Skip to content

Merge pull request #3 from clickfunnels/ci-sign-notarize-3 #6

Merge pull request #3 from clickfunnels/ci-sign-notarize-3

Merge pull request #3 from clickfunnels/ci-sign-notarize-3 #6

Workflow file for this run

name: release
# Push a tag → GoReleaser cross-compiles every platform, creates the GitHub
# Release with all archives + Linux packages + checksums, and pushes the updated
# Homebrew cask to clickfunnels/homebrew-tap.
#
# git tag v0.1.0 && git push origin v0.1.0
#
# Per-commit CI (build/vet/test) runs on RWX; this workflow only runs on tags.
on:
push:
tags: ["v*"]
permissions:
contents: write # create the GitHub Release
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # full history + tags for the changelog
# Short-lived, homebrew-tap-scoped token for the cask push (the default
# GITHUB_TOKEN can't write to another repo). Same app as cfdev:
# cf-homebrew-tap-releaser, installed on this org with access to
# homebrew-tap only.
- name: Generate tap token
id: tap-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
owner: clickfunnels
repositories: homebrew-tap
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
- uses: goreleaser/goreleaser-action@v6
with:
version: "~> v2"
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.tap-token.outputs.token }}
# Developer ID signing + notarization (org secrets).
MACOS_SIGN_P12: ${{ secrets.MACOS_SIGN_P12 }}
MACOS_SIGN_PASSWORD: ${{ secrets.MACOS_SIGN_PASSWORD }}
MACOS_NOTARY_ISSUER_ID: ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID }}
MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY }}