[action] updates and first pass at goreleaser deb

This commit is contained in:
max furman 2022-10-01 11:03:14 -07:00
parent 818dffe6fe
commit 4c687efb17
No known key found for this signature in database
2 changed files with 64 additions and 100 deletions

View file

@ -8,25 +8,17 @@ on:
jobs: jobs:
ci: ci:
uses: smallstep/certificates/.github/workflows/ci.yml@main uses: smallstep/certificates/.github/workflows/ci.yml@master
secrets: inherit secrets: inherit
create_release: create_release:
name: Create Release name: Create Release
needs: ci #needs: ci
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
outputs: outputs:
debversion: ${{ steps.extract-tag.outputs.DEB_VERSION }}
is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }} is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
steps: steps:
- - name: Is Pre-release
name: Extract Tag Names
id: extract-tag
run: |
DEB_VERSION=$(echo ${GITHUB_REF#refs/tags/v} | sed 's/-/./')
echo "::set-output name=DEB_VERSION::${DEB_VERSION}"
-
name: Is Pre-release
id: is_prerelease id: is_prerelease
run: | run: |
set +e set +e
@ -34,8 +26,7 @@ jobs:
OUT=$? OUT=$?
if [ $OUT -eq 0 ]; then IS_PRERELEASE=true; else IS_PRERELEASE=false; fi if [ $OUT -eq 0 ]; then IS_PRERELEASE=true; else IS_PRERELEASE=false; fi
echo "::set-output name=IS_PRERELEASE::${IS_PRERELEASE}" echo "::set-output name=IS_PRERELEASE::${IS_PRERELEASE}"
- - name: Create Release
name: Create Release
id: create_release id: create_release
uses: actions/create-release@v1 uses: actions/create-release@v1
env: env:
@ -51,54 +42,33 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
needs: create_release needs: create_release
steps: steps:
- - name: Checkout
name: Checkout uses: actions/checkout@v3
uses: actions/checkout@v2 - name: Set up Go
with: uses: actions/setup-go@v3
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@v2
with: with:
go-version: 1.19 go-version: 1.19
- check-latest: true
name: APT Install - name: Install cosign
id: aptInstall uses: sigstore/cosign-installer@v2.7.0
run: sudo apt-get -y install build-essential debhelper fakeroot
-
name: Build Debian package
id: make_debian
run: |
PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin
make debian
# need to restore the git state otherwise goreleaser fails due to dirty state
git restore debian/changelog
git clean -fd
-
name: Install cosign
uses: sigstore/cosign-installer@v1.1.0
with: with:
cosign-release: 'v1.1.0' cosign-release: 'v1.12.1'
- - name: Write cosign key to disk
name: Write cosign key to disk
id: write_key id: write_key
run: echo "${{ secrets.COSIGN_KEY }}" > "/tmp/cosign.key" run: echo "${{ secrets.COSIGN_KEY }}" > "/tmp/cosign.key"
- - name: Get Release Date
name: Get Release Date
id: release_date id: release_date
run: | run: |
RELEASE_DATE=$(date +"%y-%m-%d") RELEASE_DATE=$(date +"%y-%m-%d")
echo "::set-output name=RELEASE_DATE::${RELEASE_DATE}" echo "::set-output name=RELEASE_DATE::${RELEASE_DATE}"
- - name: Run GoReleaser
name: Run GoReleaser uses: goreleaser/goreleaser-action@v3
uses: goreleaser/goreleaser-action@5a54d7e660bda43b405e8463261b3d25631ffe86 # v2.7.0
with: with:
version: 'v1.7.0' version: 'latest'
args: release --rm-dist args: release --rm-dist
env: env:
GITHUB_TOKEN: ${{ secrets.PAT }} GITHUB_TOKEN: ${{ secrets.PAT }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }} COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
DEB_VERSION: ${{ needs.create_release.outputs.debversion }}
RELEASE_DATE: ${{ steps.release_date.outputs.RELEASE_DATE }} RELEASE_DATE: ${{ steps.release_date.outputs.RELEASE_DATE }}
build_upload_docker: build_upload_docker:
@ -106,25 +76,21 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
needs: ci needs: ci
steps: steps:
- - name: Checkout
name: Checkout uses: actions/checkout@v3
uses: actions/checkout@v2 - name: Setup Go
- uses: actions/setup-go@v3
name: Setup Go
uses: actions/setup-go@v2
with: with:
go-version: '1.19' go-version: '1.19'
- check-latest: true
name: Install cosign - name: Install cosign
uses: sigstore/cosign-installer@v1.1.0 uses: sigstore/cosign-installer@v1.1.0
with: with:
cosign-release: 'v1.1.0' cosign-release: 'v1.1.0'
- - name: Write cosign key to disk
name: Write cosign key to disk
id: write_key id: write_key
run: echo "${{ secrets.COSIGN_KEY }}" > "/tmp/cosign.key" run: echo "${{ secrets.COSIGN_KEY }}" > "/tmp/cosign.key"
- - name: Build
name: Build
id: build id: build
run: | run: |
PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin

View file

@ -26,7 +26,7 @@ builds:
flags: flags:
- -trimpath - -trimpath
main: ./cmd/step-ca/main.go main: ./cmd/step-ca/main.go
binary: bin/step-ca binary: step-ca
ldflags: ldflags:
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}} - -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
- -
@ -47,7 +47,7 @@ builds:
flags: flags:
- -trimpath - -trimpath
main: ./cmd/step-cloudkms-init/main.go main: ./cmd/step-cloudkms-init/main.go
binary: bin/step-cloudkms-init binary: step-cloudkms-init
ldflags: ldflags:
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}} - -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
- -
@ -68,7 +68,7 @@ builds:
flags: flags:
- -trimpath - -trimpath
main: ./cmd/step-awskms-init/main.go main: ./cmd/step-awskms-init/main.go
binary: bin/step-awskms-init binary: step-awskms-init
ldflags: ldflags:
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}} - -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
@ -85,6 +85,40 @@ archives:
files: files:
- README.md - README.md
- LICENSE - LICENSE
allow_different_binary_count: true
nfpms:
# Configure nFPM for .deb and .rpm releases
#
# See https://nfpm.goreleaser.com/configuration/
# and https://goreleaser.com/customization/nfpm/
#
# Useful tools for debugging .debs:
# List file contents: dpkg -c dist/step_...deb
# Package metadata: dpkg --info dist/step_....deb
#
-
builds:
- step-ca
- step-awskms-init
- step-cloudkms-init
package_name: step-ca
file_name_template: "{{ .PackageName }}_{{ .Version }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
vendor: Smallstep Labs
homepage: https://github.com/smallstep/certificates
maintainer: Smallstep <techadmin@smallstep.com>
description: >
step-ca is an online certificate authority for secure, automated certificate management.
license: Apache 2.0
section: utils
formats:
- deb
- rpm
priority: optional
bindir: /usr/bin
contents:
- src: debian/copyright
dst: /usr/share/doc/step-ca/copyright
source: source:
enabled: true enabled: true
@ -98,7 +132,7 @@ checksum:
signs: signs:
- cmd: cosign - cmd: cosign
stdin: '{{ .Env.COSIGN_PWD }}' stdin: '{{ .Env.COSIGN_PWD }}'
args: ["sign-blob", "-key=/tmp/cosign.key", "-output=${signature}", "${artifact}"] args: ["sign-blob", "-key=/tmp/cosign.key", "-output-signature=${signature}", "${artifact}"]
artifacts: all artifacts: all
snapshot: snapshot:
@ -140,7 +174,7 @@ release:
#### Linux #### Linux
- 📦 [step-ca_linux_{{ .Version }}_amd64.tar.gz](https://dl.step.sm/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_linux_{{ .Version }}_amd64.tar.gz) - 📦 [step-ca_linux_{{ .Version }}_amd64.tar.gz](https://dl.step.sm/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_linux_{{ .Version }}_amd64.tar.gz)
- 📦 [step-ca_{{ .Env.DEB_VERSION }}_amd64.deb](https://dl.step.sm/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_{{ .Env.DEB_VERSION }}_amd64.deb) - 📦 [step-ca_{{ .Version }}_amd64.deb](https://dl.step.sm/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_{{ .Version }}_amd64.deb)
#### OSX Darwin #### OSX Darwin
@ -194,39 +228,3 @@ release:
# - glob: ./path/to/file.txt # - glob: ./path/to/file.txt
# - glob: ./glob/**/to/**/file/**/* # - glob: ./glob/**/to/**/file/**/*
# - glob: ./glob/foo/to/bar/file/foobar/override_from_previous # - glob: ./glob/foo/to/bar/file/foobar/override_from_previous
scoop:
# Template for the url which is determined by the given Token (github or gitlab)
# Default for github is "https://github.com/<repo_owner>/<repo_name>/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
# Default for gitlab is "https://gitlab.com/<repo_owner>/<repo_name>/uploads/{{ .ArtifactUploadHash }}/{{ .ArtifactName }}"
# Default for gitea is "https://gitea.com/<repo_owner>/<repo_name>/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
url_template: "http://github.com/smallstep/certificates/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
# Repository to push the app manifest to.
bucket:
owner: smallstep
name: scoop-bucket
# Git author used to commit to the repository.
# Defaults are shown.
commit_author:
name: goreleaserbot
email: goreleaser@smallstep.com
# The project name and current git tag are used in the format string.
commit_msg_template: "Scoop update for {{ .ProjectName }} version {{ .Tag }}"
# Your app's homepage.
# Default is empty.
homepage: "https://smallstep.com/docs/step-ca"
# Skip uploads for prerelease.
skip_upload: auto
# Your app's description.
# Default is empty.
description: "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH."
# Your app's license
# Default is empty.
license: "Apache-2.0"