Align files (#203)

Co-authored-by: github-actions <action@github.com>
giantswarm · May 16, 2022 · 1924b66 · 1924b66
1 parent 903ff8c
commit 1924b66
Show file tree

Hide file tree

Showing 9 changed files with 94 additions and 33 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,7 +1,7 @@
 version: 2.1
 
 orbs:
-  architect: giantswarm/architect@4.15.0
+  architect: giantswarm/architect@4.18.0
 
 workflows:
   test:

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@4.24.1
+#    devctl@5.3.0
 #
 version: 2
 updates:

diff --git a/.github/workflows/zz_generated.create_release.yaml b/.github/workflows/zz_generated.create_release.yaml
@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@4.24.1
+#    devctl@5.3.0
 #
 name: Create Release
 on:
@@ -257,11 +257,14 @@ jobs:
           - linux-amd64
           - darwin-arm64
           - linux-arm64
+          - windows-amd64
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GO_VERSION: 1.17.8
+      GO_VERSION: 1.18.1
       ARTIFACT_DIR: bin-dist
       TAG: v${{ needs.gather_facts.outputs.version }}
+      CODE_SIGNING_CERT_BUNDLE_BASE64: ${{ secrets.CODE_SIGNING_CERT_BUNDLE_BASE64 }}
+      CODE_SIGNING_CERT_BUNDLE_PASSWORD: ${{ secrets.CODE_SIGNING_CERT_BUNDLE_PASSWORD }}
     needs:
       - create_release
       - gather_facts
@@ -270,7 +273,7 @@ jobs:
         uses: giantswarm/install-binary-action@v1.0.0
         with:
           binary: "architect"
-          version: "6.3.0"
+          version: "6.4.0"
       - name: Set up Go ${{ env.GO_VERSION }}
         uses: actions/setup-go@v2.2.0
         with:
@@ -281,10 +284,15 @@ jobs:
           ref: ${{ env.TAG }}
       - name: Create ${{ matrix.platform }} package
         run: make package-${{ matrix.platform }}
+      - name: Specify package file name based on platform
+        run: |
+          if [[ "${{ matrix.platform }}" == "windows-amd64" ]]; then
+            echo "FILE_NAME=${{ github.event.repository.name }}-${{ env.TAG }}-${{ matrix.platform }}.zip" >> $GITHUB_ENV
+          else
+            echo "FILE_NAME=${{ github.event.repository.name }}-${{ env.TAG }}-${{ matrix.platform }}.tar.gz" >> $GITHUB_ENV
+          fi
       - name: Add ${{ matrix.platform }} package to release
         uses: actions/upload-release-asset@v1
-        env:
-          FILE_NAME: ${{ github.event.repository.name }}-${{ env.TAG }}-${{ matrix.platform }}.tar.gz
         with:
           upload_url: ${{ needs.create_release.outputs.upload_url }}
           asset_path: ${{ env.ARTIFACT_DIR }}/${{ env.FILE_NAME }}

diff --git a/.github/workflows/zz_generated.create_release_pr.yaml b/.github/workflows/zz_generated.create_release_pr.yaml
@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@4.24.1
+#    devctl@5.3.0
 #
 name: Create Release PR
 on:
@@ -44,6 +44,7 @@ jobs:
       repo_name: ${{ steps.gather_facts.outputs.repo_name }}
       branch: ${{ steps.gather_facts.outputs.branch }}
       base: ${{ steps.gather_facts.outputs.base }}
+      is_major: ${{ steps.gather_facts.outputs.is_major }}
       skip: ${{ steps.pr_exists.outputs.skip }}
       version: ${{ steps.gather_facts.outputs.version }}
     steps:
@@ -81,6 +82,7 @@ jobs:
                 version_major=$((version_major+1))
                 version_minor=0
                 version_patch=0
+                echo "::set-output name=is_major::true"
                 ;;
               *)
                 echo "Unknown Semver level provided"
@@ -90,6 +92,12 @@ jobs:
             version="${version_major}.${version_minor}.${version_patch}"
           else
             version="${version#v}" # Strip "v" prefix.
+            version_major=$(echo "${version}" | cut -d "." -f 1)
+            version_minor=$(echo "${version}" | cut -d "." -f 2)
+            version_patch=$(echo "${version}" | cut -d "." -f 3)
+            if [[ $version_minor = 0 && $version_patch = 0 ]]; then
+              echo "::set-output name=is_major::true"
+            fi
           fi
           repo_name="$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')"
           echo "repo_name=\"$repo_name\" base=\"$base\" head=\"$head\" version=\"$version\""
@@ -117,6 +125,9 @@ jobs:
     env:
       architect_flags: "--organisation ${{ github.repository_owner }} --project ${{ needs.gather_facts.outputs.repo_name }}"
     steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '=1.18.1'
       - name: Install architect
         uses: giantswarm/install-binary-action@v1.0.0
         with:
@@ -129,6 +140,12 @@ jobs:
       - name: Prepare release changes
         run: |
           architect prepare-release ${{ env.architect_flags }} --version "${{ needs.gather_facts.outputs.version }}"
+      - name: Bump go module defined in go.mod if needed
+        run: |
+          if [ "${{ needs.gather_facts.outputs.is_major }}" = true ] && test -f "go.mod"; then
+            go install github.com/marwan-at-work/mod/cmd/mod@v0.4.1
+            mod upgrade
+          fi
       - name: Create release commit
         env:
           version: "${{ needs.gather_facts.outputs.version }}"

diff --git a/.github/workflows/zz_generated.gitleaks.yaml b/.github/workflows/zz_generated.gitleaks.yaml
@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@4.24.1
+#    devctl@5.3.0
 #
 name: gitleaks
 

diff --git a/.github/zz_generated.windows-code-signing.sh b/.github/zz_generated.windows-code-signing.sh
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+# DO NOT EDIT. Generated with:
+#
+#    devctl@5.3.0
+#
+
+APPLICATION=$1
+VERSION=$2
+
+SIGNCODE_UTIL=quay.io/giantswarm/signcode-util:1.1.1
+
+echo "APPLICATION=${APPLICATION}"
+echo "VERSION=${VERSION}"
+echo "PWD=${PWD}"
+
+if [ "${CODE_SIGNING_CERT_BUNDLE_PASSWORD}" = "" ]; then
+	echo "Variable CODE_SIGNING_CERT_BUNDLE_PASSWORD not set."
+	exit 1
+fi;
+
+if [ "${CODE_SIGNING_CERT_BUNDLE_BASE64}" = "" ]; then
+	echo "Variable CODE_SIGNING_CERT_BUNDLE_BASE64 not set."
+	exit 1
+fi;
+
+echo "Signing the Windows binary"
+
+mkdir -p certs
+
+echo "${CODE_SIGNING_CERT_BUNDLE_BASE64}" | base64 -d > certs/code-signing.p12
+
+mv "${APPLICATION}-v${VERSION}-windows-amd64.exe" "${APPLICATION}-v${VERSION}-windows-amd64-unsigned.exe"
+
+docker pull --quiet ${SIGNCODE_UTIL}
+
+docker run --rm \
+	-v "${PWD}/certs:/mnt/certs" \
+	-v "${PWD}:/mnt/binaries" \
+	${SIGNCODE_UTIL} \
+	sign \
+	-pkcs12 /mnt/certs/code-signing.p12 \
+	-n "Giant Swarm CLI tool ${APPLICATION}" \
+	-i "https://github.com/giantswarm/${APPLICATION}" \
+	-t http://timestamp.digicert.com -verbose \
+	-in "/mnt/binaries/${APPLICATION}-v${VERSION}-windows-amd64-unsigned.exe" \
+	-out "/mnt/binaries/${APPLICATION}-v${VERSION}-windows-amd64.exe" \
+	-pass "${CODE_SIGNING_CERT_BUNDLE_PASSWORD}"
+
+echo "Verifying the signed binary"
+
+docker run --rm \
+	-v "${PWD}:/mnt/binaries" \
+	${SIGNCODE_UTIL} \
+	verify \
+	"/mnt/binaries/${APPLICATION}-v${VERSION}-windows-amd64.exe"
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -8,7 +8,7 @@ repos:
         args: [ --format=json ]
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.1.0
+    rev: v4.2.0
     hooks:
       - id: check-added-large-files
       # check for unresolved merge conflicts

diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@4.24.1
+#    devctl@5.3.0
 #
 
 include Makefile.*.mk

diff --git a/Makefile.gen.go.mk b/Makefile.gen.go.mk
@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@4.24.1
+#    devctl@5.3.0
 #
 
 PACKAGE_DIR    := ./bin-dist
@@ -88,27 +88,7 @@ package-windows-amd64: $(PACKAGE_DIR)/$(APPLICATION)-v$(VERSION)-windows-amd64.z
 $(PACKAGE_DIR)/$(APPLICATION)-v$(VERSION)-windows-amd64.zip: DIR=$(PACKAGE_DIR)/$(APPLICATION)-v$(VERSION)-windows-amd64
 $(PACKAGE_DIR)/$(APPLICATION)-v$(VERSION)-windows-amd64.zip: $(APPLICATION)-v$(VERSION)-windows-amd64.exe
 	@echo "====> $@"
-
-	@ if [ "${CODE_SIGNING_CERT_BUNDLE_PASSWORD}" != "" ]; then \
-	  echo 'Signing the Windows binary'; \
-	  mkdir -p certs; \
-	  echo ${CODE_SIGNING_CERT_BUNDLE_BASE64} | base64 -d > certs/code-signing.p12; \
-	  mv ${APPLICATION}-v${VERSION}-windows-amd64.exe ${APPLICATION}-v${VERSION}-windows-amd64-unsigned.exe; \
-	  docker run --rm -ti \
-		  -v ${PWD}/certs:/mnt/certs \
-		  -v ${PWD}:/mnt/binaries \
-		  --user ${USERID}:${GROUPID} \
-		  quay.io/giantswarm/signcode-util:latest \
-		  sign \
-		  -pkcs12 /mnt/certs/code-signing.p12 \
-		  -n "Giant Swarm CLI tool $(APPLICATION)" \
-		  -i https://github.com/giantswarm/$(APPLICATION) \
-		  -t http://timestamp.digicert.com -verbose \
-		  -in /mnt/binaries/${APPLICATION}-v${VERSION}-windows-amd64-unsigned.exe \
-		  -out /mnt/binaries/${APPLICATION}-v${VERSION}-windows-amd64.exe \
-		  -pass $(CODE_SIGNING_CERT_BUNDLE_PASSWORD); \
-	fi
-
+	/bin/sh .github/zz_generated.windows-code-signing.sh $(APPLICATION) $(VERSION)
 	@echo "Creating directory $(DIR)"
 	mkdir -p $(DIR)
 	cp $< $(DIR)/$(APPLICATION).exe