alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

[action] goreleaser header packages

Browse source
This commit is contained in:
max furman 2021-09-11 13:05:17 -07:00
parent 2cce795d8f
commit 494da3d668
3 changed files with 42 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
.github/workflows/release.yml vendored
View file

@ -62,8 +62,15 @@ jobs:
needs: test needs: test
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
outputs: outputs:
debversion: ${{ steps.extract-tag.outputs.DEB_VERSION }}
is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }} is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
steps: steps:
-
name: Extract Tag Names
id: extract-tag
run: |
DEB_VERSION=$(echo ${GITHUB_REF#refs/tags/v} | sed 's/-/./')
echo "::set-output name=DEB_VERSION::${DEB_VERSION}"
- -
name: Is Pre-release name: Is Pre-release
id: is_prerelease id: is_prerelease
@ -122,6 +129,12 @@ jobs:
name: Write cosign key to disk name: Write cosign key to disk
id: write_key id: write_key
run: echo "${{ secrets.COSIGN_KEY }}" > "/tmp/cosign.key" run: echo "${{ secrets.COSIGN_KEY }}" > "/tmp/cosign.key"
-
name: Get Release Date
id: release_date
run: |
RELEASE_DATE=$(date +"%y-%m-%d")
echo "::set-output name=RELEASE_DATE::${RELEASE_DATE}"
- -
name: Run GoReleaser name: Run GoReleaser
uses: goreleaser/goreleaser-action@5a54d7e660bda43b405e8463261b3d25631ffe86 # v2.7.0 uses: goreleaser/goreleaser-action@5a54d7e660bda43b405e8463261b3d25631ffe86 # v2.7.0
@ -131,6 +144,8 @@ jobs:
env: env:
GITHUB_TOKEN: ${{ secrets.PAT }} GITHUB_TOKEN: ${{ secrets.PAT }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }} COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
DEB_VERSION: ${{ needs.create_release.outputs.debversion }}
RELEASE_DATE: ${{ steps.release_date.outputs.RELEASE_DATE }}
build_upload_docker: build_upload_docker:
name: Build & Upload Docker Images name: Build & Upload Docker Images

34
.goreleaser.yml
View file

@ -154,26 +154,45 @@ release:
# You can change the name of the release. # You can change the name of the release.
# Default is `{{.Tag}}` # Default is `{{.Tag}}`
#name_template: "{{.ProjectName}}-v{{.Version}} {{.Env.USER}}" name_template: "Step CA {{ .Tag }} ({{ .Env.RELEASE_DATE }})"
# Header template for the release body. # Header template for the release body.
# Defaults to empty. # Defaults to empty.
header: | header: |
Welcome to this new release! ## Official Release Artifacts
#### Linux
- 📦 [step-ca_linux_{{ .Version }}_amd64.tar.gz](https://dl.step.sm/cli/{{ .Tag }}/step-ca_linux_{{ .Version }}_amd64.tar.gz)
- 📦 [step-ca_{{ .Env.DEB_VERSION }}_amd64.deb](https://dl.step.sm/cli/{{ .Tag }}/step-ca_{{ .Env.DEB_VERSION }}_amd64.deb)
#### OSX Darwin
- 📦 [step-ca_darwin_{{ .Version }}_amd64.tar.gz](https://dl.step.sm/cli/{{ .Tag }}/step-ca_darwin_{{ .Version }}_amd64.tar.gz)
- 📦 [step-ca_darwin_{{ .Version }}_arm64.tar.gz](https://dl.step.sm/cli/{{ .Tag }}/step-ca_darwin_{{ .Version }}_arm64.tar.gz)
#### Windows
- 📦 [step-ca_windows_{{ .Version }}_arm64.zip](https://dl.step.sm/cli/{{ .Tag }}/step-ca_windows_{{ .Version }}_amd64.zip)
For more builds across platforms and architectures see the `Assets` section below.
Don't see the artifact you need? Open an issue [here](https://github.com/smallstep/certificates/issues/new/choose).
## Signatures and Checksums ## Signatures and Checksums
`step-ca` uses [sigstore/cosign](https://github.com/sigstore/cosign) for signing and verifying release artifacts. `step-ca` uses [sigstore/cosign](https://github.com/sigstore/cosign) for signing and verifying release artifacts.
Here is an example of how to use `cosign` to verify a release artifact:
Below is an example using `cosign` to verify a release artifact:
``` ```
cosign verify-blob \ cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \ -key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.17.2_amd64.tar.gz.sig -signature ~/Downloads/step-ca_darwin_{{ .Version }_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.17.2_amd64.tar.gz ~/Downloads/step-ca_darwin_{{ .Version }_amd64.tar.gz
``` ```
We use the `checksums.txt` file to store checksums for every artifact in the release. The `checksums.txt` file (in the `Assets` section below) contains a checksum for every artifact in the release.
# Footer template for the release body. # Footer template for the release body.
# Defaults to empty. # Defaults to empty.
@ -182,8 +201,7 @@ release:
Those were the changes on {{ .Tag }}! Those were the changes on {{ .Tag }}!
Come join us on [Discord](https://discord.gg/X2RKGwEbV9) to ask questions, chat about PKI, Come join us on [Discord](https://discord.gg/X2RKGwEbV9) to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
or get a sneak peak at the freshest PKI memes.
# You can disable this pipe in order to not upload any artifacts. # You can disable this pipe in order to not upload any artifacts.
# Defaults to false. # Defaults to false.

2
Makefile
View file

@ -68,7 +68,7 @@ PUSHTYPE := branch
endif endif
VERSION := $(shell echo $(VERSION) | sed 's/^v//') VERSION := $(shell echo $(VERSION) | sed 's/^v//')
DEB_VERSION := $(shell echo $(VERSION) | sed 's/-/~/g') DEB_VERSION := $(shell echo $(VERSION) | sed 's/-/./g')
ifdef V ifdef V
$(info TRAVIS_TAG is $(TRAVIS_TAG)) $(info TRAVIS_TAG is $(TRAVIS_TAG))