1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
name: Build and upload binaries
on:
release:
types: [published]
push:
pull_request:
permissions:
contents: read
jobs:
build:
name: Build binaries
runs-on: ubuntu-latest
strategy:
matrix:
include:
- {GOOS: linux, GOARCH: amd64}
- {GOOS: linux, GOARCH: arm, GOARM: 6}
- {GOOS: linux, GOARCH: arm64}
- {GOOS: darwin, GOARCH: arm64}
- {GOOS: windows, GOARCH: amd64}
- {GOOS: freebsd, GOARCH: amd64}
steps:
- name: Checkout repository
uses: actions/checkout@v5
with:
fetch-depth: 0
persist-credentials: false
- name: Install Go
uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: false
- name: Build binary
run: |
VERSION="$(git describe --tags)"
DIR="$(mktemp -d)"
mkdir "$DIR/age"
go build -o "$DIR/age" -trimpath ./cmd/...
cp LICENSE "$DIR/age/LICENSE"
cat .github/workflows/LICENSE.suffix.txt >> "$DIR/age/LICENSE"
if [ "$GOOS" == "windows" ]; then
sudo apt-get update && sudo apt-get install -y osslsigncode
if [ -n "${{ secrets.SIGN_PASS }}" ]; then
for exe in "$DIR"/age/*.exe; do
/usr/bin/osslsigncode sign -t "http://timestamp.comodoca.com" \
-certs .github/workflows/certs/uitacllc.crt \
-key .github/workflows/certs/uitacllc.key \
-pass "${{ secrets.SIGN_PASS }}" \
-n age -in "$exe" -out "$exe.signed"
mv "$exe.signed" "$exe"
done
fi
( cd "$DIR"; zip age.zip -r age )
mv "$DIR/age.zip" "age-$VERSION-$GOOS-$GOARCH.zip"
else
tar -cvzf "age-$VERSION-$GOOS-$GOARCH.tar.gz" -C "$DIR" age
fi
env:
CGO_ENABLED: 0
GOOS: ${{ matrix.GOOS }}
GOARCH: ${{ matrix.GOARCH }}
GOARM: ${{ matrix.GOARM }}
- name: Upload workflow artifacts
uses: actions/upload-artifact@v4
with:
name: age-artifacts-${{ matrix.GOOS }}-${{ matrix.GOARCH }}
path: age-*
source:
name: Package source code
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v5
with:
fetch-depth: 0
persist-credentials: false
- name: Install Go
uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: false
- name: Create source tarball
run: |
VERSION="$(git describe --tags)"
DIR="$(mktemp -d)"
mkdir "$DIR/age"
git archive --format=tar.gz HEAD | tar -xz -C "$DIR/age"
( cd "$DIR/age"; go mod vendor )
for cmd in "$DIR"/age/{cmd,extra}/*; do
echo "package main" >> "$cmd/version.go"
echo "" >> "$cmd/version.go"
echo "func init() { Version = \"$VERSION\" }" >> "$cmd/version.go"
done
tar -cvzf "age-$VERSION-source.tar.gz" -C "$DIR" age
- name: Upload workflow artifacts
uses: actions/upload-artifact@v4
with:
name: age-artifacts-source
path: age-*-source.tar.gz
upload:
name: Upload and attest release artifacts
if: github.event_name == 'release'
needs: [build, source]
permissions:
contents: write
attestations: write
id-token: write
runs-on: ubuntu-latest
steps:
- name: Download workflow artifacts
uses: actions/download-artifact@v4
with:
pattern: age-artifacts-*
merge-multiple: true
- name: Generate artifacts attestation
uses: actions/attest-build-provenance@v3
with:
subject-path: age-*
- name: Upload release artifacts
run: gh release upload "$GITHUB_REF_NAME" age-*
env:
GH_REPO: ${{ github.repository }}
GH_TOKEN: ${{ github.token }}
|
