From c8d540bd8ff2a90150010a416f8503fcb5431363 Mon Sep 17 00:00:00 2001 From: Brian Fogg Date: Fri, 21 Oct 2022 13:18:04 -0500 Subject: [PATCH] adding go release code and github action --- .../workflows/release-to-private-registry.yml | 51 ++++++++ .goreleaser.yml | 121 +++++++----------- 2 files changed, 100 insertions(+), 72 deletions(-) create mode 100644 .github/workflows/release-to-private-registry.yml diff --git a/.github/workflows/release-to-private-registry.yml b/.github/workflows/release-to-private-registry.yml new file mode 100644 index 00000000000..f731e4a31e0 --- /dev/null +++ b/.github/workflows/release-to-private-registry.yml @@ -0,0 +1,51 @@ +# This GitHub action can publish assets for release when a tag is created. +# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0). +# +# This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your +# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE` +# secret. If you would rather own your own GPG handling, please fork this action +# or use an alternative one for key handling. +# +# You will need to pass the `--batch` flag to `gpg` in your signing step +# in `goreleaser` to indicate this is being used in a non-interactive mode. +# +name: release +on: + push: + tags: + - 'v*' +permissions: + contents: write +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v3 + - + name: Unshallow + run: git fetch --prune --unshallow + - + name: Set up Go + uses: actions/setup-go@v3 + with: + go-version-file: 'go.mod' + cache: true + - + name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v5 + id: import_gpg + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: "" + - + name: Run GoReleaser + uses: goreleaser/goreleaser-action@v3.2.0 + with: + version: latest + args: release --rm-dist + env: + GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} + # GitHub sets this automatically + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.goreleaser.yml b/.goreleaser.yml index 5b3a87eded1..8b1a50c6e65 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -1,83 +1,60 @@ -archives: - - files: - # Only include built binary in archive - - 'none*' - format: zip - name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}' +# Visit https://goreleaser.com for documentation on how to customize this +# behavior. +before: + hooks: + # this is just an example and not a requirement for provider building/publishing + # - go mod tidy builds: - - # Special binary naming is only necessary for Terraform CLI 0.12 - binary: '{{ .ProjectName }}_v{{ .Version }}_x5' - env: - - CGO_ENABLED=0 - flags: - - -trimpath - goos: - - darwin - - freebsd - - linux - - windows - goarch: - - '386' - - amd64 - - arm - - arm64 - ignore: - - goarch: arm - goos: windows - - goarch: arm64 - goos: freebsd - - goarch: arm64 - goos: windows - ldflags: - - -s -w -X version.ProviderVersion={{.Version}} - mod_timestamp: '{{ .CommitTimestamp }}' +- env: + # goreleaser does not work with CGO, it could also complicate + # usage by users in CI/CD systems like Terraform Cloud where + # they are unable to install libraries. + - CGO_ENABLED=0 + mod_timestamp: '{{ .CommitTimestamp }}' + flags: + - -trimpath + ldflags: + - '-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}' + goos: + # - freebsd + # - windows + - linux + - darwin + goarch: + - amd64 + # - '386' + # - arm + - arm64 + ignore: + - goos: darwin + goarch: '386' + binary: '{{ .ProjectName }}_v{{ .Version }}' +archives: +- format: zip + name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}' checksum: extra_files: - glob: 'terraform-registry-manifest.json' name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json' name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS' algorithm: sha256 -publishers: - - name: upload - checksum: true - extra_files: - - glob: 'terraform-registry-manifest.json' - name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json' - signature: true - cmd: hc-releases upload -product {{ .ProjectName }} -version {{ .Version }} -file={{ .ArtifactPath }}={{ .ArtifactName }} -header="x-terraform-protocol-version=5.0" -header="x-terraform-protocol-versions=5.0" - env: - - HC_RELEASES_HOST={{ .Env.HC_RELEASES_HOST }} - - HC_RELEASES_KEY={{ .Env.HC_RELEASES_KEY }} +signs: + - artifacts: checksum + args: + # if you are using this in a GitHub action or some other automated pipeline, you + # need to pass the batch flag to indicate its not interactive. + - "--batch" + - "--local-user" + - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key + - "--output" + - "${signature}" + - "--detach-sign" + - "${artifact}" release: extra_files: - glob: 'terraform-registry-manifest.json' name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json' - ids: - - none -signs: - # Default Signature file (i.e. terraform-provider-awscc_VERSION_SHA256SUMS.sig) - - cmd: sh - args: - - -c - - >- - signore - sign - --dearmor - --file ${artifact} - --out ${signature} - artifacts: checksum - # Signature file with GPG Public Key ID in filename (i.e. terraform-provider-awscc_VERSION_SHA256SUMS.7685B676.sig) - - id: sig-with-gpg-public-key-id - signature: ${artifact}.72D7468F.sig - cmd: sh - args: - - -c - - >- - signore - sign - --dearmor - --file ${artifact} - --out ${signature} - artifacts: checksum -snapshot: - name_template: "{{ .Tag }}-next" + # If you want to manually examine the release before its live, uncomment this line: + # draft: true +changelog: + skip: true \ No newline at end of file