55
66on :
77 release :
8- types : [ published ]
8+ types : [published]
99 # Trigger only when a release with tag v*.*.* is published
1010 tags :
1111 - ' v[0-9]+.[0-9]+.[0-9]+'
@@ -14,24 +14,26 @@ jobs:
1414 update-version :
1515 runs-on : ubuntu-latest
1616 steps :
17- - uses : actions/checkout@v3
17+ - uses : actions/checkout@v4
18+
1819 - name : Update version in package.json
1920 run : |
2021 CURRENT_TAG=${GITHUB_REF#refs/tags/}
21- echo "Current tag: $CURRENT_TAG"
2222 VERSION="${CURRENT_TAG#v}"
2323 echo "Updating version to: $VERSION"
2424 jq ".version = \"$VERSION\"" package.json > package.json.tmp
2525 mv package.json.tmp package.json
26+
2627name : Create Pull Request
27- uses : peter-evans/create-pull-request@v4
28+ uses : peter-evans/create-pull-request@v7
2829 with :
29- title : Update package.json version
30+ title : " Update package.json version"
3031 branch : update-version
31- commit-message : Update package.json version
32- body : Update the version of `package.json` as part of release process
32+ commit-message : " Update package.json version"
33+ body : " Update the version of \ `\ `the release process. "
3334 delete-branch : true
3435 base : main
36+
3537 build :
3638 runs-on : ubuntu-latest
3739 permissions :
@@ -41,43 +43,36 @@ jobs:
4143 pull-requests : write
4244
4345 steps :
44- - uses : actions/checkout@v3
46+ - uses : actions/checkout@v4
4547
46- # Install the cosign tool except on PR
47- # https://github.com/sigstore/cosign-installer
4848 - name : Install cosign
4949 if : github.event_name != 'pull_request'
50- uses : sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 # v2.6.0
50+ uses : sigstore/cosign-installer@v3
5151 with :
52- cosign-release : ' v1.13.1 '
52+ cosign-release : ' v2.0.0 '
5353
54- # Workaround: https://github.com/docker/build-push-action/issues/461
55- - name : Setup Docker buildx
56- uses : docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
54+ - name : Setup Docker Buildx
55+ uses : docker/setup-buildx-action@v3
5756
58- # Login against a Docker registry except on PR
59- # https://github.com/docker/login-action
6057 - name : Log into registry ${{ env.REGISTRY }}
6158 if : github.event_name != 'pull_request'
62- uses : docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
59+ uses : docker/login-action@v3
6360 with :
6461 registry : ${{ env.REGISTRY }}
6562 username : ${{ github.actor }}
6663 password : ${{ secrets.GITHUB_TOKEN }}
6764
68- # Extract metadata (tags, labels) for Docker
69- # https://github.com/docker/metadata-action
7065 - name : Extract Docker metadata
7166 id : meta
72- uses : docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
67+ uses : docker/metadata-action@v5
7368 with :
7469 images : ${{ env.REGISTRY }}/${{ github.repository }}
7570
7671 # Build and push Docker image with Buildx (don't push on PR)
7772 # https://github.com/docker/build-push-action
7873 - name : Build and push Docker image
7974 id : build-and-push
80- uses : docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
75+ uses : docker/build-push-action@v5
8176 with :
8277 context : .
8378 push : ${{ github.event_name != 'pull_request' }}
8681 cache-from : type=gha
8782 cache-to : type=gha,mode=max
8883
89-
90- # Sign the resulting Docker image digest except on PRs.
91- # This will only write to the public Rekor transparency log when the Docker
92- # repository is public to avoid leaking data. If you would like to publish
93- # transparency data even for private images, pass --force to cosign below.
94- # https://github.com/sigstore/cosign
9584 - name : Sign the published Docker image
9685 if : ${{ github.event_name != 'pull_request' }}
9786 env :
9887 COSIGN_EXPERIMENTAL : " true"
99- # This step uses the identity token to provision an ephemeral certificate
100- # against the sigstore community Fulcio instance.
10188 run : echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
0 commit comments