Skip to content
release-test

Add push trigger for branch to enable testing #1

Sign in to view logs

Add push trigger for branch to enable testing

Add push trigger for branch to enable testing #1

Workflow file for this run

.github/workflows/release-test.yml at 7774501
name: release-test
on:
push:
branches:
- "split-release-workflows"
workflow_dispatch:
jobs:
# Build Unix (Linux/macOS) binaries in snapshot mode.
# Skips Docker images and GitHub release publishing.
goreleaser-unix:
runs-on:
group: databricks-deco-testing-runner-group
labels: ubuntu-latest-deco
steps:
- name: Checkout repository and submodules
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
fetch-tags: true
- name: Setup JFrog CLI with OIDC
uses: jfrog/setup-jfrog-cli@279b1f629f43dd5bc658d8361ac4802a7ef8d2d5 # v4.9.1
env:
JF_URL: https://databricks.jfrog.io
with:
oidc-provider-name: github-actions
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: go.mod
cache-dependency-path: |
go.sum
.goreleaser-unix.yaml
- name: Configure Go module proxy via JFrog
run: jf goc --repo-resolve=db-golang
- name: Hide snapshot tag to outsmart GoReleaser
run: git tag -d snapshot || true
- name: Run GoReleaser for Unix
uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
with:
version: ~> v2
args: release -f .goreleaser-unix.yaml --snapshot --skip docker
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Unix artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: unix-artifacts
path: |
dist/*.zip
dist/*.tar.gz
dist/*SHA256SUMS*
# Build and sign Windows binaries in snapshot mode.
# Uses AzureSignTool with Azure Key Vault for code signing.
goreleaser-windows:
environment: sign
runs-on: windows-latest
steps:
- name: Checkout repository and submodules
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
fetch-tags: true
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: go.mod
cache-dependency-path: |
go.sum
.goreleaser-windows.yaml
- name: Hide snapshot tag to outsmart GoReleaser
run: git tag -d snapshot || true
shell: bash
- name: Azure Login and get Key Vault token
shell: pwsh
run: |
az login --service-principal `
-u ${{ secrets.DECO_SIGN_AZURE_CLIENT_ID }} `
-p ${{ secrets.DECO_SIGN_AZURE_CLIENT_SECRET }} `
--tenant ${{ secrets.DECO_SIGN_AZURE_TENANT_ID }}
$accessToken = az account get-access-token --resource https://vault.azure.net --query accessToken -o tsv
echo "::add-mask::$accessToken"
echo "AZURE_VAULT_TOKEN=$accessToken" >> $env:GITHUB_ENV
# AzureSignTool is installed from nuget.org (https://www.nuget.org/packages/AzureSignTool/7.0.1)
# Security: On Windows, NuGet verifies repository signatures by default. The package is
# version-pinned and pulled over HTTPS from nuget.org's CDN. Source: https://github.com/vcsjones/AzureSignTool
- name: Install AzureSignTool
shell: pwsh
run: |
dotnet tool install --global AzureSignTool --version 7.0.1
- name: Run GoReleaser for Windows
uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
with:
version: ~> v2
args: release -f .goreleaser-windows.yaml --snapshot
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AZURE_TENANT_ID: ${{ secrets.DECO_SIGN_AZURE_TENANT_ID }}
AZURE_CLIENT_ID: ${{ secrets.DECO_SIGN_AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.DECO_SIGN_AZURE_CLIENT_SECRET }}
- name: Upload Windows artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: windows-artifacts
path: |
dist/*.zip
dist/*SHA256SUMS*