diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ca916b8..c3fa112 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,15 +18,16 @@ jobs: persist-credentials: false - name: setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: 'go.mod' cache: true - - name: goreleaser - uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # pin@v6 + - name: setup goreleaser + uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # pin@v6.4.0 with: install-only: true + version: '~> v2' - name: bootstrap run: script/bootstrap diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index 284dcf6..2872b6f 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -16,6 +16,6 @@ jobs: persist-credentials: false - name: setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: 'go.mod' diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index bd11c71..5839fe4 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -18,7 +18,7 @@ jobs: persist-credentials: false - name: setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: 'go.mod' cache: true diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 4c9a8b4..c9c6a6f 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -18,7 +18,7 @@ jobs: persist-credentials: false - name: setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: 'go.mod' cache: true @@ -44,14 +44,3 @@ jobs: assert-nothing-changed go mod tidy exit $STATUS - - - name: deadcode - run: | - go install golang.org/x/tools/cmd/deadcode@latest - - deadcode -test ./... > "deadcode.txt" - if [ -s "deadcode.txt" ]; then - echo "dead code found:" - cat deadcode.txt - exit 1 - fi diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9a623af..5578c24 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,16 +15,17 @@ jobs: runs-on: ubuntu-latest outputs: artifact-id: ${{ steps.upload-artifact.outputs.artifact-id }} + artifact_dir: ${{ steps.build.outputs.artifact_dir }} steps: - name: checkout - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # pin@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 with: fetch-depth: 0 persist-credentials: false - name: setup go - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # pin@v5 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # pin@v6 with: go-version-file: "go.mod" cache: false @@ -32,18 +33,29 @@ jobs: - name: bootstrap run: script/bootstrap - - name: goreleaser - uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # pin@v6 + - name: setup goreleaser + uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # pin@v6.4.0 with: - args: release --clean + install-only: true + version: '~> v2' + + # IMPORTANT: this step MUST export for the following outputs: + # artifact_dir: the path to the dir where artifacts are stored - ex: "dist" + # Note: this step will build the binaries via goreleaser, place the artifacts in a dir (ex: "dist"), and then export that path as artifact_dir... + # ... finally it will then publish a GitHub Release with those artifacts attached + - name: build and release + id: build env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: script/build --release - name: upload artifact - uses: actions/upload-artifact@v4.6.2 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # pin@v4.6.2 id: upload-artifact with: - path: dist/ + name: ${{ steps.build.outputs.artifact_dir }} # name and path can just both be artifact_dir (ex: "dist") to keep it simple + path: ${{ steps.build.outputs.artifact_dir }} + if-no-files-found: error sign: needs: release @@ -53,29 +65,36 @@ jobs: attestations: write contents: read steps: - - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # pin@v5.0.0 with: artifact-ids: ${{ needs.release.outputs.artifact-id }} + path: ${{ needs.release.outputs.artifact_dir }} + + - name: view artifact + env: + ARTIFACT_PATH: ${{ needs.release.outputs.artifact_dir }} + run: tree -L 2 -a --dirsfirst -C -F -h -D "${ARTIFACT_PATH}" - name: attest build provenance - uses: actions/attest-build-provenance@v3.0.0 + uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # pin@v3.0.0 with: - subject-path: "." + subject-path: "${{ needs.release.outputs.artifact_dir }}/" verify: permissions: {} runs-on: ubuntu-latest needs: [release, sign] steps: - - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # pin@v5.0.0 with: artifact-ids: ${{ needs.release.outputs.artifact-id }} + path: ${{ needs.release.outputs.artifact_dir }} - name: verify env: OWNER: ${{ github.repository_owner }} REPO: ${{ github.event.repository.name }} - ARTIFACT_PATH: "." + ARTIFACT_PATH: "${{ needs.release.outputs.artifact_dir }}/" GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | echo "Scanning for files in $ARTIFACT_PATH" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ca56964..1ff7510 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -18,7 +18,7 @@ jobs: persist-credentials: false - name: setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: 'go.mod' cache: true diff --git a/.go-version b/.go-version index 82bfa5c..d905a6d 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.23.8 +1.25.1 diff --git a/go.mod b/go.mod index f9f455f..7f89a46 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/github/gh-combine -go 1.23.8 +go 1.25.1 require github.com/briandowns/spinner v1.23.2 diff --git a/script/bootstrap b/script/bootstrap index a8ef7df..aadf2e2 100755 --- a/script/bootstrap +++ b/script/bootstrap @@ -8,6 +8,7 @@ echo -e "${BLUE}🥾 Bootstrapping...${OFF}" # Hermetic check: ensure all imports resolve from vendor/ only # This avoids touching the network or the module cache. +# This command will fail if the project is not fully vendored. go list -mod=vendor -deps ./... > /dev/null echo -e "${GREEN}✅ Bootstrap complete!${OFF}" diff --git a/script/build b/script/build index 1df94ee..0298b62 100755 --- a/script/build +++ b/script/build @@ -12,7 +12,26 @@ BUILD_TIME="$(date -u '+%Y-%m-%dT%H:%M:%SZ')" goreleaser check -# Pass all arguments through to goreleaser build -goreleaser build --snapshot --clean "$@" +# Check if --release flag is passed +if [[ " $* " == *" --release "* ]]; then + # Remove --release from arguments and run goreleaser in release mode + args=("$@") + filtered_args=() + for arg in "${args[@]}"; do + if [[ "$arg" != "--release" ]]; then + filtered_args+=("$arg") + fi + done + + goreleaser release --clean "${filtered_args[@]}" +else + # Default: Pass all arguments through to goreleaser build in snapshot mode + goreleaser build --snapshot --clean "$@" +fi + +if [[ "$CI" == "true" ]]; then + tree -L 2 -a --dirsfirst -C -F -h -D dist/ + echo "artifact_dir=dist" >> $GITHUB_OUTPUT +fi echo -e "${GREEN}Build completed successfully!${OFF}" diff --git a/script/env b/script/env index 35e53dd..3d9243b 100755 --- a/script/env +++ b/script/env @@ -47,3 +47,7 @@ mkdir -p "$DIR/vendor/" # Set up Go environment variables export GOPROXY="off" export GOSUMDB="off" + +# Print Go version +GO_VERSION=$(go version | awk '{print $3}') +echo -e "Go version: ${BLUE}${GO_VERSION}${OFF}" diff --git a/script/lint b/script/lint index a50bbe8..7125d00 100755 --- a/script/lint +++ b/script/lint @@ -5,4 +5,5 @@ set -euo pipefail source script/env "$@" go fmt -mod=vendor ./... -golangci-lint run --fix + +echo -e "${GREEN}✅ Lint passed${OFF}" diff --git a/script/test b/script/test index c3016f1..ae0ca85 100755 --- a/script/test +++ b/script/test @@ -4,11 +4,8 @@ set -euo pipefail source script/env "$@" -count=10 - -# if the tparse binary is not found, don't use it -if ! command -v tparse &> /dev/null; then - go test -mod=vendor -race -count $count -v -cover -coverprofile=coverage.out ./... -else - set -o pipefail && go test -mod=vendor -race -count $count -cover -coverprofile=coverage.out -json ./... | tparse -smallscreen -all -trimpath github.com/github/ -fi +count=5 + +go test -mod=vendor -race -count $count -v -cover -coverprofile=coverage.out ./... + +echo -e "${GREEN}✅ Tests passed${OFF}"