fix: exclude /team package from test coverage and update coverage thr… #71
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| # run only against tags | |
| tags: | |
| - "*" | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| jobs: | |
| goreleaser: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
| with: | |
| go-version: stable | |
| # More assembly might be required: Docker logins, GPG, etc. | |
| # It all depends on your needs. | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0 | |
| with: | |
| # either 'goreleaser' (default) or 'goreleaser-pro' | |
| distribution: goreleaser | |
| # 'latest', 'nightly', or a semver | |
| version: "~> v2" | |
| args: release --clean | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| name: Upload release | |
| with: | |
| name: release | |
| path: dist | |
| - run: dist/paretosecurity_linux_amd64_v1/paretosecurity check --schema > checks.json | |
| - name: Upload checks info | |
| uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1 | |
| with: | |
| files: checks.json | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| - name: Install repo tools | |
| run: sudo apt install -y reprepro createrepo-c | |
| - name: Create Debian repository | |
| run: reprepro -b apt includedeb stable dist/*.deb | |
| - name: Create RPM repository | |
| run: mv dist/*.rpm apt/rpm && createrepo_c apt/rpm | |
| - name: Create Arch repository | |
| run: | | |
| sudo add-apt-repository --yes ppa:michel-slm/kernel-utils | |
| sudo apt-get -qq --yes install pacman-package-manager libarchive-tools | |
| mkdir -p apt/arch/ | |
| for file in dist/*.pkg.tar.zst ; do \ | |
| arch=$(basename $file .archlinux.pkg.tar.zst | sed 's/.*_//') ; \ | |
| if [ "$arch" = "arm64" ]; then arch="aarch64"; fi ; \ | |
| if [ "$arch" = "aarch64" ]; then mv $file ${file/arm64/aarch64} ; fi ; \ | |
| echo "Processing arch $arch..." && \ | |
| mkdir -p apt/aur/stable/$arch && \ | |
| cp dist/*_$arch.archlinux.pkg.tar.zst apt/aur/stable/$arch && \ | |
| repo-add \ | |
| --verify \ | |
| --sign \ | |
| --new \ | |
| --remove \ | |
| --prevent-downgrade \ | |
| apt/aur/stable/$arch/paretosecurity.db.tar.gz apt/aur/stable/$arch/*_$arch.archlinux.pkg.tar.zst && \ | |
| gpg --detach-sign --no-armor --batch --yes apt/aur/stable/$arch/*_$arch.archlinux.pkg.tar.zst ; \ | |
| done | |
| - name: Host repository for testing | |
| uses: Eun/http-server-action@f71cec1321f665652a46c40b6852f8e5a68bfcd4 # v1 | |
| with: | |
| directory: apt | |
| port: 8000 | |
| - name: Check repository works | |
| run: | | |
| set +x | |
| # Copy signing keyring | |
| sudo cp paretosecurity.gpg /usr/share/keyrings/paretosecurity.gpg | |
| # Point apt at local apt repo overwriting all default sources | |
| echo "deb [signed-by=/usr/share/keyrings/paretosecurity.gpg] http://localhost:8000/debian/ stable main" | sudo tee /etc/apt/sources.list | |
| # Later ubuntu versions use the `conf.d` approach so we need to remove the default sources | |
| sudo rm -R /etc/apt/sources.list.d/* | |
| sudo apt-get update --allow-insecure-repositories | |
| working-directory: ./apt | |
| - uses: ryand56/r2-upload-action@b801a390acbdeb034c5e684ff5e1361c06639e7c # latest | |
| with: | |
| r2-account-id: ${{ secrets.R2_ACCOUNT_ID }} | |
| r2-access-key-id: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| r2-secret-access-key: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| r2-bucket: pareto-apt | |
| source-dir: apt | |
| destination-dir: ./ | |
| - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 | |
| with: | |
| subject-path: 'dist/*.deb' | |
| - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 | |
| with: | |
| subject-path: 'apt/rpm/*.rpm' |