go/.gitea/workflows/build-go.yaml

name: Build Go Tarball

on:
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v3

      - name: Install dependencies
        run: |
          sudo apt-get update -y
          sudo apt-get install -y curl tar jq

      - name: Determine latest Go release
        id: get_go
        run: |
          LATEST=$(curl -s https://go.dev/dl/?mode=json | jq -r '.[0].version')
          LATEST_NUM=${LATEST#go}  # strip leading "go"
          echo "LATEST=$LATEST_NUM" >> $GITHUB_ENV
          echo "Latest Go version: $LATEST_NUM"

      - name: Download official Go tarball
        env:
          LATEST: ${{ env.LATEST }}
        run: |
          echo "Downloading: https://go.dev/dl/go${LATEST}.linux-amd64.tar.gz"
          curl -LO https://go.dev/dl/go${LATEST}.linux-amd64.tar.gz
          mkdir -p golang-${LATEST}-linux-amd64-debian-12/files
          tar -xzf go${LATEST}.linux-amd64.tar.gz -C golang-${LATEST}-linux-amd64-debian-12/files

      - name: Package tarball
        env:
          LATEST: ${{ env.LATEST }}
        run: |
          tar -czf golang-${LATEST}-linux-amd64-debian-12.tar.gz golang-${LATEST}-linux-amd64-debian-12

      - name: Install Syft
        run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b .

      - name: Generate SPDX SBOM
        run: |
          ./syft dir:golang-${LATEST}-linux-amd64-debian-12/files \
            --name "golang" \
            --version "1.25.1-0" \
            --scope all-layers \
            --output spdx-json \
            > golang-${LATEST}-linux-amd64-debian-12.spdx-golang.spdx

      - name: Generate SHA256 checksum
        run: |
          sha256sum golang-${LATEST}-linux-amd64-debian-12.tar.gz > golang-${LATEST}-linux-amd64-debian-12.tar.gz.sha256
          cat golang-${LATEST}-linux-amd64-debian-12.tar.gz.sha256

      - name: Install MinIO Client
        run: |
          wget https://dl.min.io/client/mc/release/linux-amd64/mc
          chmod +x mc

      - name: Configure MinIO
        env:
          MINIO_USER: ${{ secrets.CI_MINIO_USERNAME }}
          MINIO_PASSWORD: ${{ secrets.CI_MINIO_PASSWORD }}
        run: |
          ./mc alias set upload http://10.0.1.16:9000 $MINIO_USER $MINIO_PASSWORD

      - name: Upload to MinIO
        run: |
          ./mc cp golang-${LATEST}-linux-amd64-debian-12.tar.gz upload/downloads/stacksmith/
          ./mc cp golang-${LATEST}-linux-amd64-debian-12.tar.gz.sha256 upload/downloads/stacksmith/
          ./mc cp golang-${LATEST}-linux-amd64-debian-12.spdx upload/downloads/stacksmith/