From 5de2065b0175e5f0d6aa28a0e03ecb5de05aa5a5 Mon Sep 17 00:00:00 2001 From: Raúl Benencia Date: Fri, 5 Jun 2026 21:26:44 -0300 Subject: Add release workflow with reproducible builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds .github/workflows/release.yml triggered on v* tags. Builds linux/amd64 and linux/arm64 with -trimpath, CGO_ENABLED=0, and SOURCE_DATE_EPOCH set from the tag commit — the three flags required for Debian-compatible reproducible Go builds. Uploads binaries and a sha256sums.txt to the GitHub Release via softprops/action-gh-release. Wires a version variable in main.go (defaulting to "dev") that is stamped at build time via -ldflags "-X main.version=". The Makefile gains the same flags for local builds (VERSION ?= dev). --- .github/workflows/release.yml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 .github/workflows/release.yml (limited to '.github/workflows/release.yml') diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..c5100f8 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,35 @@ +name: Release + +on: + push: + tags: ["v*"] + +jobs: + release: + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + + - name: Build binaries + env: + VERSION: ${{ github.ref_name }} + run: | + SOURCE_DATE_EPOCH=$(git log -1 --format=%ct) + mkdir -p dist + for GOARCH in amd64 arm64; do + CGO_ENABLED=0 GOOS=linux GOARCH=$GOARCH SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH \ + go build -trimpath \ + -ldflags="-s -w -X main.version=${VERSION}" \ + -o dist/shoelaces-linux-${GOARCH} . + done + cd dist && sha256sum * > sha256sums.txt + + - uses: softprops/action-gh-release@v2 + with: + files: dist/* -- cgit v1.2.3