docs: update github workflow

.github/chglog/CHANGELOG.tpl.md

@@ -0,0 +1,40 @@
+{{ range .Versions }}
+<a name="{{ .Tag.Name }}"></a>
+## {{ if .Tag.Previous }}[{{ .Tag.Name }}]({{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}){{ else }}{{ .Tag.Name }}{{ end }}
+
+> {{ datetime "2006-01-02" .Tag.Date }}
+
+{{ range .CommitGroups -}}
+### {{ .Title }}
+
+{{ range .Commits -}}
+* {{ .Subject }}
+{{ end }}
+{{ end -}}
+
+{{- if .RevertCommits -}}
+### Reverts
+
+{{ range .RevertCommits -}}
+* {{ .Revert.Header }}
+{{ end }}
+{{ end -}}
+
+{{- if .MergeCommits -}}
+### Pull Requests
+
+{{ range .MergeCommits -}}
+* {{ .Header }}
+{{ end }}
+{{ end -}}
+
+{{- if .NoteGroups -}}
+{{ range .NoteGroups -}}
+### {{ .Title }}
+
+{{ range .Notes }}
+{{ .Body }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}

.github/chglog/config.yml

@@ -0,0 +1,27 @@
+style: github
+template: CHANGELOG.tpl.md
+info:
+  title: CHANGELOG
+  repository_url: y
+options:
+  commits:
+    # filters:
+    #   Type:
+    #     - feat
+    #     - fix
+    #     - perf
+    #     - refactor
+  commit_groups:
+    # title_maps:
+    #   feat: Features
+    #   fix: Bug Fixes
+    #   perf: Performance Improvements
+    #   refactor: Code Refactoring
+  header:
+    pattern: "^(\\w*)\\:\\s(.*)$"
+    pattern_maps:
+      - Type
+      - Subject
+  notes:
+    keywords:
+      - BREAKING CHANGE

.github/workflows/build-binary.yml

@@ -0,0 +1,71 @@
+name: Binary Build and Publish
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        required: true
+        type: string
+      dry_run:
+        required: true
+        type: boolean
+
+jobs:
+  build-and-release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.22'
+
+      - name: Build binaries
+        run: |
+          BUILD_TIME=`date +%FT%T%z`
+          GIT_REV=`git rev-parse --short HEAD`
+          GO_VERSION=$(go version)
+          LDFLAGS=-ldflags "-w -s \
+          -X 'github.com/wayjam/tv-mixproxy/internal.Version=${{ inputs.version }}' \
+          -X 'github.com/wayjam/tv-mixproxy/internal.GitRev=${GIT_REV}' \
+          -X 'github.com/wayjam/tv-mixproxy/internal.BuildTime=${BUILD_TIME}' \
+          -X 'github.com/wayjam/tv-mixproxy/internal.GoVersion=${GO_VERSION}' \
+          "
+          GOOS=linux GOARCH=amd64 go build "${LDFLAGS}" -o build/tv-mixproxy-linux-amd64 ./cmd/tv-mixproxy
+          GOOS=linux GOARCH=arm64 go build "${LDFLAGS}" -o build/tv-mixproxy-linux-arm64 ./cmd/tv-mixproxy
+
+      - name: Get Release
+        id: get_release
+        uses: bruceadams/get-release@v1.3.2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ inputs.version }}
+        continue-on-error: true
+
+      - name: Upload Release Assets
+        if: steps.get_release.outcome == 'success'
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.get_release.outputs.upload_url }}
+          asset_path: ./build/tv-mixproxy-linux-amd64
+          asset_name: tv-mixproxy-linux-amd64
+          asset_content_type: application/octet-stream
+
+      - name: Upload Release Assets (ARM64)
+        if: steps.get_release.outcome == 'success'
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.get_release.outputs.upload_url }}
+          asset_path: ./build/tv-mixproxy-linux-arm64
+          asset_name: tv-mixproxy-linux-arm64
+          asset_content_type: application/octet-stream

.github/workflows/build-docker.yml

@@ -0,0 +1,91 @@
+name: Docker Build and Publish
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        required: true
+        type: string
+      dry_run:
+        required: true
+        type: boolean
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version tag for the Docker image'
+        required: true
+        type: string
+      dry_run:
+        description: 'Dry run (true/false)'
+        required: true
+        type: boolean
+        default: false
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Get Version
+        id: version
+        run: |
+          if [ -z "${{ inputs.version }}" ]; then
+            echo "tag=${{ steps.meta.outputs.tags }}" >> $GITHUB_OUTPUT
+          else
+            echo "tag=${{ inputs.version }}" >> $GITHUB_OUTPUT
+          fi
+          echo "The tag is ${{ steps.version.outputs.tag }}"
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.version.outputs.tag }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: VERSION=${{ steps.version.outputs.tag }}
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@v3
+        with:
+          cosign-release: 'v2.2.4'
+
+      - name: Sign the published Docker image
+        env:
+          TAGS: ${{ steps.version.outputs.tag }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

.github/workflows/build.yml

@@ -0,0 +1,49 @@
+name: Build and Publish
+run-name: Build and Publish (${{ github.ref }}) ${{ inputs.dry_run && '(🧪 Dry-Run)' || '' }}
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: "Dry run"
+        type: boolean
+        default: true
+      build_items:
+        description: "Build items"
+        type: string
+        default: "binary,docker"
+
+jobs:
+  # Get the current tag
+  get_tag:
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.get_tag.outputs.tag }}
+    steps:
+      - name: Get tag
+        id: get_tag
+        run: echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
+
+  # Build the Docker image
+  docker:
+    needs: get_tag
+    if: inputs.build_items == '' || contains(inputs.build_items, 'docker')
+    uses: ./.github/workflows/build-docker.yml
+    with:
+      version: ${{ needs.get_tag.outputs.tag }}
+      dry_run: ${{ inputs.dry_run || false }}
+    secrets: inherit
+
+  # Build the binary app
+  binary:
+    needs: get_tag
+    if: inputs.build_items == '' || contains(inputs.build_items, 'binary')
+    uses: ./.github/workflows/build-binary.yml
+    with:
+      version: ${{ needs.get_tag.outputs.tag }}
+      dry_run: ${{ inputs.dry_run || false }}
+    secrets: inherit