CI: update workflows to use Azure Trusted Signing #17

Workflow file for this run

.github/workflows/release.yml at 3195536

	name: Release

	on:
	push:
	tags: 'v*'

	permissions:
	id-token: write
	contents: write

	env:
	GO_VERSION: 1.23.3

	jobs:
	build:
	name: Build and Release
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Build
	run: \|
	go install github.com/tc-hib/go-winres@latest

	VERSION=${GITHUB_REF/refs\/tags\//}
	GIT_COMMIT=`git describe --always --dirty`
	FILE_VERSION=${VERSION:1}.0

	mkdir bin
	mkdir win
	go-winres simply --arch amd64 --product-version $VERSION-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo plugin KMS" --product-name "SFTPGo plugin KMS" --copyright "AGPL-3.0" --original-filename sftpgo-plugin-kms-windows-x86_64.exe --icon res/icon.ico
	CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o win/sftpgo-plugin-kms-windows-x86_64.exe
	go-winres simply --arch arm64 --product-version $VERSION-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo plugin KMS" --product-name "SFTPGo plugin KMS" --copyright "AGPL-3.0" --original-filename sftpgo-plugin-kms-windows-arm64.exe --icon res/icon.ico
	CGO_ENABLED=0 GOOS=windows GOARCH=arm64 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o win/sftpgo-plugin-kms-windows-arm64.exe
	go-winres simply --arch 386 --product-version $VERSION-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo plugin KMS" --product-name "SFTPGo plugin KMS" --copyright "AGPL-3.0" --original-filename sftpgo-plugin-kms-windows-x86.exe --icon res/icon.ico
	CGO_ENABLED=0 GOOS=windows GOARCH=386 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o win/sftpgo-plugin-kms-windows-x86.exe

	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-kms-linux-amd64
	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-kms-linux-arm64
	CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-kms-linux-armv7
	CGO_ENABLED=0 GOOS=linux GOARCH=ppc64le go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-kms-linux-ppc64le
	CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-kms-darwin-amd64
	CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -trimpath -ldflags "-s -w -X main.commitHash=`git describe --always --dirty` -X main.date=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-kms-darwin-arm64
	shell: bash

	- name: Upload Windows artifact
	uses: actions/upload-artifact@v4
	with:
	name: win
	path: win
	retention-days: 1

	- name: Prepare vendored sources
	run: \|
	VERSION=${GITHUB_REF/refs\/tags\//}
	go mod vendor
	echo "${VERSION}" > VERSION.txt
	tar --exclude=bin --exclude=win -cJvf sftpgo-plugin-kms_${VERSION}_src_with_deps.tar.xz *

	- name: Create release
	run: \|
	VERSION=${GITHUB_REF/refs\/tags\//}
	gh release create "${VERSION}" -t "${VERSION}"
	gh release upload "${VERSION}" bin/* --clobber
	gh release upload "${VERSION}" sftpgo-plugin-kms_${VERSION}_src_with_deps.tar.xz --clobber
	gh release view "${VERSION}"
	env:
	GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

	release-windows-binaries:
	name: Release Windows binaries
	environment: signing
	needs: [build]
	runs-on: windows-latest

	steps:
	- name: Download artifact
	uses: actions/download-artifact@v4
	with:
	name: win

	- name: Azure login
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Sign
	uses: azure/[email protected]
	with:
	endpoint: https://eus.codesigning.azure.net/
	trusted-signing-account-name: nicola
	certificate-profile-name: SFTPGo
	files: \|
	${{ github.workspace }}\sftpgo-plugin-kms-windows-x86_64.exe
	${{ github.workspace }}\sftpgo-plugin-kms-windows-arm64.exe
	${{ github.workspace }}\sftpgo-plugin-kms-windows-x86.exe
	file-digest: SHA256
	timestamp-rfc3161: http://timestamp.acs.microsoft.com
	timestamp-digest: SHA256
	exclude-environment-credential: true
	exclude-workload-identity-credential: true
	exclude-managed-identity-credential: true
	exclude-shared-token-cache-credential: true
	exclude-visual-studio-credential: true
	exclude-visual-studio-code-credential: true
	exclude-azure-cli-credential: false
	exclude-azure-powershell-credential: true
	exclude-azure-developer-cli-credential: true
	exclude-interactive-browser-credential: true

	- name: Upload to release
	run: \|
	VERSION=${GITHUB_REF/refs\/tags\//}
	gh release upload "${VERSION}" sftpgo-plugin-kms-windows-x86_64.exe
	gh release upload "${VERSION}" sftpgo-plugin-kms-windows-arm64.exe
	gh release upload "${VERSION}" sftpgo-plugin-kms-windows-x86.exe
	gh release view "${VERSION}"
	shell: bash
	env:
	GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI: update workflows to use Azure Trusted Signing #17

Workflow file

CI: update workflows to use Azure Trusted Signing #17

Jobs

Run details

Workflow file for this run