name: Release on: push: tags: - 'V*' permissions: contents: read jobs: build: name: Build runs-on: ${{ matrix.os }} strategy: matrix: include: - os: macos-latest target: release-amd64 artifact_name: binaries-amd64 - os: macos-latest target: release-arm64 artifact_name: binaries-arm64 steps: - name: Checkout code uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 - name: Set up Go uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5 with: go-version-file: go.mod - name: Build Binaries run: | make ${{ matrix.target }} ls -l bin/ - name: Package binaries for Homebrew run: | cd bin # Package binaries into tar.gz for Homebrew resource if [[ "${{ matrix.target }}" == "release-arm64" ]]; then tar -czf binaries-darwin-arm64.tar.gz analyze-darwin-arm64 status-darwin-arm64 ls -lh binaries-darwin-arm64.tar.gz else tar -czf binaries-darwin-amd64.tar.gz analyze-darwin-amd64 status-darwin-amd64 ls -lh binaries-darwin-amd64.tar.gz fi - name: Upload artifacts uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: ${{ matrix.artifact_name }} path: bin/*-darwin-* retention-days: 1 release: name: Publish Release needs: build runs-on: ubuntu-latest permissions: contents: write attestations: write id-token: write steps: - name: Download all artifacts uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: bin pattern: binaries-* merge-multiple: true - name: Display structure of downloaded files run: ls -R bin/ - name: Generate release checksums run: | cd bin mapfile -t release_files < <(find . -maxdepth 1 -type f -printf '%P\n' | sort) if [[ ${#release_files[@]} -eq 0 ]]; then echo "No release assets found" exit 1 fi sha256sum "${release_files[@]}" > SHA256SUMS cat SHA256SUMS - name: Generate artifact attestation uses: actions/attest-build-provenance@v4 with: subject-path: | bin/analyze-darwin-* bin/status-darwin-* bin/binaries-darwin-*.tar.gz bin/SHA256SUMS - name: Create Release uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 if: startsWith(github.ref, 'refs/tags/') with: name: ${{ github.ref_name }} files: bin/* generate_release_notes: false draft: false prerelease: false update-formula: runs-on: ubuntu-latest needs: release steps: - name: Extract version from tag id: tag_version run: | TAG=${GITHUB_REF#refs/tags/} VERSION=${TAG#V} echo "tag=$TAG" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT echo "Releasing version: $VERSION (tag: $TAG)" - name: Update Homebrew formula (Personal Tap) uses: mislav/bump-homebrew-formula-action@56a283fa15557e9abaa4bdb63b8212abc68e655c # v3.6 with: formula-name: mole formula-path: Formula/mole.rb homebrew-tap: tw93/homebrew-tap tag-name: ${{ steps.tag_version.outputs.tag }} commit-message: | mole ${{ steps.tag_version.outputs.version }} Automated release via GitHub Actions env: COMMITTER_TOKEN: ${{ secrets.PAT_TOKEN }} - name: Update Homebrew formula (Official Core) uses: mislav/bump-homebrew-formula-action@56a283fa15557e9abaa4bdb63b8212abc68e655c # v3.6 with: formula-name: mole homebrew-tap: Homebrew/homebrew-core tag-name: ${{ steps.tag_version.outputs.tag }} commit-message: | mole ${{ steps.tag_version.outputs.version }} Automated release via GitHub Actions env: COMMITTER_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }} continue-on-error: true - name: Verify formula updates if: success() run: | echo "✓ Homebrew formulae updated successfully" echo " Version: ${{ steps.tag_version.outputs.version }}" echo " Tag: ${{ steps.tag_version.outputs.tag }}" echo " Personal tap: tw93/homebrew-tap" echo " Official core: Homebrew/homebrew-core (PR created)"