ci: bump wfctl pin v0.63.1 → v0.63.2 (workflow#765 implementation act… #5
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: ["v*"] | |
| permissions: | |
| contents: write | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Configure Go private modules | |
| run: git config --global url."https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/" | |
| - name: Install wfctl v0.63.2 | |
| run: | | |
| mkdir -p "${RUNNER_TEMP}/wfctl-bin" | |
| curl -sSfL -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| -o "${RUNNER_TEMP}/wfctl-bin/wfctl" \ | |
| "https://github.com/GoCodeAlone/workflow/releases/download/v0.63.2/wfctl-linux-amd64" | |
| chmod +x "${RUNNER_TEMP}/wfctl-bin/wfctl" | |
| - name: Validate plugin contract for publish (pre-build) | |
| run: "${{ runner.temp }}/wfctl-bin/wfctl plugin validate-contract --for-publish --tag ${{ github.ref_name }} ." | |
| - uses: goreleaser/goreleaser-action@v7 | |
| with: | |
| version: "~> v2" | |
| args: release --clean | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GOPRIVATE: github.com/GoCodeAlone/* | |
| GONOSUMCHECK: github.com/GoCodeAlone/* | |
| # workflow#765: runtime truth-check via plugin verify-capabilities. | |
| - name: Verify capabilities (runtime truth-check) | |
| run: | | |
| RUNNER_ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/') | |
| BIN=$(jq -r --arg arch "$RUNNER_ARCH" \ | |
| '[.[] | select(.type=="Binary" and .goos=="linux" and .goarch==$arch and (.name|startswith("workflow-plugin-launchdarkly")))] | .[0].path // ""' \ | |
| dist/artifacts.json) | |
| if [ -z "$BIN" ] || [ "$BIN" = "null" ]; then | |
| echo "::warning::No matching linux/$RUNNER_ARCH binary in dist/artifacts.json; skipping verify-capabilities" | |
| jq '.[] | {name, type, goos, goarch, path}' dist/artifacts.json | |
| exit 0 | |
| fi | |
| "${{ runner.temp }}/wfctl-bin/wfctl" plugin verify-capabilities --binary "$BIN" . | |
| - name: Sync manifest to registry | |
| if: success() && env.GH_TOKEN != '' | |
| continue-on-error: true | |
| env: | |
| GH_TOKEN: ${{ secrets.REGISTRY_PAT }} | |
| run: | | |
| git clone "https://x-access-token:${GH_TOKEN}@github.com/GoCodeAlone/workflow-registry.git" /tmp/registry | |
| mkdir -p /tmp/registry/plugins/launchdarkly | |
| TAG=${GITHUB_REF#refs/tags/} | |
| VERSION=${TAG#v} | |
| jq --arg v "$VERSION" '.version = $v' plugin.json > /tmp/registry/plugins/launchdarkly/manifest.json | |
| cd /tmp/registry | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add plugins/launchdarkly/manifest.json | |
| git diff --cached --quiet || git commit -m "chore: sync launchdarkly plugin manifest v${VERSION}" | |
| git push | |
| notify-registry: | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| needs: [release] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Notify workflow-registry | |
| if: env.GH_TOKEN != '' | |
| uses: peter-evans/repository-dispatch@v3 | |
| with: | |
| token: ${{ secrets.REGISTRY_PAT }} | |
| repository: GoCodeAlone/workflow-registry | |
| event-type: plugin-release | |
| client-payload: >- | |
| {"plugin": "${{ github.repository }}", "tag": "${{ github.ref_name }}"} | |
| env: | |
| GH_TOKEN: ${{ secrets.REGISTRY_PAT }} | |
| continue-on-error: true | |
| - name: Publish GitHub release | |
| if: ${{ success() }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: gh release edit "${{ github.ref_name }}" --draft=false --repo "${{ github.repository }}" |