Merge pull request #485 from smallstep/max/actions

Convert to github actions
This commit is contained in:
Max 2021-02-22 22:23:48 -08:00 committed by GitHub
commit 8ead310d24
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 398 additions and 75 deletions

146
.github/workflows/release.yml vendored Normal file
View file

@ -0,0 +1,146 @@
name: Create Release & Upload Assets
on:
push:
# Sequence of patterns matched against refs/tags
tags:
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
jobs:
test:
name: Lint, Test, Build
runs-on: ubuntu-20.04
outputs:
is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Setup Go
uses: actions/setup-go@v2
with:
go-version: '^1.15.8'
-
name: Install Deps
id: install-deps
run: sudo apt-get -y install libpcsclite-dev
-
name: Lint, Test, Build
id: lint_test_build
run: V=1 make -j1 bootstrap ci
-
name: Is Pre-release
id: is_prerelease
run: |
set +e
echo ${{ github.ref }} | grep "\-rc.*"
OUT=$?
if [ $OUT -eq 0 ]; then IS_PRERELEASE=true; else IS_PRERELEASE=false; fi
echo "::set-output name=IS_PRERELEASE::${IS_PRERELEASE}"
create_release:
name: Create Release
needs: test
runs-on: ubuntu-20.04
outputs:
is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
steps:
-
name: Is Pre-release
id: is_prerelease
run: |
set +e
echo ${{ github.ref }} | grep "\-rc.*"
OUT=$?
if [ $OUT -eq 0 ]; then IS_PRERELEASE=true; else IS_PRERELEASE=false; fi
echo "::set-output name=IS_PRERELEASE::${IS_PRERELEASE}"
-
name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
draft: false
prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
goreleaser:
name: Upload Assets To Github w/ goreleaser
runs-on: ubuntu-20.04
needs: create_release
steps:
-
name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.16
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@56f5b77f7fa4a8fe068bf22b732ec036cc9bc13f # v2.4.1
with:
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
release_deb:
name: Build & Upload Debian Package To Github
runs-on: ubuntu-20.04
needs: create_release
steps:
-
name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@v2
with:
go-version: '^1.15.8'
-
name: APT Install
id: aptInstall
run: sudo apt-get -y install build-essential debhelper fakeroot
-
name: Build Debian package
id: build
run: |
PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin
make debian
-
name: Upload Debian Package
id: upload_deb
run: |
tag_name="${GITHUB_REF##*/}"
hub release edit $(find ./.releases -type f -printf "-a %p ") -m "" "$tag_name"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build_upload_docker:
name: Build & Upload Docker Images
runs-on: ubuntu-20.04
needs: test
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: '^1.15.8'
- name: Build
id: build
run: |
PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin
make docker-artifacts
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}

34
.github/workflows/test.yml vendored Normal file
View file

@ -0,0 +1,34 @@
name: Lint, Test, Build
on:
push:
tags-ignore:
- 'v*'
branches:
- "**"
pull_request:
jobs:
lintTestBuild:
name: Lint, Test, Build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: '^1.15.6'
- name: Install Deps
id: install-deps
run: sudo apt-get -y install libpcsclite-dev
- name: Lint, Test, Build
id: lintTestBuild
run: V=1 make -j1 bootstrap ci
- name: Codecov
uses: codecov/codecov-action@v1.2.1
with:
token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
file: ./coverage.out # optional
name: codecov-umbrella # optional
fail_ci_if_error: true # optional (default = false)

200
.goreleaser.yml Normal file
View file

@ -0,0 +1,200 @@
# This is an example .goreleaser.yml file with some sane defaults.
# Make sure to check the documentation at http://goreleaser.com
project_name: step-ca
before:
hooks:
# You may remove this if you don't use go modules.
- go mod download
builds:
-
id: step-ca
env:
- CGO_ENABLED=0
goos:
- linux
- darwin
goarch:
- amd64
- arm
- arm64
- 386
goarm:
- 7
flags:
- -trimpath
main: ./cmd/step-ca/main.go
binary: bin/step-ca
ldflags:
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
-
id: step-cloudkms-init
env:
- CGO_ENABLED=0
goos:
- linux
- darwin
goarch:
- amd64
- arm
- arm64
- 386
goarm:
- 7
flags:
- -trimpath
main: ./cmd/step-cloudkms-init/main.go
binary: bin/step-cloudkms-init
ldflags:
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
-
id: step-awskms-init
env:
- CGO_ENABLED=0
goos:
- linux
- darwin
goarch:
- amd64
- arm
- arm64
- 386
goarm:
- 7
flags:
- -trimpath
main: ./cmd/step-awskms-init/main.go
binary: bin/step-awskms-init
ldflags:
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
archives:
-
# Can be used to change the archive formats for specific GOOSs.
# Most common use case is to archive as zip on Windows.
# Default is empty.
name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Version }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
wrap_in_directory: "{{ .ProjectName }}_{{ .Version }}"
files:
- README.md
- LICENSE
source:
enabled: true
name_template: '{{ .ProjectName }}_{{ .Version }}'
checksum:
name_template: 'checksums.txt'
snapshot:
name_template: "{{ .Tag }}-next"
release:
# Repo in which the release will be created.
# Default is extracted from the origin remote URL or empty if its private hosted.
# Note: it can only be one: either github, gitlab or gitea
github:
owner: smallstep
name: certificates
# IDs of the archives to use.
# Defaults to all.
#ids:
# - foo
# - bar
# If set to true, will not auto-publish the release.
# Default is false.
draft: true
# If set to auto, will mark the release as not ready for production
# in case there is an indicator for this in the tag e.g. v1.0.0-rc1
# If set to true, will mark the release as not ready for production.
# Default is false.
prerelease: false
# You can change the name of the release.
# Default is `{{.Tag}}`
#name_template: "{{.ProjectName}}-v{{.Version}} {{.Env.USER}}"
# You can disable this pipe in order to not upload any artifacts.
# Defaults to false.
#disable: true
# You can add extra pre-existing files to the release.
# The filename on the release will be the last part of the path (base). If
# another file with the same name exists, the latest one found will be used.
# Defaults to empty.
#extra_files:
# - glob: ./path/to/file.txt
# - glob: ./glob/**/to/**/file/**/*
# - glob: ./glob/foo/to/bar/file/foobar/override_from_previous
#scoop:
# # Template for the url which is determined by the given Token (github or gitlab)
# # Default for github is "https://github.com/<repo_owner>/<repo_name>/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
# # Default for gitlab is "https://gitlab.com/<repo_owner>/<repo_name>/uploads/{{ .ArtifactUploadHash }}/{{ .ArtifactName }}"
# # Default for gitea is "https://gitea.com/<repo_owner>/<repo_name>/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
# url_template: "http://github.com/smallstep/certificates/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
#
# # Repository to push the app manifest to.
# bucket:
# owner: smallstep
# name: scoop-bucket
#
# # Git author used to commit to the repository.
# # Defaults are shown.
# commit_author:
# name: goreleaserbot
# email: goreleaser@smallstep.com
#
# # The project name and current git tag are used in the format string.
# commit_msg_template: "Scoop update for {{ .ProjectName }} version {{ .Tag }}"
#
# # Your app's homepage.
# # Default is empty.
# homepage: "https://smallstep.com/docs/step-ca"
#
# # Skip uploads for prerelease.
# skip_upload: auto
#
# # Your app's description.
# # Default is empty.
# description: "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH."
#
# # Your app's license
# # Default is empty.
# license: "Apache-2.0"
#dockers:
# - dockerfile: docker/Dockerfile
# goos: linux
# goarch: amd64
# use_buildx: true
# image_templates:
# - "smallstep/step-cli:latest"
# - "smallstep/step-cli:{{ .Tag }}"
# build_flag_templates:
# - "--platform=linux/amd64"
# - dockerfile: docker/Dockerfile
# goos: linux
# goarch: 386
# use_buildx: true
# image_templates:
# - "smallstep/step-cli:latest"
# - "smallstep/step-cli:{{ .Tag }}"
# build_flag_templates:
# - "--platform=linux/386"
# - dockerfile: docker/Dockerfile
# goos: linux
# goarch: arm
# goarm: 7
# use_buildx: true
# image_templates:
# - "smallstep/step-cli:latest"
# - "smallstep/step-cli:{{ .Tag }}"
# build_flag_templates:
# - "--platform=linux/arm/v7"
# - dockerfile: docker/Dockerfile
# goos: linux
# goarch: arm64
# use_buildx: true
# image_templates:
# - "smallstep/step-cli:latest"
# - "smallstep/step-cli:{{ .Tag }}"
# build_flag_templates:
# - "--platform=linux/arm64/v8"

View file

@ -1,37 +0,0 @@
language: go
os: linux
dist: focal
services:
- docker
go:
- 1.14.x
addons:
apt:
packages:
- debhelper
- fakeroot
- bash-completion
- libpcsclite-dev
env:
global:
- V=1
before_script:
- make bootstrap
script:
- make travis
- make artifacts
after_success:
- bash <(curl -s https://codecov.io/bash) -t "$CODECOV_TOKEN" || echo "Codecov did
not collect coverage reports"
notifications:
email: false
deploy:
provider: releases
skip_cleanup: true
token:
secure: EVV43Vkqn67hhKGYn4WhQp2YO6KFmUDSkLXjYXYGX07Fm8p5KjRFBPOz9LV83QrvVmLigvg0CtR8Jqqcnq2SUhus3nhZaN2g19NhMypZLioyOVP0kAkas8ocuvxkwz3YxIK/yMrmTKbQ7JGXtbc8IjAox9ovNo1fFIQmVMAzPfu++OWBJ0j+gUqKtpaNA7gzsSv8UOw3/T3hNm6E1IbpWxl9BPSOzUOE9F/QOThANzifGfdxvqNJFkAgqu5DVPz8zQNbMrz4zH+KwASKxd6hjhzSSMzouKzOEHTA/elDCHEjke0Jos29MkGWHcIydLtCD95DGecqM8BFSC9f2acHDjmUO1rdfoLA3Pt+UiZJuTwyQm/jrHHhRnH8oJpK15G5LvxSqzY9YDWpAk38+jMw/udW6wt7BGAU8FEXLbq0bsFL3yfTepeWjmzT5WS0YXdiBz2SEK+Og9R2bSdtl4owghRzKNio5DNPuYAbqbpi+jqzqQVLj27x7LWoQ0MHvZcz9U+oO00r6M1tDCmFVRdtfgb2H+MIDY69qYGo5qoGMfH1btCWR8bA9wSYB/Z7hW/xZT9r7f/d5/P40k8yKINmTZqyUTQeplrE3y4BPVzKksclczBZa67syIUQ49I35QppnH4GFQHUwlra7r3W9zfZRvaLnp5qOIKAQe3MAIZqtLg=
file_glob: true
file: .travis-releases/*
on:
repo: smallstep/certificates
tags: true

View file

@ -18,9 +18,9 @@ OUTPUT_ROOT=output/
all: lint test build
travis: lintcgo testcgo build
ci: lintcgo testcgo build
.PHONY: all travis
.PHONY: all ci
#########################################
# Bootstrapping
@ -39,6 +39,15 @@ bootstra%:
# If TRAVIS_TAG is set then we know this ref has been tagged.
ifdef TRAVIS_TAG
VERSION := $(TRAVIS_TAG)
NOT_RC := $(shell echo $(VERSION) | grep -v -e -rc)
ifeq ($(NOT_RC),)
PUSHTYPE := release-candidate
else
PUSHTYPE := release
endif
# GITHUB Actions
else ifdef GITHUB_REF
VERSION := $(shell echo $(GITHUB_REF) | sed 's/^refs\/tags\///')
NOT_RC := $(shell echo $(VERSION) | grep -v -e -rc)
ifeq ($(NOT_RC),)
PUSHTYPE := release-candidate
@ -62,6 +71,7 @@ DEB_VERSION := $(shell echo $(VERSION) | sed 's/-/~/g')
ifdef V
$(info TRAVIS_TAG is $(TRAVIS_TAG))
$(info GITHUB_REF is $(GITHUB_REF))
$(info VERSION is $(VERSION))
$(info DEB_VERSION is $(DEB_VERSION))
$(info PUSHTYPE is $(PUSHTYPE))
@ -266,39 +276,10 @@ bundle-darwin: binary-darwin
.PHONY: binary-linux binary-darwin bundle-linux bundle-darwin
#################################################
# Targets for creating OS specific artifacts and archives
#################################################
artifacts-linux-tag: bundle-linux debian
artifacts-darwin-tag: bundle-darwin
artifacts-archive-tag:
$Q mkdir -p $(RELEASE)
$Q git archive v$(VERSION) | gzip > $(RELEASE)/step-certificates_$(VERSION).tar.gz
artifacts-tag: artifacts-linux-tag artifacts-darwin-tag artifacts-archive-tag
.PHONY: artifacts-linux-tag artifacts-darwin-tag artifacts-archive-tag artifacts-tag
#################################################
# Targets for creating step artifacts
#################################################
# For all builds that are not tagged and not on the master branch
artifacts-branch:
docker-artifacts: docker-$(PUSHTYPE)
# For all builds that are not tagged
artifacts-master:
# For all builds with a release-candidate (-rc) tag
artifacts-release-candidate: artifacts-tag
# For all builds with a release tag
artifacts-release: artifacts-tag
# This command is called by travis directly *after* a successful build
artifacts: artifacts-$(PUSHTYPE) docker-$(PUSHTYPE)
.PHONY: artifacts-master artifacts-release-candidate artifacts-release artifacts
.PHONY: docker-artifacts

View file

@ -3,7 +3,7 @@ package api
import (
"context"
"crypto"
"crypto/dsa"
"crypto/dsa" //nolint
"crypto/ecdsa"
"crypto/rsa"
"crypto/x509"

View file

@ -4,7 +4,7 @@ import (
"bytes"
"context"
"crypto"
"crypto/dsa"
"crypto/dsa" //nolint
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"

View file

@ -16,7 +16,6 @@ e.g. `v1.0.2`
`-rc*` suffix. e.g. `v1.0.2-rc` or `v1.0.2-rc.4`
---
1. **Tag it!**
1. Find the most recent tag.

View file

@ -83,7 +83,7 @@ func TestSoftKMS_CreateSigner(t *testing.T) {
t.Fatal(err)
}
block, _ := pem.Decode(b)
block.Bytes, err = x509.DecryptPEMBlock(block, []byte("pass"))
block.Bytes, err = x509.DecryptPEMBlock(block, []byte("pass")) //nolint
if err != nil {
t.Fatal(err)
}

View file

@ -295,7 +295,7 @@ func TestSSHAgentKMS_CreateSigner(t *testing.T) {
t.Fatal(err)
}
block, _ := pem.Decode(b)
block.Bytes, err = x509.DecryptPEMBlock(block, []byte("pass"))
block.Bytes, err = x509.DecryptPEMBlock(block, []byte("pass")) //nolint
if err != nil {
t.Fatal(err)
}