name: Release on: push: tags: - "*" permissions: contents: write packages: write jobs: build: strategy: matrix: include: - goos: linux goarch: amd64 runner: ubuntu-latest - goos: linux goarch: arm64 runner: ubuntu-24.04-arm - goos: windows goarch: amd64 runner: windows-latest - goos: windows goarch: arm64 runner: windows-latest - goos: darwin goarch: amd64 runner: macos-15 - goos: darwin goarch: arm64 runner: macos-26 runs-on: ${{ matrix.runner }} steps: - name: Checkout uses: actions/checkout@v5 with: fetch-depth: 0 - name: Install Protoc uses: arduino/setup-protoc@v3 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Setup PNPM uses: pnpm/action-setup@v4 with: version: latest run_install: false - name: Install Node uses: actions/setup-node@v5 with: node-version: lts/* cache: pnpm - name: Install Node dependencies run: pnpm install --frozen-lockfile - name: Install Go uses: actions/setup-go@v6 with: go-version-file: go.mod cache: true - name: Install Go code generation tools run: | go install github.com/a-h/templ/cmd/templ@latest go install google.golang.org/protobuf/cmd/protoc-gen-go@latest go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest go install github.com/sqlc-dev/sqlc/cmd/sqlc@latest - name: Install Just uses: extractions/setup-just@v3 with: github-token: ${{ secrets.GITHUB_TOKEN }} - name: Run code generation run: just prebuild # Linux: install Zig and configure musl-static CGO toolchain via Zig - name: Install Zig (Linux) if: matrix.goos == 'linux' uses: mlugg/setup-zig@v2 with: version: master - name: Setup Linux CGO toolchain (musl static via Zig) if: matrix.goos == 'linux' shell: bash run: | set -euxo pipefail case "${{ matrix.goarch }}" in amd64) echo "CC=zig cc -target x86_64-linux-musl" >> "$GITHUB_ENV" echo "CXX=zig c++ -target x86_64-linux-musl" >> "$GITHUB_ENV" ;; arm64) echo "CC=zig cc -target aarch64-linux-musl" >> "$GITHUB_ENV" echo "CXX=zig c++ -target aarch64-linux-musl" >> "$GITHUB_ENV" ;; *) echo "Unsupported arch for Linux: ${{ matrix.goarch }}" >&2 exit 1 ;; esac # Ensure cgo is used and force a fully static link echo "CGO_ENABLED=1" >> "$GITHUB_ENV" echo "CGO_LDFLAGS=-static" >> "$GITHUB_ENV" # Force external linker (zig cc) and pass -static to the linker # Using two -ldflags avoids quoting issues in GOFLAGS. echo "GOFLAGS=-ldflags=-linkmode=external -ldflags=-extldflags=-static" >> "$GITHUB_ENV" # Windows ARM64 CGO with Zig (existing) - name: Setup Windows ARM64 CGO toolchain if: matrix.goos == 'windows' && matrix.goarch == 'arm64' shell: powershell run: | echo "CC=zig cc -target aarch64-windows" >> $env:GITHUB_ENV echo "CXX=zig c++ -target aarch64-windows" >> $env:GITHUB_ENV - name: Install Zig for cross-compilation if: matrix.goos == 'windows' && matrix.goarch == 'arm64' uses: mlugg/setup-zig@v2 with: version: master - name: Download Go dependencies run: go mod download - name: Run GoReleaser uses: goreleaser/goreleaser-action@v6 with: distribution: goreleaser-pro version: "~> v2" args: release --clean --split env: GITHUB_TOKEN: ${{ secrets.PAT }} GORELEASER_KEY: ${{ secrets.GORELEASER }} GOOS: ${{ matrix.goos }} GOARCH: ${{ matrix.goarch }} - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: ${{ matrix.goos }}-${{ matrix.goarch }}-artifacts path: dist/* merge: runs-on: ubuntu-latest needs: [build] steps: - name: Checkout uses: actions/checkout@v5 with: fetch-depth: 0 - name: Install Go uses: actions/setup-go@v6 with: go-version-file: go.mod cache: true - name: Setup PNPM uses: pnpm/action-setup@v4 with: version: latest run_install: false - name: Install Node uses: actions/setup-node@v5 with: node-version: lts/* cache: pnpm - name: Install Node dependencies run: pnpm install --frozen-lockfile - name: Prepare npm auth run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc env: NPM_TOKEN: ${{ secrets.NPM }} - name: Download all artifacts uses: actions/download-artifact@v4 with: path: dist merge-multiple: true - name: Merge and release uses: goreleaser/goreleaser-action@v6 with: distribution: goreleaser-pro version: "~> v2" args: continue --merge env: GITHUB_TOKEN: ${{ secrets.PAT }} GORELEASER_KEY: ${{ secrets.GORELEASER }} docs: name: Generate docs runs-on: blacksmith-2vcpu-ubuntu-2404 steps: - name: Checkout uses: actions/checkout@v5 with: fetch-depth: 0 - name: Install Protoc uses: arduino/setup-protoc@v3 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Setup PNPM uses: pnpm/action-setup@v4 with: version: latest run_install: false - name: Install Node uses: actions/setup-node@v5 with: node-version: lts/* cache: pnpm - name: Install Node dependencies run: pnpm install --frozen-lockfile - name: Install Go uses: actions/setup-go@v6 with: go-version-file: go.mod cache: true - name: Download Go dependencies run: | go mod download go install github.com/a-h/templ/cmd/templ@latest go install google.golang.org/protobuf/cmd/protoc-gen-go@latest go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest go install github.com/sqlc-dev/sqlc/cmd/sqlc@latest - name: Install Just uses: extractions/setup-just@v3 with: github-token: ${{ secrets.GITHUB_TOKEN }} - name: Prebuild run: just prebuild - name: Checkout homepage repo uses: actions/checkout@v5 with: repository: pogo-vcs/homepage token: ${{ secrets.PAT }} path: homepage fetch-depth: 0 - name: Run generator run: go run ./scripts md ./homepage/src/content/docs/reference/ - name: Generate dependencies documentation env: GITHUB_TOKEN: ${{ secrets.PAT }} run: go run ./scripts deps ./homepage/src/content/docs/concepts/dependencies.md - name: Detect changes in homepage repo id: detect run: | cd homepage # Exit successfully but signal if there are changes if [ -n "$(git status --porcelain)" ]; then echo "changes=true" >> $GITHUB_OUTPUT else echo "changes=false" >> $GITHUB_OUTPUT fi - name: Commit and push changes to homepage if: steps.detect.outputs.changes == 'true' env: PAT: ${{ secrets.PAT }} run: | set -euo pipefail cd homepage git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" git add -A git commit -m "chore: regenerate homepage content" # Push using the PAT to ensure authentication git push "https://x-access-token:${PAT}@github.com/pogo-vcs/homepage.git" HEAD:main docker: name: Docker needs: [build] runs-on: blacksmith-4vcpu-ubuntu-2404 steps: - name: Checkout uses: actions/checkout@v5 - name: Login to GHCR uses: docker/login-action@v3 with: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} registry: https://ghcr.io - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Setup Blacksmith Builder uses: useblacksmith/setup-docker-builder@v1 - name: Build and push Docker image uses: useblacksmith/build-push-action@v2 with: file: ./Dockerfile push: true tags: ghcr.io/${{ github.repository }}:latest,ghcr.io/${{ github.repository }}:alpine,ghcr.io/${{ github.repository }}:${{ github.ref_name }},ghcr.io/${{ github.repository }}:alpine-${{ github.ref_name }} platforms: linux/amd64,linux/arm64/v8