- name: Download cyclonedx-gomod
	uses: CycloneDX/gh-gomod-generate-sbom@efc74245d6802c8cefd925620515442756c70d8f # v2
	with:
	version: v1
	- name: setup for builds
	# TODO: The README should also be moved ready for bundling once both flagd-proxy and flagd have package specific READMEs
	run: \|
	make workspace-init
	mv ./${{ matrix.path }}/CHANGELOG.md CHANGELOG.md
	cd ${{ matrix.path }} && cyclonedx-gomod app > ../sbom.xml
	- name: build darwin arm64
	run: \|
	env CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build ${{ env.BUILD_ARGS }} -o ./${{ matrix.path }}_darwin_arm64 ./${{ matrix.path }}/main.go
	tar -cvzf ${{ matrix.path }}_${{ env.VERSION_NO_PREFIX }}_Darwin_arm64.tar.gz ./${{ matrix.path }}_darwin_arm64 ./LICENSE ./CHANGELOG.md ./README.md ./sbom.xml
	- name: build darwin x86_64
	run: \|
	env CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build ${{ env.BUILD_ARGS }} -o ./${{ matrix.path }}_darwin_x86_64 ./${{ matrix.path }}/main.go
	tar -cvzf ${{ matrix.path }}_${{ env.VERSION_NO_PREFIX }}_Darwin_x86_64.tar.gz ./${{ matrix.path }}_darwin_x86_64 ./LICENSE ./CHANGELOG.md ./README.md ./sbom.xml
	- name: build linux arm64
	run: \|
	env CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build ${{ env.BUILD_ARGS }} -o ./${{ matrix.path }}_linux_arm64 ./${{ matrix.path }}/main.go
	tar -cvzf ${{ matrix.path }}_${{ env.VERSION_NO_PREFIX }}_Linux_arm64.tar.gz ./${{ matrix.path }}_linux_arm64 ./LICENSE ./CHANGELOG.md ./README.md ./sbom.xml
	- name: build linux x86_64
	run: \|
	env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build ${{ env.BUILD_ARGS }} -o ./${{ matrix.path }}_linux_x86_64 ./${{ matrix.path }}/main.go
	tar -cvzf ${{ matrix.path }}_${{ env.VERSION_NO_PREFIX }}_Linux_x86_64.tar.gz ./${{ matrix.path }}_linux_x86_64 ./LICENSE ./CHANGELOG.md ./README.md ./sbom.xml
	- name: build linux i386
	run: \|
	env CGO_ENABLED=0 GOOS=linux GOARCH=386 go build ${{ env.BUILD_ARGS }} -o ./${{ matrix.path }}_linux_i386 ./${{ matrix.path }}/main.go
	tar -cvzf ${{ matrix.path }}_${{ env.VERSION_NO_PREFIX }}_Linux_i386.tar.gz ./${{ matrix.path }}_linux_i386 ./LICENSE ./CHANGELOG.md ./README.md ./sbom.xml
	# Windows artifacts use .zip archive
	- name: build windows x86_64
	run: \|
	env CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build ${{ env.BUILD_ARGS }} -o ./${{ matrix.path }}_windows_x86_64 ./${{ matrix.path }}/main.go
	zip -r ${{ matrix.path }}_${{ env.VERSION_NO_PREFIX }}_Windows_x86_64.zip ./${{ matrix.path }}_windows_x86_64 ./LICENSE ./CHANGELOG.md ./README.md ./sbom.xml
	- name: build windows i386
	run: \|
	env CGO_ENABLED=0 GOOS=windows GOARCH=386 go build ${{ env.BUILD_ARGS }} -o ./${{ matrix.path }}_windows_i386 ./${{ matrix.path }}/main.go
	zip -r ${{ matrix.path }}_${{ env.VERSION_NO_PREFIX }}_Windows_i386.zip ./${{ matrix.path }}_windows_i386 ./LICENSE ./CHANGELOG.md ./README.md ./sbom.xml
	# Bundle licenses
	- name: Install go-licenses
	run: go install github.com/google/go-licenses@latest
	- name: Build license extraction locations
	id: license-files
	run: \|
	echo "LICENSE_FOLDER=${{ format('{0}-third-party-license', matrix.path) }}" >> $GITHUB_OUTPUT
	echo "LICENSE_ERROR_FILE=${{ format('{0}-license-errors.txt', matrix.path) }}" >> $GITHUB_OUTPUT
	- name: Run go-licenses for module ${{ matrix.path }}
	run: go-licenses save ./${{ matrix.path }} --save_path=./${{ steps.license-files.outputs.LICENSE_FOLDER }} --force --logtostderr=false 2> ./${{ steps.license-files.outputs.LICENSE_ERROR_FILE }}
	continue-on-error: true # tool set stderr which can be ignored and referred through error artefact
	- name: Bundle license extracts
	run: \|
	if [ -d ./${{ steps.license-files.outputs.LICENSE_FOLDER }} ]; then
	tar czf ./${{ steps.license-files.outputs.LICENSE_FOLDER }}.tar.gz ./${{ steps.license-files.outputs.LICENSE_FOLDER }}
	else
	echo "Directory ./${{ steps.license-files.outputs.LICENSE_FOLDER }} does not exist. Skipping tar creation."
	fi
	# Bundle release artifacts
	- name: Bundle release assets
	uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
	with:
	tag_name: ${{ env.TAG }}
	files: \|
	./sbom.xml
	./*.tar.gz
	./*.zip
	./${{ steps.license-files.outputs.LICENSE_ERROR_FILE }}
	homebrew:
	name: Bump homebrew-core formula
	needs: release-please
	runs-on: ubuntu-latest
	# Only run on non-forked flagd releases
	if: ${{ github.repository_owner == 'open-feature' && needs.release-please.outputs.flagd_tag_name }}
	steps:
	- uses: mislav/bump-homebrew-formula-action@v2
	with:
	formula-name: flagd
	# https://github.com/mislav/bump-homebrew-formula-action/issues/58
	formula-path: Formula/f/flagd.rb
	tag-name: ${{ needs.release-please.outputs.flagd_tag_name }}
	download-url: https://github.com/${{ github.repository }}.git
	commit-message: \|
	{{formulaName}} ${{ needs.release-please.outputs.flagd_version }}

	Created by https://github.com/mislav/bump-homebrew-formula-action
	env:
	COMMITTER_TOKEN: ${{ secrets.COMMITTER_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update module github.com/open-feature/flagd/core to v0.10.… #903

Workflow file

fix(deps): update module github.com/open-feature/flagd/core to v0.10.… #903

Jobs

Run details

Workflow file for this run