Add OSSF scorecard action and minor README updates #62
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: pull_request | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Install Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: "^1.19" | |
| - name: Set up environment | |
| run: echo "GOVERSION=$(go version)" >> $GITHUB_ENV | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v5 | |
| with: | |
| version: latest | |
| args: build --snapshot --rm-dist | |
| - name: Tar up binaries | |
| # work around limitations in the upload/download artifact actions | |
| # https://github.com/actions/download-artifact#limitations | |
| run: tar -cvf dist.tar dist | |
| - name: Upload binaries tar file | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: dist.tar | |
| path: dist.tar | |
| buildimage: | |
| if: ${{ !startsWith(github.head_ref, 'dependabot/') }} | |
| strategy: | |
| matrix: | |
| binary: | |
| - go-cli-github | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Download binaries tar file | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: dist.tar | |
| - name: Untar binaries | |
| run: tar -xvf dist.tar | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker metadata | |
| # this id is namespaced per matrix run | |
| id: docker_metadata | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }}/${{ matrix.binary }} | |
| - name: Build and push ${{ matrix.binary }} container image | |
| id: docker_build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| push: true | |
| tags: ${{ steps.docker_metadata.outputs.tags }} | |
| labels: ${{ steps.docker_metadata.outputs.labels }} | |
| file: deploy/${{ matrix.binary }}/Dockerfile | |
| context: dist/${{ matrix.binary }}_linux_amd64_v1 |