[action] Build deb during goreleaser action, add to checksum and ...

- add go 1.17 to test matrix
- build with go 1.17

.github/workflows/release.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-20.04
     strategy:
       matrix:
-        go: [ '1.15', '1.16' ]
+        go: [ '1.15', '1.16', '1.17' ]
     outputs:
       is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
     steps:
@@ -99,10 +99,23 @@ jobs:
         name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.16
+          go-version: 1.17
+      -
+        name: APT Install
+        id: aptInstall
+        run: sudo apt-get -y install build-essential debhelper fakeroot
+      -
+        name: Build Debian package
+        id: make_debian
+        run: |
+          PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin
+          make debian
+          # need to restore the git state otherwise goreleaser fails due to dirty state
+          git restore debian/changelog
+          git clean -fd
       -
         name: Install cosign
-        uses: sigstore/cosign-installer@main
+        uses: sigstore/cosign-installer@v1.1.0
         with:
           cosign-release: 'v1.1.0'
       -
@@ -133,7 +146,7 @@ jobs:
         name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: '1.16'
+          go-version: '1.17'
       -
         name: APT Install
         id: aptInstall
@@ -165,10 +178,10 @@ jobs:
         name: Setup Go
         uses: actions/setup-go@v2
         with:
-          go-version: '1.16'
+          go-version: '1.17'
       -
         name: Install cosign
-        uses: sigstore/cosign-installer@main
+        uses: sigstore/cosign-installer@v1.1.0
         with:
           cosign-release: 'v1.1.0'
       -

.github/workflows/test.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-20.04
     strategy:
       matrix:
-        go: [ '1.15', '1.16' ]
+        go: [ '1.15', '1.16', '1.17' ]
     steps:
       -
         name: Checkout

.goreleaser.yml

@@ -1,10 +1,12 @@
 # This is an example .goreleaser.yml file with some sane defaults.
 # Make sure to check the documentation at http://goreleaser.com
 project_name: step-ca
+
 before:
   hooks:
     # You may remove this if you don't use go modules.
     - go mod download
+
 builds:
   -
     id: step-ca
@@ -93,6 +95,7 @@ builds:
     binary: bin/step-awskms-init
     ldflags:
       - -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
+
 archives:
   -
     # Can be used to change the archive formats for specific GOOSs.
@@ -106,18 +109,25 @@ archives:
     files:
       - README.md
       - LICENSE
+
 source:
   enabled: true
   name_template: '{{ .ProjectName }}_{{ .Version }}'
+
 checksum:
   name_template: 'checksums.txt'
+  extra_files:
+    - glob: ./.releases/*
+
 signs:
 - cmd: cosign
   stdin: '{{ .Env.COSIGN_PWD }}'
   args: ["sign-blob", "-key=/tmp/cosign.key", "-output=${signature}", "${artifact}"]
   artifacts: all
+
 snapshot:
   name_template: "{{ .Tag }}-next"
+
 release:
   # Repo in which the release will be created.
   # Default is extracted from the origin remote URL or empty if its private hosted.
@@ -154,6 +164,8 @@ release:
   # The filename on the release will be the last part of the path (base). If
   # another file with the same name exists, the latest one found will be used.
   # Defaults to empty.
+  extra_files:
+    - glob: ./.releases/*
   #extra_files:
   #  - glob: ./path/to/file.txt
   #  - glob: ./glob/**/to/**/file/**/*