1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
name: Release Development
on:
# Manual runs with option of dry-run (for testing CI pipeline)
workflow_dispatch:
inputs:
dry-run:
description: "Run in test mode without publishing artifacts"
required: false
default: false
type: boolean
# Pushes to main with changes to code paths
push:
# On main branch pushes
branches:
- main
# Watches shoutrrr, internal, pkg, shoutrrr.go, and Go modules
paths:
- shoutrrr/**
- internal/**
- pkg/**
- shoutrrr.go
- go.mod
- go.sum
jobs:
# Run Go tests and upload coverage
test:
uses: ./.github/workflows/test.yaml
permissions:
contents: read # For code checkout
# Build binaries, images, SBOMs, and attestations
build:
needs: test # Requires tests to pass
uses: ./.github/workflows/build.yaml
permissions:
contents: write # For code checkout and uploading release artifacts
packages: write # For pushing images to registries
attestations: write # For generating provenance and SBOMs
id-token: write # For OIDC auth to Docker Hub and GHCR
with:
build-type: dev # Development snapshot release
dry-run: ${{ fromJson(inputs.dry-run || 'false') }} # String to boolean, defaults false
secrets:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} # Docker Hub username
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} # Docker Hub token
# Create multi-platform manifests
manifest:
# Runs after build
needs: build
# Skips in dry-run
if: ${{ !fromJson(inputs.dry-run || 'false') }}
permissions:
contents: read # For code checkout
packages: write # For pushing manifests
uses: ./.github/workflows/create-manifests.yaml
secrets: inherit
with:
build-type: dev # Tags images as latest-dev
|
