Update validation message #15462

Workflow file for this run

.github/workflows/goreleaser-actions.yml at a674a21

	name: Go Releaser
	on: [push]

	jobs:
	# build the goreleaser container cgo cross compiler container. Note: this wil not be applied until
	# the next run since build-goreleaser and run-goreleaser are run concurrently. We expect github actions
	# to fix this in a future version.
	build-goreleaser:
	runs-on: ubuntu-latest
	outputs:
	goreleaser-image: ${{ steps.name-export.outputs.TAG_NAME }}
	permissions:
	# always required
	packages: write
	# only required for private repos
	actions: read
	contents: write
	steps:
	- name: Git Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0 # needed if using new-from-rev (see: https://golangci-lint.run/usage/configuration/#issues-configuration)


	- name: Cache Docker images.
	uses: ScribeMD/docker-cache@0.3.6
	with:
	key: docker-release-${{ runner.os }}-${{ matrix.package }}

	- uses: dorny/paths-filter@v3
	name: check if any changes warrant a new build of goreleaser-cgo-cross-compiler
	id: changes
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	filters: \|
	src:
	- 'docker/goreleaser/**'
	-
	name: Set up Docker Buildx
	if: steps.changes.outputs.src == 'true'
	uses: docker/setup-buildx-action@v2
	with:
	driver-opts: network=host

	- name: Environment variables
	# TODO: this if block needs to be run on every step now, but should be fixed in a future version: https://github.com/actions/runner/issues/662
	if: steps.changes.outputs.src == 'true'
	uses: franzdiebold/github-env-vars-action@v1.0.0
	env:
	ACTIONS_ALLOW_UNSECURE_COMMANDS: true

	-
	name: Login to GitHub Container Registry
	if: steps.changes.outputs.src == 'true'
	uses: docker/login-action@v1
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	# we do this so we can use it in subseuqnet steps
	- name: Export latest tag name
	id: name-export
	run:
	echo "##[set-output name=TAG_NAME;]$(echo $LATEST_TAG_NAME)"
	env:
	LATEST_TAG_NAME: ghcr.io/synapsecns/sanguine-goreleaser:${{ hashFiles('docker/goreleaser/**') }}
	-
	name: Build and push
	if: steps.changes.outputs.src == 'true'
	uses: docker/build-push-action@v3
	with:
	context: .
	push: true
	file: ./docker/goreleaser/Dockerfile
	# TODO this needs to be versioned
	# Note: this automatically pushes the latest tag for sanguine-goreleaser even on branched workflows. While unlikely,
	# this could break local devnets that rely on working versions of this image and as such the latest tag should only be pushed on master
	# additionally, tags representing a specific version rather than the hash of the file should be considered for future use.
	tags: ghcr.io/synapsecns/sanguine-goreleaser:latest,${{ steps.name-export.outputs.TAG_NAME }}
	cache-from: type=registry,ref=ghcr.io/synapsecns/sanguine-goreleaser:buildcache
	cache-to: type=registry,ref=ghcr.io/synapsecns/sanguine-goreleaser:buildcache,mode=max

	# TODO: we should find a way for this not to be duplicated with go.yml
	changes:
	name: Change Detection
	runs-on: ubuntu-latest
	# see: https://stackoverflow.com/a/68414395
	if: ${{ format('refs/heads/{0}', github.event.repository.default_branch) == github.ref \|\| contains(github.event.head_commit.message, '[goreleaser]') }}
	outputs:
	# Expose matched filters as job 'packages' output variable
	packages: ${{ steps.filter_go.outputs.changed_modules_deps }}
	package_count: ${{ steps.length.outputs.FILTER_LENGTH }}
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- uses: docker://ghcr.io/synapsecns/sanguine/git-changes-action:latest
	id: filter_go
	with:
	github_token: ${{ secrets.WORKFLOW_PAT \|\| secrets.GITHUB_TOKEN }}

	- id: length
	run: \|
	export FILTER_LENGTH=$(echo $FILTERED_PATHS \| jq '. \| length')
	echo "##[set-output name=FILTER_LENGTH;]$(echo $FILTER_LENGTH)"
	env:
	FILTERED_PATHS: ${{ steps.filter_go.outputs.changed_modules_deps }}

	run-goreleaser:
	runs-on:
	- namespace-profile-fast-goreleaser
	needs: [build-goreleaser,changes]
	if: ${{ needs.changes.outputs.package_count > 0 }}
	permissions:
	id-token: write
	# always required
	packages: write
	# only required for private repos
	actions: read
	contents: write
	strategy:
	fail-fast: false
	matrix:
	# list of packages, if you update this update changes as well
	package: ${{ fromJSON(needs.changes.outputs.packages) }}
	container:
	image: ${{ needs.build-goreleaser.outputs.goreleaser-image }}
	env:
	NSC_CACHE_PATH: ${{ env.NSC_CACHE_PATH }} # env.NSC_CACHE_PATH contains the path to Cache Volume directory, that is `/cache`.
	volumes:
	- /repo
	- /cache:/cache
	options: --cap-add=SYS_ADMIN # Required to by nscloud-cache-action to call `mount`.

	steps:
	- name: Git Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: ${{ github.ref == 'refs/heads/master' && '0' \|\| '1' }}

	- name: Set up cache
	if: ${{ !contains(runner.name, 'nsc') }}
	uses: actions/cache@v4
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-${{matrix.package}}-${{ hashFiles(format('{0}/go.sum', matrix.package)) }}
	restore-keys: \|
	${{ runner.os }}-go-${{matrix.package}}

	- name: Setup Go cache
	uses: namespacelabs/nscloud-cache-action@v1
	if: ${{ contains(runner.name, 'nsc') }}
	with:
	cache: go

	- name: Get branch name
	id: branch-name
	uses: tj-actions/branch-names@v6

	- name: Bump version and push tag
	id: tag_version
	if: steps.branch-name.outputs.is_default == 'true'
	uses: mathieudutour/github-tag-action@v6.0
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}
	tag_prefix: ${{matrix.package}}/v
	release_branches: master
	fetch_all_tags: true

	- name: Tag Config
	run: git config --global --add safe.directory /__w/sanguine/sanguine

	-
	name: Fetch all tags
	if: steps.branch-name.outputs.is_default == 'true'
	run: git fetch --force --tags

	# get the tag we just created
	- name: Git Fetch Unshallow
	if: steps.branch-name.outputs.is_default == 'true'
	run: git fetch

	- name: Import GPG key
	uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5.2.0
	id: import_gpg
	with:
	gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.GPG_PASSPHRASE }}

	-
	name: Login to GitHub Container Registry
	uses: docker/login-action@v1
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Run GoReleaser (Release)
	if: steps.branch-name.outputs.is_default == 'true'
	run: goreleaser --timeout 900m --clean --debug -f ${{matrix.package}}/.goreleaser.yml
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	GONOSUM: '.*'
	GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
	GOGC: 2000
	GOMEMLIMIT: 6GiB
	GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}

	# use this to determine if we need goreleaser for a workflow
	- name: Check For Docker Images
	if: steps.branch-name.outputs.is_default != 'true'
	id: image_check
	run: \|
	# will be 0 if none present
	has_images=$(yq eval '.dockers != null' ${{matrix.package}}/.goreleaser.yml)
	echo "##[set-output name=has_images;]$(echo $has_images)"

	- name: Run GoReleaser (Snapshot)
	if: steps.branch-name.outputs.is_default != 'true' && steps.image_check.outputs.has_images == 'true'
	run: goreleaser --timeout 900m --snapshot --clean --debug -f ${{matrix.package}}/.goreleaser.yml
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	GONOSUM: '.*'
	GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
	GOGC: 20
	GOMEMLIMIT: 6GiB
	GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}

	- name: Get Project Name
	id: project_id
	run: \|
	project_name=$(yq '.project_name' ${{matrix.package}}/.goreleaser.yml)
	echo "##[set-output name=project_name;]$(echo $project_name)"

	- name: Push Docker Images (Snapshot)
	if: steps.branch-name.outputs.is_default != 'true' && steps.image_check.outputs.has_images == 'true'
	run: \|
	# Load the number of docker configurations
	docker_configs=$(yq e '.dockers \| length' dist/config.yaml)

	# Check if there are no docker configurations
	if [ "$docker_configs" -eq "0" ]; then
	echo "No docker images to push"
	exit 0
	fi

	# Iterate through each docker configuration
	i=0
	while [ "$i" -lt "$docker_configs" ]; do
	# Extract the first image template
	image_template=$(yq e ".dockers[$i].image_templates[0]" dist/config.yaml)

	# Extract the base name from the image template
	image_name=$(echo "$image_template" \| sed -E 's\|^(.*):[^:]+$\|\1\|')

	# Tag and push the docker image
	docker tag "$image_name:latest" "$image_name:${GITHUB_SHA}"
	docker push "$image_name:${GITHUB_SHA}"

	i=$((i + 1))
	done
	env:
	image_name: ${{ steps.project_id.outputs.project_name }}

	- name: Zip Artifacts (Snapshot)
	if: steps.branch-name.outputs.is_default != 'true' && steps.image_check.outputs.has_images == 'true'
	run: \|
	ls
	zip -rv ${{ steps.project_id.outputs.project_name }}.zip dist

	- name: Push Artifacts (Snapshot)
	if: steps.branch-name.outputs.is_default != 'true' && steps.image_check.outputs.has_images == 'true'
	uses: actions/upload-artifact@v4
	with:
	name: ${{steps.project_id.outputs.project_name}}.zip
	path: ${{steps.project_id.outputs.project_name}}.zip

	- name: Refresh Report Card
	if: steps.branch-name.outputs.is_default == 'true'
	working-directory: ${{matrix.package}}/
	run: \|
	module_name=$(go mod edit -json \| jq -r '.Module.Path')
	curl -X POST -F "repo=$module_name" https://goreportcard.com/checks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update validation message #15462

Workflow file

Update validation message #15462

Jobs

Run details

Workflow file for this run