actions/goreleaser-action
12
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser-action.git synced 2026-05-15 15:10:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: actions:master
Branches Tags
actions:master
actions:yargs
actions:gorelv2
actions:semver
actions:releases/v4
actions:releases/v3
actions:releases/v2
actions:releases/v1
actions:v7
actions:v7.2.1
actions:v7.2.0
actions:v7.1.0
actions:v7.0.0
actions:v6
actions:v6.4.0
actions:v6.3.0
actions:v6.2.1
actions:v6.2.0
actions:v6.1.0
actions:v6.0.0
actions:v5
actions:v5.1.0
actions:v5.0.0
actions:v4.6.0
actions:v4
actions:v4.5.0
actions:v4.4.0
actions:v4.3.0
actions:v4.2.0
actions:v4.1.1
actions:v4.1.0
actions:v4.0.0
actions:v3
actions:v3.2.0
actions:v3.1.0
actions:v3.0.0
actions:v2
actions:v2.9.1
actions:v2.9.0
actions:v2.8.1
actions:v2.8.0
actions:v2.7.0
actions:v2.6.1
actions:v2.6.0
actions:v2.5.0
actions:v2.4.1
actions:v2.4.0
actions:v2.3.0
actions:v2.2.1
actions:v2.2.0
actions:v2.1.1
actions:v2.1.0
actions:v2.0.2
actions:v2.0.1
actions:v1
actions:v1.5.1
actions:v2.0.0
actions:v1.5.0
actions:v1.4.0
actions:v1.3.1
actions:v1.3.0
actions:v1.2.1
actions:v1.2.0
actions:v1.1.0
actions:v1.0.2
actions:v1.0.1
actions:v1.0.0
actions:v0.4.0
actions:v0.3.0
actions:v0.2.2
actions:v0.2.1
actions:v0.2.0
actions:v0.1.0
..
compare: actions:v2.9.0
Branches Tags
actions:master
actions:yargs
actions:gorelv2
actions:semver
actions:releases/v4
actions:releases/v3
actions:releases/v2
actions:releases/v1
actions:v7
actions:v7.2.1
actions:v7.2.0
actions:v7.1.0
actions:v7.0.0
actions:v6
actions:v6.4.0
actions:v6.3.0
actions:v6.2.1
actions:v6.2.0
actions:v6.1.0
actions:v6.0.0
actions:v5
actions:v5.1.0
actions:v5.0.0
actions:v4.6.0
actions:v4
actions:v4.5.0
actions:v4.4.0
actions:v4.3.0
actions:v4.2.0
actions:v4.1.1
actions:v4.1.0
actions:v4.0.0
actions:v3
actions:v3.2.0
actions:v3.1.0
actions:v3.0.0
actions:v2
actions:v2.9.1
actions:v2.9.0
actions:v2.8.1
actions:v2.8.0
actions:v2.7.0
actions:v2.6.1
actions:v2.6.0
actions:v2.5.0
actions:v2.4.1
actions:v2.4.0
actions:v2.3.0
actions:v2.2.1
actions:v2.2.0
actions:v2.1.1
actions:v2.1.0
actions:v2.0.2
actions:v2.0.1
actions:v1
actions:v1.5.1
actions:v2.0.0
actions:v1.5.0
actions:v1.4.0
actions:v1.3.1
actions:v1.3.0
actions:v1.2.1
actions:v1.2.0
actions:v1.1.0
actions:v1.0.2
actions:v1.0.1
actions:v1.0.0
actions:v0.4.0
actions:v0.3.0
actions:v0.2.2
actions:v0.2.1
actions:v0.2.0
actions:v0.1.0

No commits in common. "master" and "v2.9.0" have entirely different histories.
master ... v2.9.0

45 changed files with 18160 additions and 7577 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.dockerignore
View file

@ -1,12 +1,2 @@
/coverage
# Dependency directories
node_modules/
jspm_packages/
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*
/node_modules

3
.eslintignore
View file

@ -1,3 +0,0 @@
/dist/**
/coverage/**
/node_modules/**

24
.eslintrc.json
View file

@ -1,24 +0,0 @@
{
"env": {
"node": true,
"es6": true,
"jest": true
},
"extends": [
"eslint:recommended",
"plugin:@typescript-eslint/eslint-recommended",
"plugin:@typescript-eslint/recommended",
"plugin:jest/recommended",
"plugin:prettier/recommended"
],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": "latest",
"sourceType": "module"
},
"plugins": [
"@typescript-eslint",
"jest",
"prettier"
]
}

4
.gitattributes vendored
View file

@ -1,2 +1,2 @@
/dist/** linguist-generated=true -diff
/lib/** linguist-generated=true -diff
/dist/** linguist-generated=true
/lib/** linguist-generated=true

22
.github/dependabot.yml vendored
View file

@ -3,28 +3,18 @@ updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: monthly
interval: "daily"
time: "06:00"
timezone: "Europe/Paris"
labels:
- "dependencies"
commit-message:
prefix: "ci"
include: "scope"
groups:
actions:
patterns:
- "*"
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: monthly
interval: "daily"
time: "06:00"
timezone: "Europe/Paris"
allow:
- dependency-type: "production"
labels:
- "dependencies"
commit-message:
prefix: "chore"
include: "scope"
groups:
npm:
patterns:
- "*"

179
.github/workflows/ci.yml vendored
View file

@ -1,17 +1,8 @@
name: ci
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
contents: read
on:
schedule:
- cron: '0 10 * * *'
workflow_dispatch:
- cron: '0 10 * * *' # everyday at 10am
push:
branches:
- 'master'
@ -19,6 +10,9 @@ on:
tags:
- 'v*'
pull_request:
branches:
- 'master'
- 'releases/v*'
jobs:
ci:
@ -28,30 +22,34 @@ jobs:
matrix:
os:
- ubuntu-latest
- macos-latest
- macOS-latest
- windows-latest
version:
- latest
- '~> 2.13'
- '~> 0.182'
distribution:
- goreleaser
- goreleaser-pro
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
-
name: Set up Go
uses: actions/setup-go@v2
with:
go-version: stable
- name: Check
go-version: 1.16
-
name: Check
uses: ./
with:
version: ${{ matrix.version }}
args: check --verbose
args: check --debug
workdir: ./test
- name: GoReleaser
-
name: GoReleaser
if: ${{ !(github.event_name == 'pull_request' && matrix.distribution == 'goreleaser-pro') }}
uses: ./
env:
@ -59,7 +57,7 @@ jobs:
with:
distribution: ${{ matrix.distribution }}
version: ${{ matrix.version }}
args: release --skip=publish --clean --snapshot
args: release --skip-publish --rm-dist
workdir: ./test
install-only:
@ -69,36 +67,34 @@ jobs:
matrix:
version:
- latest
- '~> 2.13'
- '~> 0.166'
distribution:
- goreleaser
- goreleaser-pro
cosign:
- true
- false
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
-
name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.18
- name: Install cosign
if: matrix.cosign
uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
- name: GoReleaser
go-version: 1.16
-
name: GoReleaser
if: ${{ !(github.event_name == 'pull_request' && matrix.distribution == 'goreleaser-pro') }}
uses: ./
with:
distribution: ${{ matrix.distribution }}
version: ${{ matrix.version }}
install-only: true
- name: Check
-
name: Check
if: ${{ !(github.event_name == 'pull_request' && matrix.distribution == 'goreleaser-pro') }}
run: |
goreleaser check --verbose
goreleaser check --debug
signing:
runs-on: ${{ matrix.os }}
@ -108,36 +104,41 @@ jobs:
matrix:
os:
- ubuntu-latest
- macos-latest
- macOS-latest
- windows-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
-
name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.18
- name: Import GPG key
go-version: 1.16
-
name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY_TEST }}
passphrase: ${{ secrets.PASSPHRASE_TEST }}
- name: Check
-
name: Check
uses: ./
with:
version: latest
args: -f .goreleaser-signing.yml check --verbose
args: -f .goreleaser-signing.yml check --debug
workdir: ./test
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
- name: GoReleaser
-
name: GoReleaser
uses: ./
with:
version: latest
args: -f .goreleaser-signing.yml release --skip=publish --clean --snapshot
args: -f .goreleaser-signing.yml release --skip-publish --rm-dist
workdir: ./test
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
@ -145,81 +146,31 @@ jobs:
upload-artifact:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
-
name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.18
- name: Check
go-version: 1.16
-
name: Check
uses: ./
with:
args: check --verbose
args: check --debug
workdir: ./test
- name: GoReleaser
-
name: GoReleaser
uses: ./
with:
args: release --skip=publish --clean --snapshot
args: release --skip-publish --rm-dist
workdir: ./test
- name: Upload assets
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
-
name: Upload assets
uses: actions/upload-artifact@v2
with:
name: myapp
path: ./test/dist/*
dist:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version: 1.18
- name: GoReleaser
uses: ./
with:
args: release --config .goreleaser-dist.yml --skip=publish --clean --snapshot
workdir: ./test
- name: Check dist
run: |
tree -nh ./test/_output
nightly:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- macos-latest
- windows-latest
distribution:
- goreleaser-pro
- goreleaser
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version: 1.18
- name: GoReleaser
uses: ./
with:
install-only: true
distribution: ${{ matrix.distribution }}
version: nightly
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check
run: |
goreleaser check -f ./test/.goreleaser.yml
goreleaser --version
goreleaser --version | grep nightly

42
.github/workflows/release-major-tag.yml vendored
View file

@ -1,42 +0,0 @@
name: release major tag
run-name: Move ${{ github.event.inputs.major_version }} to ${{ github.event.inputs.target }}
on:
workflow_dispatch:
inputs:
target:
description: The tag, branch, or SHA the major version should point to (e.g. v7.1.0)
required: true
major_version:
type: choice
description: The major version tag to move
options:
- v7
- v6
- v5
- v4
- v3
- v2
- v1
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
contents: write
jobs:
tag:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Git config
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
- name: Move ${{ github.event.inputs.major_version }} to ${{ github.event.inputs.target }}
run: git tag -f ${{ github.event.inputs.major_version }} ${{ github.event.inputs.target }}
- name: Push
run: git push origin ${{ github.event.inputs.major_version }} --force

44
.github/workflows/test.yml vendored
View file

@ -1,42 +1,36 @@
name: test
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
contents: read
on:
push:
branches:
- 'master'
- 'releases/v*'
pull_request:
branches:
- 'master'
- 'releases/v*'
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Setup Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
-
name: Validate
uses: docker/bake-action@v1
with:
node-version-file: '.node-version'
cache: npm
- name: Install cosign
uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
- name: Install dependencies
run: npm ci
- name: Test
run: npm test
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
targets: validate
-
name: Test
uses: docker/bake-action@v1
with:
files: ./coverage/clover.xml
targets: test
-
name: Upload coverage
uses: codecov/codecov-action@v2
with:
file: ./coverage/clover.xml

83
.github/workflows/validate.yml vendored
View file

@ -1,83 +0,0 @@
name: validate
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
contents: read
on:
push:
branches:
- 'master'
- 'releases/v*'
pull_request:
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version-file: '.node-version'
cache: npm
- name: Install dependencies
run: npm ci
- name: Format check
run: npm run format-check
- name: Lint
run: npm run lint
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.0.0
with:
node-version-file: '.node-version'
cache: npm
- name: Install dependencies
run: npm ci --ignore-scripts
- name: Rebuild dist
run: npm run build
- name: Compare dist
id: diff
run: |
if [ "$(git diff --ignore-space-at-eol dist | wc -l)" -gt "0" ]; then
echo "Detected uncommitted changes after build. Run 'npm run build' and commit dist/." >&2
git diff dist
exit 1
fi
- name: Upload built dist on failure
if: ${{ failure() && steps.diff.conclusion == 'failure' }}
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: dist
path: dist
vendor:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.0.0
with:
node-version-file: '.node-version'
cache: npm
- name: Refresh package-lock.json
run: npm install --package-lock-only
- name: Compare package-lock.json
run: |
if [ -n "$(git status --porcelain -- package-lock.json)" ]; then
echo "package-lock.json is out of sync with package.json. Run 'npm install' and commit." >&2
git diff package-lock.json
exit 1
fi

71
.gitignore vendored
View file

@ -1,11 +1,19 @@
# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
/.dev
node_modules/
lib
# Jetbrains
/.idea
/*.iml
# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
.pnpm-debug.log*
# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@ -16,14 +24,34 @@ pids
*.seed
*.pid.lock
# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov
# Coverage directory used by tools like istanbul
coverage
*.lcov
# nyc test coverage
.nyc_output
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt
# Bower dependency directory (https://bower.io/)
bower_components
# node-waf configuration
.lock-wscript
# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release
# Dependency directories
node_modules/
jspm_packages/
# TypeScript v1 declaration files
typings/
# TypeScript cache
*.tsbuildinfo
@ -33,11 +61,36 @@ jspm_packages/
# Optional eslint cache
.eslintcache
# Optional REPL history
.node_repl_history
# dotenv environment variable files
# Output of 'npm pack'
*.tgz
# Yarn Integrity file
.yarn-integrity
# dotenv environment variables file
.env
.env.development.local
.env.test.local
.env.production.local
.env.local
provenance.json
.env.test
# parcel-bundler cache (https://parceljs.org/)
.cache
# next.js build output
.next
# nuxt.js build output
.nuxt
# vuepress build output
.vuepress/dist
# Serverless directories
.serverless/
# FuseBox cache
.fusebox/
# DynamoDB Local files
.dynamodb/

15
.kodiak.toml Normal file
View file

@ -0,0 +1,15 @@
version = 1
[merge]
automerge_label = "automerge"
blacklist_title_regex = "^WIP.*"
method = "squash"
delete_branch_on_merge = true
block_on_reviews_requested = false
notify_on_conflict = true
optimistic_updates = true
[merge.message]
title = "pull_request_title"
include_pr_number = true
body_type = "markdown"

1
.node-version
View file

@ -1 +0,0 @@
24

6
.prettierignore
View file

@ -1,6 +0,0 @@
# Dependency directories
node_modules/
jspm_packages/
# yarn v2
.yarn/

89
CONTRIBUTING.md
View file

@ -1,89 +0,0 @@
# Contributing
Thanks for your interest in contributing!
## Prerequisites
- [Node.js](https://nodejs.org/) — version pinned in [`.node-version`](./.node-version).
Tools like [`nvm`](https://github.com/nvm-sh/nvm), [`fnm`](https://github.com/Schniz/fnm),
[`asdf`](https://asdf-vm.com/), or [`mise`](https://mise.jdx.dev/) read this file
automatically.
- [`cosign`](https://docs.sigstore.dev/cosign/installation/) — only required if you
want to run the signature-verification integration tests locally.
## Setup
```sh
npm ci
```
## Pre-commit checklist
Before committing changes to `src/`, `__tests__/`, `package.json`,
`package-lock.json`, or `action.yml`:
```sh
npm run pre-checkin
```
That runs `format` + `build` + `test` — the same checks CI runs.
Then commit `dist/` along with your source changes; the action runtime loads
`dist/index.js` directly, so it must stay in sync.
If CI's `validate / build` job fails because `dist/` differs from a fresh
build, just download the `dist` artifact from the failed run and commit it —
or rerun `npm run build` locally with the Node version in `.node-version`.
## npm scripts
| Script | Purpose |
| ------------------- | ------------------------------------------------ |
| `npm run build` | Bundle `src/` to `dist/index.js` via `ncc` |
| `npm run format` | Run Prettier (write) |
| `npm run format-check` | Run Prettier (check only, used in CI) |
| `npm run lint` | Run ESLint (check only, used in CI) |
| `npm run lint:fix` | Run ESLint with `--fix` |
| `npm test` | Run Jest with coverage |
| `npm run pre-checkin` | `format` + `lint:fix` + `build` + `test` |
## Tests
`npm test` runs the full Jest suite, including integration tests that:
- Download real GoReleaser releases from GitHub
- Verify `checksums.txt` against the downloaded archive
- Verify the cosign sigstore bundle (skipped if `cosign` isn't on `PATH`,
but the CI image always has it installed)
These need outbound network access. Offline / restrictive-proxy runs will
have those tests fail — that's expected.
## Commit messages
Use [Conventional Commits](https://www.conventionalcommits.org/) (`feat:`,
`fix:`, `test:`, `docs:`, `chore:`, `ci:`, …). Keep the subject ≤72 chars.
## Pull requests
- Target `master`.
- Make sure `npm run pre-checkin` passes.
- One logical change per PR is easier to review.
- The `signing` CI job and `goreleaser-pro` matrix entries are skipped on PRs
from forks because they need repository secrets — that's expected and not
something you need to fix.
## Releasing (maintainers)
1. Create a new GitHub Release with a semver tag (e.g. `v7.1.0`) — either
through the UI or `gh release create v7.1.0 --generate-notes`.
2. Once the release exists, run the [**release major tag**](./.github/workflows/release-major-tag.yml)
workflow from the Actions tab:
- `target`: the new tag (e.g. `v7.1.0`)
- `major_version`: the major version to repoint (e.g. `v7`)
This force-pushes the major tag to the new release so consumers using
`goreleaser/goreleaser-action@v7` pick up the change.
The same workflow doubles as a rollback tool — pass an older tag as
`target` to revert the major.

153
README.md
View file

@ -5,7 +5,7 @@
<p align="center">
<a href="https://github.com/goreleaser/goreleaser-action/releases/latest"><img alt="GitHub release" src="https://img.shields.io/github/release/goreleaser/goreleaser-action.svg?logo=github&style=flat-square"></a>
<a href="https://github.com/marketplace/actions/goreleaser-action"><img alt="GitHub marketplace" src="https://img.shields.io/badge/marketplace-goreleaser--action-blue?logo=github&style=flat-square"></a>
<a href="https://github.com/goreleaser/goreleaser-action/actions?workflow=test"><img alt="Test workflow" src="https://img.shields.io/github/actions/workflow/status/goreleaser/goreleaser-action/test.yml?label=test&branch=master&logo=github&style=flat-square"></a>
<a href="https://github.com/goreleaser/goreleaser-action/actions?workflow=test"><img alt="Test workflow" src="https://img.shields.io/github/workflow/status/goreleaser/goreleaser-action/test?label=test&logo=github&style=flat-square"></a>
<a href="https://codecov.io/gh/goreleaser/goreleaser-action"><img alt="Codecov" src="https://img.shields.io/codecov/c/github/goreleaser/goreleaser-action?logo=codecov&style=flat-square"></a>
</p>
</p>
@ -16,7 +16,6 @@ ___
* [Usage](#usage)
* [Workflow](#workflow)
* [Verification](#verification)
* [Run on new tag](#run-on-new-tag)
* [Signing](#signing)
* [Upload artifacts](#upload-artifacts)
@ -31,12 +30,6 @@ ___
## Usage
GoReleaser Action runs [goreleaser][], please follow its [docs][gdocs] for
more information about how to customize what GoReleaser does.
[goreleaser]: https://goreleaser.com/
[gdocs]: https://goreleaser.com/customization
### Workflow
```yaml
@ -46,30 +39,26 @@ on:
pull_request:
push:
permissions:
contents: write
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v2
with:
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@v6
uses: actions/setup-go@v2
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v7
uses: goreleaser/goreleaser-action@v2
with:
# either 'goreleaser' (default) or 'goreleaser-pro'
distribution: goreleaser
# 'latest', 'nightly', or a semver
version: '~> v2'
args: release --clean
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution
@ -78,49 +67,6 @@ jobs:
> **IMPORTANT**: note the `fetch-depth: 0` input in `Checkout` step. It is required for the changelog to work correctly.
### Verification
The action verifies the integrity of the downloaded GoReleaser archive
against the published `checksums.txt` automatically — no configuration
required.
If [`cosign`](https://docs.sigstore.dev/cosign/) is available on `PATH`, the
action will additionally verify the cosign sigstore signature of the
checksums file against the GoReleaser release workflow's OIDC identity. If
`cosign` isn't installed, this step is silently skipped.
> **Note**: cosign signature verification requires GoReleaser **v2.13.0 or
> newer** (and the matching `nightly`). Earlier releases ship a `.sig`
> detached signature signed with cosign v2, which is not compatible with
> the cosign v3 sigstore-bundle format the action verifies. For older
> versions the cosign step is silently skipped — only the `checksums.txt`
> SHA-256 verification runs.
> **Note**: when `version: nightly` is used, the action resolves the
> latest immutable `vX.Y.Z-<sha>-nightly` release from the GitHub
> Releases API. Pass `GITHUB_TOKEN` to the action step (as in the example
> above) to avoid unauthenticated API rate limits.
To enable signature verification, install cosign before running the action:
```yaml
-
name: Install cosign
uses: sigstore/cosign-installer@v3
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v7
with:
distribution: goreleaser
version: '~> v2'
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```
Both checksum and signature verification work for tagged releases (≥ v2.13.0)
and the `nightly` channel.
### Run on new tag
If you want to run GoReleaser only on new tag, you can use this event:
@ -137,11 +83,11 @@ Or with a condition on GoReleaser step:
```yaml
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v7
uses: goreleaser/goreleaser-action@v2
if: startsWith(github.ref, 'refs/tags/')
with:
version: '~> v2'
args: release --clean
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```
@ -157,16 +103,16 @@ the [Import GPG](https://github.com/crazy-max/ghaction-import-gpg) GitHub Action
-
name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v7
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v7
uses: goreleaser/goreleaser-action@v2
with:
version: '~> v2'
args: release --clean
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
@ -183,24 +129,23 @@ signs:
### Upload artifacts
For some events like pull request or schedule you might want to store the artifacts somewhere for testing
purposes. You can do that with the [actions/upload-artifact](https://github.com/actions/upload-artifact) action:
purpose. You can do that with the [actions/upload-artifact](https://github.com/actions/upload-artifact) action:
```yaml
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v7
uses: goreleaser/goreleaser-action@v2
with:
version: '~> v2'
args: release --clean
workdir: myfolder
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
name: Upload assets
uses: actions/upload-artifact@v6
uses: actions/upload-artifact@v2
with:
name: myapp
path: myfolder/dist/*
path: dist/*
```
### Install Only
@ -209,7 +154,7 @@ purposes. You can do that with the [actions/upload-artifact](https://github.com/
steps:
-
name: Install GoReleaser
uses: goreleaser/goreleaser-action@v7
uses: goreleaser/goreleaser-action@v2
with:
install-only: true
-
@ -226,46 +171,29 @@ Following inputs can be used as `step.with` keys
| Name | Type | Default | Description |
|------------------|---------|--------------|------------------------------------------------------------------|
| `distribution` | String | `goreleaser` | GoReleaser distribution, either `goreleaser` or `goreleaser-pro` |
| `version`**Âą** | String | `~> v2` | GoReleaser version |
| `version-file`**²** | String | | Read the GoReleaser version from a file (see below) |
| `version`**Âą** | String | `latest` | GoReleaser version |
| `args` | String | | Arguments to pass to GoReleaser |
| `workdir` | String | `.` | Working directory (below repository root) |
| `install-only` | Bool | `false` | Just install GoReleaser |
> **Âą** Can be a fixed version like `v0.117.0` or a max satisfying semver one like `~> 0.132`. In this case this will return `v0.132.1`.
>
> **²** Path to a file containing the GoReleaser version. Resolved relative
> to `workdir`. Currently only [`.tool-versions`](https://asdf-vm.com/manage/configuration.html#tool-versions)
> (asdf/mise) format is supported. When set, this takes precedence over `version`.
>
> ```yaml
> # .tool-versions
> goreleaser 2.13.0
> ```
>
> ```yaml
> - uses: goreleaser/goreleaser-action@v7
> with:
> version-file: .tool-versions
> args: release --clean
> ```
### outputs
Following outputs are available
| Name | Type | Description |
|-------------|------|------------------------|
| `artifacts` | JSON | Build result artifacts |
| `metadata` | JSON | Build result metadata |
| Name | Type | Description |
|-------------------|---------|---------------------------------------|
| `artifacts` | JSON | Build result artifacts |
| `metadata` | JSON | Build result metadata |
### environment variables
Following environment variables can be used as `step.env` keys
| Name | Description |
|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
| `GITHUB_TOKEN` | [GITHUB_TOKEN](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token) as provided by `secrets` and requires `contents:write` |
| Name | Description |
|------------------|---------------------------------------|
| `GITHUB_TOKEN` | [GITHUB_TOKEN](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token) as provided by `secrets` |
| `GORELEASER_KEY` | Your [GoReleaser Pro](https://goreleaser.com/pro) License Key, in case you are using the `goreleaser-pro` distribution |
## Limitation
@ -280,30 +208,25 @@ secret named `GH_PAT`, the step will look like this:
```yaml
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v7
uses: goreleaser/goreleaser-action@v2
with:
version: '~> v2'
args: release --clean
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GH_PAT }}
```
## Migrating from v3
If you need the auto-snapshot feature, take a look at [this example repository](https://github.com/caarlos0/goreleaser-action-v4-auto-snapshot-example): it's a minimal working example with all you need.
## Development
See [CONTRIBUTING.md](./CONTRIBUTING.md) for the full development workflow.
Quick reference:
```
# install dependencies
npm ci
# format code and build javascript artifacts
docker buildx bake pre-checkin
# format, build dist/, and run tests
npm run pre-checkin
# validate all code has correctly formatted and built
docker buildx bake validate
# run tests
docker buildx bake test
```
## License

31
__tests__/context.test.ts Normal file
View file

@ -0,0 +1,31 @@
import * as os from 'os';
import * as context from '../src/context';
describe('setOutput', () => {
beforeEach(() => {
process.stdout.write = jest.fn();
});
it('setOutput produces the correct command', () => {
context.setOutput('some output', 'some value');
assertWriteCalls([`::set-output name=some output::some value${os.EOL}`]);
});
it('setOutput handles bools', () => {
context.setOutput('some output', false);
assertWriteCalls([`::set-output name=some output::false${os.EOL}`]);
});
it('setOutput handles numbers', () => {
context.setOutput('some output', 1.01);
assertWriteCalls([`::set-output name=some output::1.01${os.EOL}`]);
});
});
// Assert that process.stdout.write calls called only with the given arguments.
function assertWriteCalls(calls: string[]): void {
expect(process.stdout.write).toHaveBeenCalledTimes(calls.length);
for (let i = 0; i < calls.length; i++) {
expect(process.stdout.write).toHaveBeenNthCalledWith(i + 1, calls[i]);
}
}

30
__tests__/git.test.ts Normal file
View file

@ -0,0 +1,30 @@
import * as git from '../src/git';
describe('git', () => {
it('returns git tag through describe', async () => {
process.env.GITHUB_SHA = '309312125ed7a32fcd48f3a1e24dcafe669c186a';
const tag: string = await git.getTag();
console.log(`tag: ${tag}`);
expect(tag).not.toEqual('');
});
it('returns git tag through GITHUB_SHA', async () => {
process.env.GITHUB_SHA = '6389ff5bd287fd6948a7ccda8af8da4f0bbc856a';
const tag: string = await git.getTag();
console.log(`tag: ${tag}`);
expect(tag).toEqual('v2.2.1');
});
it('returns git tag through GITHUB_REF', async () => {
process.env.GITHUB_REF = 'refs/tags/v2.2.1';
const tag: string = await git.getTag();
console.log(`tag: ${tag}`);
expect(tag).toEqual('v2.2.1');
});
it('checks if tag is dirty', async () => {
expect(await git.isTagDirty('v1.3.1')).toBe(true);
});
it('returns short commit', async () => {
const commit: string = await git.getShortCommit();
console.log(`commit: ${commit}`);
expect(commit).not.toEqual('');
});
});

80
__tests__/github.test.ts
View file

@ -1,106 +1,34 @@
import {describe, expect, it} from '@jest/globals';
import * as github from '../src/github';
describe('getRelease', () => {
describe('github', () => {
it('returns latest GoReleaser GitHub release', async () => {
const release = await github.getRelease('goreleaser', 'latest');
expect(release).not.toBeNull();
expect(release?.tag_name).not.toEqual('');
});
it('returns v0.182.0 GoReleaser GitHub release', async () => {
const release = await github.getRelease('goreleaser', 'v0.182.0');
expect(release).not.toBeNull();
expect(release?.tag_name).toEqual('v0.182.0');
});
it('returns v0.182.1 GoReleaser GitHub release', async () => {
const release = await github.getRelease('goreleaser', '~> 0.182');
expect(release).not.toBeNull();
expect(release?.tag_name).toEqual('v0.182.1');
});
it('unknown GoReleaser release', async () => {
await expect(github.getRelease('goreleaser', 'foo')).rejects.toThrow(
new Error('Cannot find GoReleaser release foo in https://goreleaser.com/releases.json')
);
});
it('returns latest GoReleaser Pro GitHub release', async () => {
const release = await github.getRelease('goreleaser-pro', 'latest');
expect(release).not.toBeNull();
expect(release?.tag_name).not.toEqual('');
});
it('returns latest v1 GoReleaser Pro GitHub release', async () => {
const release = await github.getRelease('goreleaser-pro', '~> v1');
expect(release).not.toBeNull();
expect(release?.tag_name).not.toEqual('');
});
it('returns latest v1 GoReleaser GitHub release', async () => {
const release = await github.getRelease('goreleaser', '~> v1');
expect(release).not.toBeNull();
expect(release?.tag_name).not.toEqual('');
});
it('returns latest v2 GoReleaser Pro GitHub release', async () => {
const release = await github.getRelease('goreleaser-pro', '~> v2');
expect(release).not.toBeNull();
expect(release?.tag_name).not.toEqual('');
});
it('returns latest v2 GoReleaser GitHub release', async () => {
const release = await github.getRelease('goreleaser', '~> v2');
expect(release).not.toBeNull();
expect(release?.tag_name).not.toEqual('');
});
it('resolves nightly to a <version>-<sha>-nightly release for OSS GoReleaser', async () => {
const release = await github.getRelease('goreleaser', 'nightly');
expect(release).not.toBeNull();
expect(release.tag_name).toMatch(github.nightlyTagRegex);
});
it('resolves nightly to a <version>-<sha>-nightly release for GoReleaser Pro', async () => {
const release = await github.getRelease('goreleaser-pro', 'nightly');
expect(release).not.toBeNull();
expect(release.tag_name).toMatch(github.nightlyTagRegex);
});
it('returns v0.182.0 GoReleaser Pro GitHub release', async () => {
const release = await github.getRelease('goreleaser-pro', 'v0.182.0');
it('returns v0.182.0-pro GoReleaser Pro GitHub release', async () => {
const release = await github.getRelease('goreleaser-pro', 'v0.182.0-pro');
expect(release).not.toBeNull();
expect(release?.tag_name).toEqual('v0.182.0-pro');
});
it('returns v0.182.1 GoReleaser Pro GitHub release', async () => {
it('returns v0.182.1-pro GoReleaser Pro GitHub release when using semver', async () => {
const release = await github.getRelease('goreleaser-pro', '~> 0.182');
expect(release).not.toBeNull();
expect(release?.tag_name).toEqual('v0.182.1-pro');
});
it('returns v2.7.0 GoReleaser Pro GitHub release', async () => {
const release = await github.getRelease('goreleaser-pro', '~> v2.7');
expect(release).not.toBeNull();
expect(release?.tag_name).toEqual('v2.7.0');
});
it('skips JSON check for specific version v2.8.1', async () => {
const release = await github.getRelease('goreleaser', 'v2.8.1');
expect(release).not.toBeNull();
expect(release?.tag_name).toEqual('v2.8.1');
});
it('skips JSON check for specific version without v prefix', async () => {
const release = await github.getRelease('goreleaser', '2.8.1');
expect(release).not.toBeNull();
expect(release?.tag_name).toEqual('v2.8.1');
});
it('unknown GoReleaser Pro release', async () => {
await expect(github.getRelease('goreleaser-pro', 'foo')).rejects.toThrow(
new Error('Cannot find GoReleaser release foo in https://goreleaser.com/releases-pro.json')
);
});
});

148
__tests__/goreleaser.test.ts
View file

@ -1,55 +1,19 @@
import {describe, expect, it} from '@jest/globals';
import * as fs from 'fs';
import * as os from 'os';
import * as path from 'path';
import * as io from '@actions/io';
import * as goreleaser from '../src/goreleaser';
describe('install', () => {
it('acquires v0.182.0 version of GoReleaser', async () => {
const bin = await goreleaser.install('goreleaser', 'v0.182.0');
expect(fs.existsSync(bin)).toBe(true);
}, 100000);
it('acquires latest version of GoReleaser', async () => {
const bin = await goreleaser.install('goreleaser', 'latest');
expect(fs.existsSync(bin)).toBe(true);
}, 100000);
it('acquires latest v2 version of GoReleaser', async () => {
const bin = await goreleaser.install('goreleaser', '~> v2');
expect(fs.existsSync(bin)).toBe(true);
}, 100000);
// The following pinned versions exercise install across release eras to
// guard against regressions in checksum handling and the cosign skip path:
// - v0.182.0 : pre-checksums-signing era
// - v1.26.2 : cosign v2 detached `.sig` only
// - v2.12.4 : last release before sigstore bundles (cosign skipped)
// - v2.13.0 : first release with cosign v3 sigstore bundle
// - v2.15.3 : recent release with sigstore bundle
it('acquires v0.182.0 (pre-signing) version of GoReleaser', async () => {
const bin = await goreleaser.install('goreleaser', 'v0.182.0');
expect(fs.existsSync(bin)).toBe(true);
}, 100000);
it('acquires v1.26.2 (cosign v2 .sig) version of GoReleaser', async () => {
const bin = await goreleaser.install('goreleaser', 'v1.26.2');
expect(fs.existsSync(bin)).toBe(true);
}, 100000);
it('acquires v2.12.4 (last pre-sigstore-bundle) version of GoReleaser', async () => {
const bin = await goreleaser.install('goreleaser', 'v2.12.4');
expect(fs.existsSync(bin)).toBe(true);
}, 100000);
it('acquires v2.13.0 (minimum cosign-verifiable) version of GoReleaser', async () => {
const bin = await goreleaser.install('goreleaser', 'v2.13.0');
expect(fs.existsSync(bin)).toBe(true);
}, 100000);
it('acquires v2.15.3 (recent sigstore-bundle) version of GoReleaser', async () => {
const bin = await goreleaser.install('goreleaser', 'v2.15.3');
expect(fs.existsSync(bin)).toBe(true);
}, 100000);
it('acquires latest v2 version of GoReleaser Pro', async () => {
const bin = await goreleaser.install('goreleaser-pro', '~> v2');
it('acquires v0.182.0-pro version of GoReleaser Pro', async () => {
const bin = await goreleaser.install('goreleaser-pro', 'v0.182.0-pro');
expect(fs.existsSync(bin)).toBe(true);
}, 100000);
@ -63,105 +27,7 @@ describe('distribSuffix', () => {
it('suffixes pro distribution', async () => {
expect(goreleaser.distribSuffix('goreleaser-pro')).toEqual('-pro');
});
it('does not suffix oss distribution', async () => {
expect(goreleaser.distribSuffix('goreleaser')).toEqual('');
});
});
describe('findChecksum', () => {
const sample = [
'*malformed-line',
'',
'abc123 goreleaser_Linux_x86_64.tar.gz',
'def456 *goreleaser_Darwin_all.tar.gz',
'789xyz checksums.txt'
].join('\n');
it('finds a checksum by filename', () => {
expect(goreleaser.findChecksum(sample, 'goreleaser_Linux_x86_64.tar.gz')).toEqual('abc123');
});
it('strips a leading asterisk on the filename (binary mode)', () => {
expect(goreleaser.findChecksum(sample, 'goreleaser_Darwin_all.tar.gz')).toEqual('def456');
});
it('returns undefined when not present', () => {
expect(goreleaser.findChecksum(sample, 'missing.tar.gz')).toBeUndefined();
});
});
describe('getCertificateIdentity', () => {
it('returns the OSS workflow identity for tagged releases', () => {
expect(goreleaser.getCertificateIdentity('goreleaser', 'v2.15.3')).toEqual(
'https://github.com/goreleaser/goreleaser/.github/workflows/release.yml@refs/tags/v2.15.3'
);
});
it('returns the Pro internal workflow identity for tagged releases', () => {
expect(goreleaser.getCertificateIdentity('goreleaser-pro', 'v2.15.3')).toEqual(
'https://github.com/goreleaser/goreleaser-pro-internal/.github/workflows/release-pro.yml@refs/tags/v2.15.3'
);
});
it('uses nightly-oss.yml@refs/heads/main for OSS nightly tag', () => {
expect(goreleaser.getCertificateIdentity('goreleaser', 'v2.16.0-abc1234-nightly')).toEqual(
'https://github.com/goreleaser/goreleaser/.github/workflows/nightly-oss.yml@refs/heads/main'
);
});
it('uses nightly-pro.yml@refs/heads/main for Pro nightly tag', () => {
expect(goreleaser.getCertificateIdentity('goreleaser-pro', 'v2.16.0-eaeb08c50-nightly')).toEqual(
'https://github.com/goreleaser/goreleaser-pro-internal/.github/workflows/nightly-pro.yml@refs/heads/main'
);
});
});
describe('verifyChecksum', () => {
const requireCosign = async (): Promise<void> => {
const cosign = await io.which('cosign', false);
if (!cosign) {
throw new Error(
'cosign must be installed in PATH to run this integration test (apk add cosign / sigstore/cosign-installer)'
);
}
};
it('verifies a tagged OSS release end-to-end with cosign', async () => {
await requireCosign();
const bin = await goreleaser.install('goreleaser', 'v2.15.3');
expect(fs.existsSync(bin)).toBe(true);
}, 120000);
it('verifies the OSS nightly release end-to-end with cosign', async () => {
await requireCosign();
const bin = await goreleaser.install('goreleaser', 'nightly');
expect(fs.existsSync(bin)).toBe(true);
}, 120000);
it('installs a pre-v2.13 release (no sigstore bundle) without failing when cosign is present', async () => {
// v2.12.x is the last release that did NOT publish checksums.txt.sigstore.json.
// The action must still install it cleanly: checksum verified, cosign step skipped.
await requireCosign();
const bin = await goreleaser.install('goreleaser', 'v2.12.4');
expect(fs.existsSync(bin)).toBe(true);
}, 120000);
it('throws on checksum mismatch', async () => {
const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'gha-'));
const archive = path.join(dir, 'fake.tar.gz');
fs.writeFileSync(archive, 'tampered content');
await expect(
goreleaser.verifyChecksum('goreleaser', 'v2.15.3', archive, 'goreleaser_Linux_x86_64.tar.gz')
).rejects.toThrow(/Checksum mismatch/);
}, 60000);
it('throws when the filename is not in checksums.txt', async () => {
const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'gha-'));
const archive = path.join(dir, 'whatever.tar.gz');
fs.writeFileSync(archive, '');
await expect(
goreleaser.verifyChecksum('goreleaser', 'v2.15.3', archive, 'not-a-real-asset.tar.gz')
).rejects.toThrow(/Could not find not-a-real-asset.tar.gz in checksums.txt/);
}, 60000);
});

117
__tests__/version.test.ts
View file

@ -1,117 +0,0 @@
import {describe, expect, it, beforeEach, afterEach} from '@jest/globals';
import * as fs from 'fs';
import * as os from 'os';
import * as path from 'path';
import {getRequestedVersion} from '../src/version';
import {Inputs} from '../src/context';
const baseInputs = (overrides: Partial<Inputs>): Inputs => ({
distribution: 'goreleaser',
version: '~> v2',
versionFile: '',
args: '',
workdir: '.',
installOnly: false,
...overrides
});
describe('getRequestedVersion', () => {
let tmpDir: string;
beforeEach(() => {
tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'goreleaser-version-'));
});
afterEach(() => {
fs.rmSync(tmpDir, {recursive: true, force: true});
});
const writeToolVersions = (content: string, name = '.tool-versions'): void => {
fs.writeFileSync(path.join(tmpDir, name), content);
};
describe('without version-file', () => {
it('returns the version input as-is', () => {
expect(getRequestedVersion(baseInputs({version: 'v1.2.3'}))).toBe('v1.2.3');
});
it('returns the default version when none is provided', () => {
expect(getRequestedVersion(baseInputs({version: '~> v2'}))).toBe('~> v2');
});
});
describe('with .tool-versions', () => {
it('parses an unprefixed version and adds the v prefix', () => {
writeToolVersions('goreleaser 1.2.3\n');
expect(getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toBe('v1.2.3');
});
it('keeps an existing v prefix without doubling it', () => {
writeToolVersions('goreleaser v1.2.3\n');
expect(getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toBe('v1.2.3');
});
it('takes precedence over the version input', () => {
writeToolVersions('goreleaser 1.2.3\n');
expect(getRequestedVersion(baseInputs({version: 'v9.9.9', versionFile: '.tool-versions', workdir: tmpDir}))).toBe(
'v1.2.3'
);
});
it('ignores other tools and picks goreleaser', () => {
writeToolVersions(['nodejs 20.10.0', 'goreleaser 2.13.0', 'python 3.12.1', ''].join('\n'));
expect(getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toBe('v2.13.0');
});
it('skips full-line and inline comments', () => {
writeToolVersions(['# pinned for CI', 'goreleaser 2.13.0 # minimum cosign-verifiable', ''].join('\n'));
expect(getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toBe('v2.13.0');
});
it('preserves "latest"', () => {
writeToolVersions('goreleaser latest\n');
expect(getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toBe('latest');
});
it('uses only the first version when multiple fallbacks are listed', () => {
// asdf supports listing fallback versions; we install the first match.
writeToolVersions('goreleaser 2.13.0 2.12.4\n');
expect(getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toBe('v2.13.0');
});
it('accepts an absolute path and ignores workdir', () => {
const abs = path.join(tmpDir, '.tool-versions');
fs.writeFileSync(abs, 'goreleaser 2.13.0\n');
expect(getRequestedVersion(baseInputs({versionFile: abs, workdir: '/nonexistent'}))).toBe('v2.13.0');
});
it('throws when the file does not exist', () => {
expect(() => getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toThrow(
/version-file not found/
);
});
it('throws when the file has no goreleaser entry', () => {
writeToolVersions(['nodejs 20.10.0', 'python 3.12.1', ''].join('\n'));
expect(() => getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toThrow(
/No goreleaser entry/
);
});
it('throws when the goreleaser entry has no version', () => {
writeToolVersions('goreleaser\n');
expect(() => getRequestedVersion(baseInputs({versionFile: '.tool-versions', workdir: tmpDir}))).toThrow(
/No version specified for goreleaser/
);
});
});
describe('with an unsupported file', () => {
it('throws a clear error', () => {
fs.writeFileSync(path.join(tmpDir, '.go-version'), '1.2.3\n');
expect(() => getRequestedVersion(baseInputs({versionFile: '.go-version', workdir: tmpDir}))).toThrow(
/Unsupported version-file/
);
});
});
});

10
action.yml
View file

@ -13,13 +13,7 @@ inputs:
required: false
version:
description: 'GoReleaser version'
default: '~> v2'
required: false
version-file:
description: |
Read the GoReleaser version from a file. Path is resolved relative to
`workdir`. Currently only `.tool-versions` (asdf/mise) is supported.
When set, takes precedence over `version`.
default: 'latest'
required: false
args:
description: 'Arguments to pass to GoReleaser'
@ -40,5 +34,5 @@ outputs:
description: 'Build result metadata'
runs:
using: 'node24'
using: 'node12'
main: 'dist/index.js'

13891
dist/index.js generated vendored
View file

File diff suppressed because one or more lines are too long

368
dist/licenses.txt generated vendored
View file

@ -1,368 +0,0 @@
@actions/core
MIT
The MIT License (MIT)
Copyright 2019 GitHub
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@actions/exec
MIT
The MIT License (MIT)
Copyright 2019 GitHub
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@actions/http-client
MIT
Actions Http Client for Node.js
Copyright (c) GitHub, Inc.
All rights reserved.
MIT License
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
associated documentation files (the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@actions/io
MIT
The MIT License (MIT)
Copyright 2019 GitHub
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@actions/tool-cache
MIT
The MIT License (MIT)
Copyright 2019 GitHub
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
ansi-regex
MIT
MIT License
Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
ansi-styles
MIT
MIT License
Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
cliui
ISC
Copyright (c) 2015, Contributors
Permission to use, copy, modify, and/or distribute this software
for any purpose with or without fee is hereby granted, provided
that the above copyright notice and this permission notice
appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
emoji-regex
MIT
Copyright Mathias Bynens <https://mathiasbynens.be/>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
escalade
MIT
MIT License
Copyright (c) Luke Edwards <luke.edwards05@gmail.com> (lukeed.com)
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
get-caller-file
ISC
ISC License (ISC)
Copyright 2018 Stefan Penner
Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
get-east-asian-width
MIT
MIT License
Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
js-yaml
MIT
(The MIT License)
Copyright (C) 2011-2015 by Vitaly Puzrin
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
semver
ISC
The ISC License
Copyright (c) Isaac Z. Schlueter and Contributors
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
string-width
MIT
MIT License
Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
strip-ansi
MIT
MIT License
Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
tunnel
MIT
The MIT License (MIT)
Copyright (c) 2012 Koichi Kobayashi
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
undici
MIT
MIT License
Copyright (c) Matteo Collina and Undici contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
wrap-ansi
MIT
MIT License
Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
y18n
ISC
Copyright (c) 2015, Contributors
Permission to use, copy, modify, and/or distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright notice
and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
THIS SOFTWARE.
yargs
MIT
MIT License
Copyright 2010 James Halliday (mail@substack.net); Modified work Copyright 2014 Contributors (ben@npmjs.com)
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
yargs-parser
ISC
Copyright (c) 2016, Contributors
Permission to use, copy, modify, and/or distribute this software
for any purpose with or without fee is hereby granted, provided
that the above copyright notice and this permission notice
appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

3
dist/package.json generated vendored
View file

@ -1,3 +0,0 @@
{
"type": "module"
}

67
docker-bake.hcl Normal file
View file

@ -0,0 +1,67 @@
variable "NODE_VERSION" {
default = "12"
}
target "node-version" {
args = {
NODE_VERSION = NODE_VERSION
}
}
group "default" {
targets = ["build"]
}
group "pre-checkin" {
targets = ["vendor-update", "format", "build"]
}
group "validate" {
targets = ["format-validate", "build-validate", "vendor-validate"]
}
target "build" {
inherits = ["node-version"]
dockerfile = "./hack/build.Dockerfile"
target = "build-update"
output = ["."]
}
target "build-validate" {
inherits = ["node-version"]
dockerfile = "./hack/build.Dockerfile"
target = "build-validate"
}
target "format" {
inherits = ["node-version"]
dockerfile = "./hack/build.Dockerfile"
target = "format-update"
output = ["."]
}
target "format-validate" {
inherits = ["node-version"]
dockerfile = "./hack/build.Dockerfile"
target = "format-validate"
}
target "vendor-update" {
inherits = ["node-version"]
dockerfile = "./hack/vendor.Dockerfile"
target = "update"
output = ["."]
}
target "vendor-validate" {
inherits = ["node-version"]
dockerfile = "./hack/vendor.Dockerfile"
target = "validate"
}
target "test" {
inherits = ["node-version"]
dockerfile = "./hack/test.Dockerfile"
target = "test-coverage"
output = ["./coverage"]
}

42
hack/build.Dockerfile Normal file
View file

@ -0,0 +1,42 @@
# syntax=docker/dockerfile:1.2
ARG NODE_VERSION
FROM node:${NODE_VERSION}-alpine AS base
RUN apk add --no-cache cpio findutils git
WORKDIR /src
FROM base AS deps
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/node_modules \
yarn install
FROM deps AS build
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/node_modules \
yarn run build && mkdir /out && cp -Rf dist /out/
FROM scratch AS build-update
COPY --from=build /out /
FROM build AS build-validate
RUN --mount=type=bind,target=.,rw \
git add -A && cp -rf /out/* .; \
if [ -n "$(git status --porcelain -- dist)" ]; then \
echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'; \
git status --porcelain -- dist; \
exit 1; \
fi
FROM deps AS format
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/node_modules \
yarn run format \
&& mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
FROM scratch AS format-update
COPY --from=format /out /
FROM deps AS format-validate
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/node_modules \
yarn run format-check \

21
hack/test.Dockerfile Normal file
View file

@ -0,0 +1,21 @@
# syntax=docker/dockerfile:1.2
ARG NODE_VERSION
FROM node:${NODE_VERSION}-alpine AS base
RUN apk add --no-cache git
WORKDIR /src
FROM base AS deps
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/node_modules \
yarn install
FROM deps AS test
ENV RUNNER_TEMP=/tmp/github_runner
ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/node_modules \
yarn run test --coverageDirectory=/tmp/coverage
FROM scratch AS test-coverage
COPY --from=test /tmp/coverage /

23
hack/vendor.Dockerfile Normal file
View file

@ -0,0 +1,23 @@
# syntax=docker/dockerfile:1.2
ARG NODE_VERSION
FROM node:${NODE_VERSION}-alpine AS base
RUN apk add --no-cache git
WORKDIR /src
FROM base AS vendored
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/node_modules \
yarn install && mkdir /out && cp yarn.lock /out
FROM scratch AS update
COPY --from=vendored /out /
FROM vendored AS validate
RUN --mount=type=bind,target=.,rw \
git add -A && cp -rf /out/* .; \
if [ -n "$(git status --porcelain -- yarn.lock)" ]; then \
echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'; \
git status --porcelain -- yarn.lock; \
exit 1; \
fi

16
jest.config.js Normal file
View file

@ -0,0 +1,16 @@
module.exports = {
clearMocks: true,
moduleFileExtensions: ['js', 'ts'],
setupFiles: [
"dotenv/config",
"<rootDir>/src/test_setup.ts"
],
testEnvironment: 'node',
testMatch: ['**/*.test.ts'],
testRunner: 'jest-circus/runner',
testTimeout: 30000,
transform: {
'^.+\\.ts$': 'ts-jest'
},
verbose: false
}

24
jest.config.ts
View file

@ -1,24 +0,0 @@
import type {Config} from 'jest';
const config: Config = {
clearMocks: true,
moduleFileExtensions: ['js', 'ts'],
setupFiles: ['dotenv/config', '<rootDir>/src/test_setup.ts'],
testMatch: ['**/*.test.ts'],
testTimeout: 30000,
transform: {
'^.+\\.ts$': [
'ts-jest',
{
useESM: true
}
]
},
extensionsToTreatAsEsm: ['.ts'],
moduleNameMapper: {
'^(\\.{1,2}/.*)\\.js$': '$1'
},
verbose: true
};
export default config;

5886
package-lock.json generated
View file

File diff suppressed because it is too large Load diff

54
package.json
View file

@ -1,16 +1,13 @@
{
"name": "goreleaser-action",
"description": "GitHub Action for GoReleaser, a release automation tool for Go projects",
"main": "src/main.ts",
"type": "module",
"main": "lib/main.js",
"scripts": {
"build": "ncc build src/main.ts --minify --license licenses.txt",
"format": "prettier --write \"**/*.ts\"",
"format-check": "prettier --check \"**/*.ts\"",
"lint": "eslint --max-warnings=0 \"**/*.ts\"",
"lint:fix": "eslint --fix \"**/*.ts\"",
"test": "NODE_OPTIONS='--experimental-vm-modules' jest --coverage",
"pre-checkin": "npm run format && npm run lint:fix && npm run build && npm test"
"build": "tsc && ncc build",
"test": "jest --coverage",
"format": "prettier --write **/*.ts",
"format-check": "prettier --check **/*.ts",
"pre-checkin": "yarn run format && yarn run build"
},
"repository": {
"type": "git",
@ -23,31 +20,26 @@
],
"author": "CrazyMax",
"license": "MIT",
"dependencies": {
"@actions/core": "^3.0.0",
"@actions/exec": "^3.0.0",
"@actions/http-client": "^4.0.0",
"@actions/tool-cache": "^4.0.0",
"js-yaml": "^4.1.1",
"semver": "^7.7.4",
"yargs": "^18.0.0"
"@actions/core": "^1.6.0",
"@actions/exec": "^1.1.0",
"@actions/http-client": "^1.0.11",
"@actions/tool-cache": "^1.7.1",
"js-yaml": "^4.1.0",
"yargs": "^17.3.1"
},
"devDependencies": {
"@types/node": "^24.0.0",
"@typescript-eslint/eslint-plugin": "^6.6.0",
"@typescript-eslint/parser": "^6.6.0",
"@vercel/ncc": "^0.38.0",
"dotenv": "^16.3.1",
"eslint": "^8.49.0",
"eslint-config-prettier": "^9.0.0",
"eslint-plugin-jest": "^27.2.3",
"eslint-plugin-prettier": "^5.0.0",
"jest": "^29.6.4",
"prettier": "^3.0.3",
"@types/jest": "^26.0.24",
"@types/node": "^14.17.6",
"@vercel/ncc": "^0.28.6",
"dotenv": "^8.6.0",
"jest": "^26.6.3",
"jest-circus": "^26.6.3",
"jest-runtime": "^26.6.3",
"prettier": "^2.3.2",
"tmp": "^0.2.1",
"ts-jest": "^29.1.1",
"ts-node": "^10.9.1",
"typescript": "^5.2.2"
"ts-jest": "^26.5.6",
"typescript": "^4.3.5",
"typescript-formatter": "^7.2.2"
}
}

10
src/context.ts
View file

@ -1,5 +1,6 @@
import * as os from 'os';
import * as core from '@actions/core';
import {issueCommand} from '@actions/core/lib/command';
export const osPlat: string = os.platform();
export const osArch: string = os.arch();
@ -7,7 +8,6 @@ export const osArch: string = os.arch();
export interface Inputs {
distribution: string;
version: string;
versionFile: string;
args: string;
workdir: string;
installOnly: boolean;
@ -16,10 +16,14 @@ export interface Inputs {
export async function getInputs(): Promise<Inputs> {
return {
distribution: core.getInput('distribution') || 'goreleaser',
version: core.getInput('version') || '~> v2',
versionFile: core.getInput('version-file'),
version: core.getInput('version'),
args: core.getInput('args'),
workdir: core.getInput('workdir') || '.',
installOnly: core.getBooleanInput('install-only')
};
}
// FIXME: Temp fix https://github.com/actions/toolkit/issues/777
export function setOutput(name: string, value: any): void {
issueCommand('set-output', {name}, value);
}

49
src/git.ts Normal file
View file

@ -0,0 +1,49 @@
import * as exec from '@actions/exec';
const git = async (args: string[] = []): Promise<string> => {
return await exec
.getExecOutput(`git`, args, {
ignoreReturnCode: true,
silent: true
})
.then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
throw new Error(res.stderr);
}
return res.stdout.trim();
});
};
export async function getTag(): Promise<string> {
try {
if ((process.env.GITHUB_REF || '').startsWith('refs/tags')) {
const tag = (process.env.GITHUB_REF || '').split('/').pop();
if (tag !== '' && tag !== undefined) {
return tag;
}
}
return await git(['tag', '--points-at', `${process.env.GITHUB_SHA}`, '--sort', '-version:creatordate']).then(
tags => {
if (tags.length == 0) {
return git(['describe', '--tags', '--abbrev=0']);
}
return tags.split('\n')[0];
}
);
} catch (err) {
return '';
}
}
export async function isTagDirty(currentTag: string): Promise<boolean> {
try {
await git(['describe', '--exact-match', '--tags', '--match', currentTag]);
} catch (err) {
return true;
}
return false;
}
export async function getShortCommit(): Promise<string> {
return await git(['show', "--format='%h'", 'HEAD', '--quiet']);
}

145
src/github.ts
View file

@ -3,143 +3,32 @@ import * as semver from 'semver';
import * as core from '@actions/core';
import * as httpm from '@actions/http-client';
const maxRetries = 10;
const timeoutMs = 1000;
const withRetry = async <T>(operation: () => Promise<T>): Promise<T> => {
let lastError: Error;
for (let attempt = 0; attempt <= maxRetries; attempt++) {
try {
return await operation();
} catch (error) {
lastError = error as Error;
if (attempt === maxRetries) {
break;
}
core.debug(`Attempt ${attempt + 1} failed, retrying in ${timeoutMs}: ${lastError.message}`);
await new Promise(resolve => setTimeout(resolve, timeoutMs));
}
}
throw lastError;
};
export interface GitHubRelease {
id: number;
tag_name: string;
}
// Matches the new-style nightly release tag pattern: vX.Y.Z-<sha>-nightly
export const nightlyTagRegex = /^v\d+\.\d+\.\d+-[0-9a-f]+-nightly$/i;
export const isNightlyTag = (tag: string): boolean => {
return nightlyTagRegex.test(tag);
};
export const getRelease = async (distribution: string, version: string): Promise<GitHubRelease> => {
if (version === 'latest') {
core.warning("You are using 'latest' as default version. Will lock to '~> v2'.");
return getReleaseTag(distribution, '~> v2');
}
return getReleaseTag(distribution, version);
};
export const getReleaseTag = async (distribution: string, version: string): Promise<GitHubRelease> => {
if (version === 'nightly') {
return resolveNightly(distribution);
}
// If version is a specific version (not a range), skip the JSON check
const cleanVersion: string = cleanTag(version);
if (semver.valid(cleanVersion)) {
let tag = version.startsWith('v') ? version : `v${version}`;
// Handle GoReleaser Pro suffix for versions < 2.7.0, but only if not already present
// TODO: remove all this `-pro` thing at some point.
if (goreleaser.isPro(distribution) && semver.lt(cleanVersion, '2.7.0') && !tag.endsWith('-pro')) {
tag = tag + goreleaser.distribSuffix(distribution);
}
return {tag_name: tag};
}
const tag: string = (await resolveVersion(distribution, version)) || version;
const suffix: string = goreleaser.distribSuffix(distribution);
const url = `https://goreleaser.com/releases${suffix}.json`;
const releases = await withRetry(async () => {
const http: httpm.HttpClient = new httpm.HttpClient('goreleaser-action');
const resp: httpm.HttpClientResponse = await http.get(url);
const body = await resp.readBody();
const statusCode = resp.message.statusCode || 500;
if (statusCode >= 400) {
throw new Error(
`Failed to get GoReleaser release ${version} from ${url} with status code ${statusCode}: ${body}`
);
}
return <Array<GitHubRelease>>JSON.parse(body);
});
const res = releases.filter(r => r.tag_name === tag).shift();
if (res) {
return res;
}
throw new Error(`Cannot find GoReleaser release ${version} in ${url}`);
};
// resolveNightly looks up the latest immutable nightly release of the form
// `vX.Y.Z-<sha>-nightly` on the GitHub releases of the given distribution.
const resolveNightly = async (distribution: string): Promise<GitHubRelease> => {
const url = `https://api.github.com/repos/goreleaser/${distribution}/releases?per_page=100`;
core.debug(`Resolving latest nightly release from ${url}`);
const releases = await withRetry(async () => {
const http: httpm.HttpClient = new httpm.HttpClient('goreleaser-action');
const headers: {[name: string]: string} = {
Accept: 'application/vnd.github+json',
'X-GitHub-Api-Version': '2022-11-28'
};
const token = process.env.GITHUB_TOKEN;
if (token) {
headers['Authorization'] = `Bearer ${token}`;
}
const resp: httpm.HttpClientResponse = await http.get(url, headers);
const body = await resp.readBody();
const statusCode = resp.message.statusCode || 500;
if (statusCode >= 400) {
throw new Error(`Failed to list releases from ${url} with status code ${statusCode}: ${body}`);
}
return <Array<GitHubRelease>>JSON.parse(body);
});
const match = releases.find(r => nightlyTagRegex.test(r.tag_name));
if (!match) {
throw new Error(`No '<version>-<sha>-nightly' release found in ${url}`);
}
core.info(`Resolved nightly to ${match.tag_name}`);
return match;
export const getRelease = async (distribution: string, version: string): Promise<GitHubRelease | null> => {
const resolvedVersion: string = (await resolveVersion(distribution, version)) || version;
const url: string = `https://github.com/goreleaser/${distribution}/releases/${resolvedVersion}`;
const http: httpm.HttpClient = new httpm.HttpClient('goreleaser-action');
return (await http.getJson<GitHubRelease>(url)).result;
};
const resolveVersion = async (distribution: string, version: string): Promise<string | null> => {
const allTags: Array<string> | null = await getAllTags(distribution);
if (!allTags) {
throw new Error(`Cannot download ${distribution} tags`);
throw new Error(`Cannot find GoReleaser tags`);
}
core.debug(`Found ${allTags.length} tags in total`);
if (version === 'latest' || !goreleaser.isPro(distribution)) {
return semver.maxSatisfying(allTags, version);
}
const cleanTags: Array<string> = allTags.map(tag => cleanTag(tag));
const cleanVersion: string = cleanTag(version);
if (!semver.valid(cleanVersion) && !semver.validRange(cleanVersion)) {
// if the given version is invalid, return whatever we got.
return version;
}
const v = semver.maxSatisfying(cleanTags, cleanVersion);
if (semver.lt(v, '2.7.0')) {
// if its a version older than 2.7.0, append the suffix.
return v + goreleaser.distribSuffix(distribution);
}
return v;
return semver.maxSatisfying(cleanTags, cleanVersion) + goreleaser.distribSuffix(distribution);
};
interface GitHubTag {
@ -147,13 +36,11 @@ interface GitHubTag {
}
const getAllTags = async (distribution: string): Promise<Array<string>> => {
const http: httpm.HttpClient = new httpm.HttpClient('goreleaser-action');
const suffix: string = goreleaser.distribSuffix(distribution);
const url = `https://goreleaser.com/releases${suffix}.json`;
core.debug(`Downloading ${url}`);
return withRetry(async () => {
const http: httpm.HttpClient = new httpm.HttpClient('goreleaser-action');
const response = await http.getJson<Array<GitHubTag>>(url);
const url: string = `https://goreleaser.com/static/releases${suffix}.json`;
const getTags = http.getJson<Array<GitHubTag>>(url);
return getTags.then(response => {
if (response.result == null) {
return [];
}

119
src/goreleaser.ts
View file

@ -1,36 +1,34 @@
import * as crypto from 'crypto';
import * as fs from 'fs';
import * as path from 'path';
import * as util from 'util';
import yaml from 'js-yaml';
import * as context from './context';
import * as github from './github';
import * as core from '@actions/core';
import * as exec from '@actions/exec';
import * as io from '@actions/io';
import * as tc from '@actions/tool-cache';
export async function install(distribution: string, version: string): Promise<string> {
const release: github.GitHubRelease = await github.getRelease(distribution, version);
const release: github.GitHubRelease | null = await github.getRelease(distribution, version);
if (!release) {
throw new Error(`Cannot find GoReleaser ${version} release`);
}
const filename = getFilename(distribution);
const baseUrl = `https://github.com/goreleaser/${distribution}/releases/download/${release.tag_name}`;
const downloadUrl = `${baseUrl}/${filename}`;
const downloadUrl = util.format(
'https://github.com/goreleaser/%s/releases/download/%s/%s',
distribution,
release.tag_name,
filename
);
core.info(`Downloading ${downloadUrl}`);
const downloadPath: string = await tc.downloadTool(downloadUrl);
core.debug(`Downloaded to ${downloadPath}`);
await verifyChecksum(distribution, release.tag_name, downloadPath, filename);
core.info('Extracting GoReleaser');
let extPath: string;
if (context.osPlat == 'win32') {
if (!downloadPath.endsWith('.zip')) {
const newPath = downloadPath + '.zip';
fs.renameSync(downloadPath, newPath);
extPath = await tc.extractZip(newPath);
} else {
extPath = await tc.extractZip(downloadPath);
}
extPath = await tc.extractZip(downloadPath);
} else {
extPath = await tc.extractTar(downloadPath);
}
@ -45,92 +43,6 @@ export async function install(distribution: string, version: string): Promise<st
return exePath;
}
export async function verifyChecksum(
distribution: string,
tag: string,
archivePath: string,
filename: string
): Promise<void> {
const baseUrl = `https://github.com/goreleaser/${distribution}/releases/download/${tag}`;
let checksumsPath: string;
try {
core.info(`Downloading ${baseUrl}/checksums.txt`);
checksumsPath = await tc.downloadTool(`${baseUrl}/checksums.txt`);
} catch (e) {
core.warning(`Skipping checksum verification: unable to download checksums.txt: ${e.message}`);
return;
}
const sha256 = crypto.createHash('sha256').update(fs.readFileSync(archivePath)).digest('hex');
const expected = findChecksum(fs.readFileSync(checksumsPath, 'utf8'), filename);
if (!expected) {
throw new Error(`Could not find ${filename} in checksums.txt`);
}
if (expected.toLowerCase() !== sha256.toLowerCase()) {
throw new Error(`Checksum mismatch for ${filename}: expected ${expected}, got ${sha256}`);
}
core.info(`Checksum verified for ${filename}`);
await verifyCosignSignature(distribution, tag, baseUrl, checksumsPath);
}
export const findChecksum = (checksumsContent: string, filename: string): string | undefined => {
const match = checksumsContent
.split('\n')
.map(line => line.trim().split(/\s+/))
.find(parts => parts.length >= 2 && parts[1].replace(/^[*]/, '') === filename);
return match ? match[0] : undefined;
};
async function verifyCosignSignature(
distribution: string,
tag: string,
baseUrl: string,
checksumsPath: string
): Promise<void> {
const cosign = await io.which('cosign', false);
if (!cosign) {
core.info('cosign not found in PATH, skipping signature verification');
return;
}
let bundlePath: string;
try {
core.info(`Downloading ${baseUrl}/checksums.txt.sigstore.json`);
bundlePath = await tc.downloadTool(`${baseUrl}/checksums.txt.sigstore.json`);
} catch (e) {
core.warning(`Skipping cosign signature verification: unable to download sigstore bundle: ${e.message}`);
return;
}
const certificateIdentity = getCertificateIdentity(distribution, tag);
core.info(`Verifying checksums.txt signature with cosign (identity: ${certificateIdentity})`);
await exec.exec(cosign, [
'verify-blob',
'--certificate-identity',
certificateIdentity,
'--certificate-oidc-issuer',
'https://token.actions.githubusercontent.com',
'--bundle',
bundlePath,
checksumsPath
]);
core.info('cosign signature verified');
}
export const getCertificateIdentity = (distribution: string, tag: string): string => {
const pro = isPro(distribution);
if (github.isNightlyTag(tag)) {
const workflow = pro ? 'nightly-pro.yml' : 'nightly-oss.yml';
const repo = pro ? 'goreleaser-pro-internal' : 'goreleaser';
return `https://github.com/goreleaser/${repo}/.github/workflows/${workflow}@refs/heads/main`;
}
if (pro) {
return `https://github.com/goreleaser/goreleaser-pro-internal/.github/workflows/release-pro.yml@refs/tags/${tag}`;
}
return `https://github.com/goreleaser/goreleaser/.github/workflows/release.yml@refs/tags/${tag}`;
};
export const distribSuffix = (distribution: string): string => {
return isPro(distribution) ? '-pro' : '';
};
@ -151,7 +63,6 @@ const getFilename = (distribution: string): string => {
break;
}
case 'arm': {
// eslint-disable-next-line @typescript-eslint/no-explicit-any
const arm_version = (process.config.variables as any).arm_version;
arch = arm_version ? 'armv' + arm_version : 'arm';
break;
@ -167,11 +78,11 @@ const getFilename = (distribution: string): string => {
const platform: string = context.osPlat == 'win32' ? 'Windows' : context.osPlat == 'darwin' ? 'Darwin' : 'Linux';
const ext: string = context.osPlat == 'win32' ? 'zip' : 'tar.gz';
const suffix: string = distribSuffix(distribution);
return `goreleaser${suffix}_${platform}_${arch}.${ext}`;
return util.format('goreleaser%s_%s_%s.%s', suffix, platform, arch, ext);
};
export async function getDistPath(yamlfile: string): Promise<string> {
const cfg = yaml.load(fs.readFileSync(yamlfile, 'utf8'));
const cfg = yaml.load(yamlfile);
return cfg.dist || 'dist';
}

49
src/main.ts
View file

@ -1,19 +1,17 @@
import * as fs from 'fs';
import * as path from 'path';
import yargs from 'yargs';
import type {Arguments} from 'yargs';
import * as context from './context';
import * as git from './git';
import * as goreleaser from './goreleaser';
import {getRequestedVersion} from './version';
import * as core from '@actions/core';
import * as exec from '@actions/exec';
async function run(): Promise<void> {
try {
const inputs: context.Inputs = await context.getInputs();
const version = getRequestedVersion(inputs);
const bin = await goreleaser.install(inputs.distribution, version);
core.info(`GoReleaser ${version} installed successfully`);
const bin = await goreleaser.install(inputs.distribution, inputs.version);
core.info(`GoReleaser ${inputs.version} installed successfully`);
if (inputs.installOnly) {
const goreleaserDir = path.dirname(bin);
@ -30,42 +28,55 @@ async function run(): Promise<void> {
process.chdir(inputs.workdir);
}
const commit = await git.getShortCommit();
const tag = await git.getTag();
const isTagDirty = await git.isTagDirty(tag);
let yamlfile: string | unknown;
const argv: Arguments<{config?: string}> = yargs(inputs.args).parseSync() as Arguments<{
config?: string;
}>;
const argv = yargs.parse(inputs.args);
if (argv.config) {
yamlfile = argv.config;
} else {
[
'.config/goreleaser.yaml',
'.config/goreleaser.yml',
'.goreleaser.yaml',
'.goreleaser.yml',
'goreleaser.yaml',
'goreleaser.yml'
].forEach(f => {
['.goreleaser.yaml', '.goreleaser.yml', 'goreleaser.yaml', 'goreleaser.yml'].forEach(f => {
if (fs.existsSync(f)) {
yamlfile = f;
}
});
}
await exec.exec(`${bin} ${inputs.args}`);
let snapshot = '';
if (inputs.args.split(' ').indexOf('release') > -1) {
if (isTagDirty) {
if (!inputs.args.includes('--snapshot') && !inputs.args.includes('--nightly')) {
core.info(`No tag found for commit ${commit}. Snapshot forced`);
snapshot = ' --snapshot';
}
} else {
core.info(`${tag} tag found for commit ${commit}`);
}
}
await exec.exec(`${bin} ${inputs.args}${snapshot}`, undefined, {
env: Object.assign({}, process.env, {
GORELEASER_CURRENT_TAG: tag || process.env.GORELEASER_CURRENT_TAG || ''
}) as {
[key: string]: string;
}
});
if (typeof yamlfile === 'string') {
const artifacts = await goreleaser.getArtifacts(await goreleaser.getDistPath(yamlfile));
if (artifacts) {
await core.group(`Artifacts output`, async () => {
core.info(artifacts);
core.setOutput('artifacts', artifacts);
context.setOutput('artifacts', artifacts);
});
}
const metadata = await goreleaser.getMetadata(await goreleaser.getDistPath(yamlfile));
if (metadata) {
await core.group(`Metadata output`, async () => {
core.info(metadata);
core.setOutput('metadata', metadata);
context.setOutput('metadata', metadata);
});
}
}

2
src/test_setup.ts
View file

@ -1,4 +1,4 @@
import * as tmp from 'tmp';
import tmp = require('tmp');
tmp.setGracefulCleanup();
const tmpdir = tmp.dirSync({template: 'goreleaser-XXXXXX'});

56
src/version.ts
View file

@ -1,56 +0,0 @@
import * as fs from 'fs';
import * as path from 'path';
import {Inputs} from './context';
// Resolves the GoReleaser version to install.
//
// When `version-file` is set, it is read from disk and parsed; the resolved
// value takes precedence over the `version` input. Otherwise, `version` is
// returned as-is (it always has a default — see context.getInputs).
export function getRequestedVersion(inputs: Inputs): string {
if (!inputs.versionFile) {
return inputs.version;
}
const filePath = path.isAbsolute(inputs.versionFile)
? inputs.versionFile
: path.join(inputs.workdir || '.', inputs.versionFile);
if (!fs.existsSync(filePath)) {
throw new Error(`version-file not found: ${filePath}`);
}
const basename = path.basename(filePath);
const content = fs.readFileSync(filePath, 'utf-8');
switch (basename) {
case '.tool-versions':
return parseToolVersions(content, filePath);
default:
throw new Error(`Unsupported version-file: ${filePath} (only .tool-versions is supported)`);
}
}
// Parses a single `goreleaser <version>` entry out of a `.tool-versions` file
// (asdf/mise format). Full-line `#` comments and inline `# ...` suffixes are
// stripped. When a tool lists multiple fallback versions only the first is
// used. Bare semvers are returned with a leading `v`; constraint expressions
// (`~> v2`, `latest`, ...) are returned as-is.
function parseToolVersions(content: string, filePath: string): string {
for (const rawLine of content.split('\n')) {
const line = rawLine.replace(/#.*$/, '').trim();
if (!line) {
continue;
}
const tokens = line.split(/\s+/);
if (tokens[0] !== 'goreleaser') {
continue;
}
const version = tokens[1];
if (!version) {
throw new Error(`No version specified for goreleaser in ${filePath}`);
}
return /^\d/.test(version) ? `v${version}` : version;
}
throw new Error(`No goreleaser entry found in ${filePath}`);
}

18
test/.goreleaser-dist.yml
View file

@ -1,18 +0,0 @@
env:
- GO111MODULE=on
before:
hooks:
- go mod download
builds:
-
env:
- CGO_ENABLED=0
goos:
- darwin
- linux
goarch:
- amd64
dist: _output

13
test/.goreleaser-signing.yml
View file

@ -14,8 +14,17 @@ builds:
- linux
- windows
goarch:
- "386"
- "amd64"
- 386
- amd64
archives:
-
replacements:
386: i386
amd64: x86_64
format_overrides:
- goos: windows
format: zip
checksum:
name_template: 'checksums.txt'

13
test/.goreleaser.yml
View file

@ -14,8 +14,17 @@ builds:
- linux
- windows
goarch:
- "386"
- "amd64"
- 386
- amd64
archives:
-
replacements:
386: i386
amd64: x86_64
format_overrides:
- goos: windows
format: zip
checksum:
name_template: 'checksums.txt'

2
test/go.mod
View file

@ -1,3 +1,3 @@
module github.com/goreleaser/goreleaser-action
go 1.18
go 1.15

24
tsconfig.json
View file

@ -1,22 +1,18 @@
{
"compilerOptions": {
"esModuleInterop": true,
"target": "ES2024",
"module": "ESNext",
"target": "es6",
"module": "commonjs",
"lib": [
"es6",
"dom"
],
"newLine": "lf",
"outDir": "./lib",
"rootDir": "./src",
"forceConsistentCasingInFileNames": true,
"strict": true,
"noImplicitAny": false,
"resolveJsonModule": true,
"useUnknownInCatchVariables": false,
"moduleResolution": "node",
"strict": false,
"skipLibCheck": true
"esModuleInterop": true,
"sourceMap": true
},
"exclude": [
"node_modules",
"**/*.test.ts",
"jest.config.ts"
]
"exclude": ["node_modules", "**/*.test.ts"]
}

3678
yarn.lock Normal file
View file

File diff suppressed because it is too large Load diff