security: update dependencies (x/crypto 0.17.0 -> 0.53.0, et al) #12
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| # Trigger only on root-module semver tags. The `adapters/gin/v*` tags | |
| # are pure Go-module markers — they don't produce binaries. | |
| - 'v[0-9]+.[0-9]+.[0-9]+' | |
| - 'v[0-9]+.[0-9]+.[0-9]+-*' | |
| permissions: | |
| contents: write | |
| jobs: | |
| build: | |
| name: Build (${{ matrix.target.label }}) | |
| runs-on: ${{ matrix.target.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - { os: ubuntu-latest, label: linux-amd64, goos: linux, goarch: amd64, ext: '' } | |
| - { os: macos-13, label: darwin-amd64, goos: darwin, goarch: amd64, ext: '' } | |
| - { os: macos-latest, label: darwin-arm64, goos: darwin, goarch: arm64, ext: '' } | |
| - { os: windows-latest, label: windows-amd64, goos: windows, goarch: amd64, ext: '.exe' } | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.25' | |
| cache: true | |
| # mattn/go-sqlite3 needs CGO. We build on the native runner for each | |
| # target so the C toolchain is already present — no cross-compile | |
| # gymnastics required. | |
| - name: Build lago + artisan | |
| shell: bash | |
| env: | |
| CGO_ENABLED: '1' | |
| GOOS: ${{ matrix.target.goos }} | |
| GOARCH: ${{ matrix.target.goarch }} | |
| run: | | |
| mkdir -p dist | |
| VERSION="${GITHUB_REF_NAME}" | |
| LDFLAGS="-s -w -X main.version=${VERSION}" | |
| go build -ldflags="${LDFLAGS}" -o "dist/lago-${{ matrix.target.label }}${{ matrix.target.ext }}" ./cmd/lago | |
| go build -ldflags="${LDFLAGS}" -o "dist/artisan-${{ matrix.target.label }}${{ matrix.target.ext }}" ./cmd/artisan | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: binaries-${{ matrix.target.label }} | |
| path: dist/* | |
| if-no-files-found: error | |
| retention-days: 7 | |
| release: | |
| name: Publish release | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| path: dist | |
| pattern: binaries-* | |
| merge-multiple: true | |
| - name: Generate SHA-256 checksums | |
| run: | | |
| cd dist | |
| shasum -a 256 * > SHA256SUMS | |
| - name: Create GitHub release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| dist/lago-* | |
| dist/artisan-* | |
| dist/SHA256SUMS | |
| generate_release_notes: true | |
| fail_on_unmatched_files: true | |
| # Notifies the Go module proxy to fetch the new version so `go get @latest` | |
| # resolves it without waiting for the periodic refresh. | |
| warm-proxy: | |
| name: Warm Go proxy | |
| runs-on: ubuntu-latest | |
| needs: [release] | |
| steps: | |
| - name: Trigger pkg.go.dev fetch | |
| run: | | |
| VERSION="${GITHUB_REF_NAME}" | |
| curl -fsSL "https://proxy.golang.org/github.com/devituz/lagodev/@v/${VERSION}.info" || true | |
| curl -fsSL "https://proxy.golang.org/github.com/devituz/lagodev/adapters/gin/@v/${VERSION}.info" || true |