writing and uploading bundle while signing #109
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
on: | |
push: | |
tags: | |
- v*.*.* | |
permissions: read-all | |
jobs: | |
release: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
id-token: write | |
env: | |
tag: ${{ github.ref_name }} | |
os: linux | |
arch: x86_64 | |
steps: | |
- name: Setup Bolt | |
uses: koalalab-inc/bolt@7bc45c5036a248828c82447f9bb3fea35fe27c93 # koalalab-inc/[email protected] | main | |
- name: Checkout | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # actions/checkout@v4 | 1567,v4.1.2 | |
- name: Get release version | |
id: releaseVersion | |
run: echo "releaseVersion=\"$(awk -F\' '/const releaseVersion/ { print $2 }' src/version.js)\"" >> "$GITHUB_ENV" | |
- name: Check if releaseVersion is same as tag | |
run: | | |
if [ "${{ env.tag }}" != "${{ env.releaseVersion }}" ]; then | |
echo "releaseVersion does not match the tag" | |
exit 1 | |
fi | |
- name: Fetch MITM-Proxy | |
run: | | |
mkdir -p mitmproxy | |
wget https://github.com/koalalab-inc/go-libaudit/releases/download/v2.5.0/auparse-2.5.0-linux-amd64 --quiet | |
wget https://downloads.mitmproxy.org/10.2.2/mitmproxy-10.2.2-${{ env.os }}-${{ env.arch }}.tar.gz --quiet | |
tar -xzf mitmproxy-10.2.2-${{ env.os }}-${{ env.arch }}.tar.gz -C mitmproxy | |
mkdir -p bolt | |
cp mitmproxy/mitmdump bolt/mitmdump | |
cp src/intercept.py bolt/intercept.py | |
cp auparse-2.5.0-linux-amd64 bolt/auparse | |
tar -czf bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz bolt | |
rm -rf mitmproxy bolt | |
rm mitmproxy-10.2.2-linux-x86_64.tar.gz | |
- name: Install Cosign | |
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # sigstore/[email protected] | |
with: | |
cosign-release: 'v2.2.4' # optional | |
- name: Sign Release | |
run: | | |
cosign sign-blob \ | |
--yes \ | |
--bundle bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.bundle \ | |
bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz | |
- name: Release | |
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # softprops/action-gh-release@v2 | |
with: | |
files: | | |
bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz | |
bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.bundle | |
tag_name: ${{ env.tag }} | |
name: ${{ env.tag }} | |
generate_release_notes: true | |
token: ${{ secrets.GITHUB_TOKEN }} | |
prerelease: ${{ endsWith(env.tag, 'rc') }} |