mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

First commit at replacing travis with actions

Browse source
This commit is contained in:
max furman 2021-02-18 12:38:32 -08:00
parent d177279044
commit 220c8d0da4
4 changed files with 475 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

247
.github/workflows/release.yml vendored Normal file
View file

@ -0,0 +1,247 @@
name: Create Release & Upload Assets
on:
push:
# Sequence of patterns matched against refs/tags
tags:
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
jobs:
lintTestBuild:
name: Lint, Test, Build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: '^1.15.6'
- name: Lint, Test, Build
id: lintTestBuild
run: V=1 make -j1 bootstrap travis
create_release:
name: Create Release
runs-on: ubuntu-latest
needs: lintTestBuild
outputs:
version: ${{ steps.extract-tag.outputs.VERSION }}
vversion: ${{ steps.extract-tag.outputs.VVERSION }}
upload_url: ${{ steps.create_release.outputs.upload_url }}
is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Extract Tag Names
id: extract-tag
run: |
VVERSION=${GITHUB_REF#refs/tags/}
VERSION=${GITHUB_REF#refs/tags/v}
echo "::set-output name=VVERSION::${VVERSION}"
echo "::set-output name=VERSION::${VERSION}"
- name: Is Pre-release
id: is_prerelease
run: |
set +e
echo ${{ github.ref }} | grep "\-rc.*"
OUT=$?
if [ $OUT -eq 0 ]; then IS_PRERELEASE=true; else IS_PRERELEASE=false; fi
echo "::set-output name=IS_PRERELEASE::${IS_PRERELEASE}"
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
draft: false
prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
build_upload_github_assets:
name: Build & Upload Mac OS | Linux | Windows Assets To Github Release
runs-on: ubuntu-latest
needs: create_release
steps:
-
name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.16
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@56f5b77f7fa4a8fe068bf22b732ec036cc9bc13f # v2.4.1
with:
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.PAT }}
# build_upload_docker:
# name: Build & Upload Docker Images
# runs-on: ubuntu-latest
# needs: create_release
# if: needs.create_release.outputs.is_prerelease == 'false'
# steps:
# - name: Checkout
# uses: actions/checkout@v2
# - name: Setup Go
# uses: actions/setup-go@v2
# with:
# go-version: '^1.15.6'
# - name: Build
# id: build
# run: |
# PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin
# make docker-artifacts
# env:
# DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
# DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
#
# build_upload_aws_s3_binaries:
# name: Build & Upload AWS S3 Binaries
# runs-on: ubuntu-latest
# needs: create_release
# if: needs.create_release.outputs.is_prerelease == 'false'
# steps:
# - name: Checkout
# uses: actions/checkout@v2
# - name: Setup Go
# uses: actions/setup-go@v2
# with:
# go-version: '^1.15.6'
# - name: Build
# id: build
# run: |
# PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin
# make -j1 binary-linux binary-darwin binary-windows
# mkdir -p ./.releases
# cp ./output/binary/linux/bin/step ./.releases/step-linux-${{ needs.create_release.outputs.version }}
# cp ./output/binary/linux/bin/step ./.releases/step-linux-latest-integration
# cp ./output/binary/darwin/bin/step ./.releases/step-darwin-${{ needs.create_release.outputs.version }}
# cp ./output/binary/windows/bin/step ./.releases/step-windows-${{ needs.create_release.outputs.version }}.exe
# - name: Upload s3
# id: upload-s3
# uses: jakejarvis/s3-sync-action@v0.5.1
# with:
# args: --acl public-read --follow-symlinks
# env:
# AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# AWS_REGION: us-east-1
# SOURCE_DIR: ./.releases
#
# upload_windows_installer:
# name: Upload Windows Installer
# runs-on: ubuntu-latest
# needs: create_release
# if: needs.create_release.outputs.is_prerelease == 'false'
# steps:
# - name: Checkout
# uses: actions/checkout@v2
# - name: Download Existing Installer
# id: download
# uses: prewk/s3-cp-action@v0.1.1
# env:
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# AWS_REGION: us-east-1
# SOURCE: s3://${{ secrets.AWS_s3_BUCKET }}/install-step.ps1
# DEST: ./install-step.ps1
# - name: Modify Installer
# id: modify
# run: sed -i -e "s~step-windows-.*.exe~step-windows-foo.exe~g" ./install-step.ps1
# - name: Upload and Overwrite
# id: upload
# uses: prewk/s3-cp-action@v0.1.1
# with:
# args: --acl public-read --follow-symlinks
# env:
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# AWS_REGION: us-east-1
# DEST: s3://${{ secrets.AWS_s3_BUCKET }}/install-step.ps1
# SOURCE: ./install-step.ps1
#
# update_arch:
# name: Update Arch Linux Packager
# runs-on: ubuntu-latest
# needs: [create_release, build_upload_github_assets]
# if: needs.create_release.outputs.is_prerelease == 'false'
# steps:
# - name: Checkout
# uses: actions/checkout@v2
# - name: Calculate New SHAs
# id: calculate-shas
# run: |
# PKG=step-cli-bin
# VVER=${{ needs.create_release.outputs.vversion }}
# VER=${{ needs.create_release.outputs.version }}
# ARM64_URL="https://github.com/smallstep/cli/releases/download/${VVER}/step_linux_${VER}_arm64.tar.gz"
# AMD64_URL="https://github.com/smallstep/cli/releases/download/${VVER}/step_linux_${VER}_amd64.tar.gz"
# # Get arm64 SHA for step-cli
# curl -o "${PKG}-arm64.tar.gz" -J -L -s --show-error -f "${ARM64_URL}"
# ARM64_SHA="$(shasum -a 256 "${PKG}-arm64.tar.gz" | awk '{printf $1}')"
# # Get amd64 SHA for step-cli
# curl -o "${PKG}-amd64.tar.gz" -J -L -s --show-error -f "${AMD64_URL}"
# AMD64_SHA="$(shasum -a 256 "${PKG}-amd64.tar.gz" | awk '{printf $1}')"
# # Clone arch linux step-cli-bin repo
# echo "${{ secrets.ARCH_SSH_KEY }}" > /tmp/ssh_arch_key && chmod 0400 /tmp/ssh_arch_key
# ssh-agent bash -c 'ssh-add /tmp/ssh_arch_key; GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" git clone ssh://aur@aur.archlinux.org/step-cli-bin.git'
# cd step-cli-bin
# # Modify values in files
# sed -i -e "s/^pkgver=.*/pkgver=${VER}/" "./PKGBUILD"
# sed -i -e "s/^sha256sums_aarch64=.*/sha256sums_aarch64=(\"${ARM64_SHA}\")/" "./PKGBUILD"
# sed -i -e "s/^sha256sums_x86_64=.*/sha256sums_x86_64=(\"${AMD64_SHA}\")/" "./PKGBUILD"
# - name: Makepkg Build and Check
# id: makepkg
# uses: smallstep/pkgbuild-action@v1.0.2
# with:
# pkgdir: ./step-cli-bin
# - name: Update ARCH Repo
# id: update
# run: |
# # Git commit and push
# cd ./step-cli-bin
# git add "./PKGBUILD" "./.SRCINFO"
# git commit -m "Update to ${{ needs.create_release.outputs.vversion }}"
# ssh-agent bash -c 'ssh-add /tmp/ssh_arch_key; GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" git push origin HEAD:master'
#
# update_reference_docs:
# name: Update Reference Docs
# runs-on: ubuntu-latest
# needs: create_release
# if: needs.create_release.outputs.is_prerelease == 'false'
# steps:
# - name: Checkout
# uses: actions/checkout@v2
# - name: Setup Go
# uses: actions/setup-go@v2
# with:
# go-version: '^1.15.6'
# - name: Build
# id: build
# run: make build
# - name: Checkout Docs
# uses: actions/checkout@master
# with:
# repository: smallstep/docs
# token: ${{ secrets.PAT }}
# path: './docs'
# - name: Update Reference
# id: update_refrence
# run: ./bin/step help --markdown ./docs/step-cli/reference
# - name: Push changes
# uses: ad-m/github-push-action@v0.6.0
# with:
# github_token: ${{ secrets.PAT }}
# branch: 'master'
# directory: './docs'
# repository: 'smallstep/docs'

31
.github/workflows/test.yml vendored Normal file
View file

@ -0,0 +1,31 @@
name: Lint, Test, Build
on:
push:
tags-ignore:
- 'v*'
branches:
- "**"
pull_request:
jobs:
lintTestBuild:
name: Lint, Test, Build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: '^1.15.6'
- name: Lint, Test, Build
id: lintTestBuild
run: V=1 make -j1 bootstrap all
- name: Codecov
uses: codecov/codecov-action@v1.2.1
with:
token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
file: ./coverage.out # optional
name: codecov-umbrella # optional
fail_ci_if_error: true # optional (default = false)

197
.goreleaser.yml Normal file
View file

@ -0,0 +1,197 @@
# This is an example .goreleaser.yml file with some sane defaults.
# Make sure to check the documentation at http://goreleaser.com
project_name: step-ca
before:
hooks:
# You may remove this if you don't use go modules.
- go mod download
# - go generate ./...
builds:
-
env:
- CGO_ENABLED=0
goos:
- linux
- darwin
goarch:
- amd64
- arm
- arm64
- 386
goarm:
- 7
flags:
- -trimpath
main: ./cmd/step-ca/main.go
binary: bin/step
ldflags:
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
-
env:
- CGO_ENABLED=0
goos:
- linux
- darwin
goarch:
- amd64
- arm
- arm64
- 386
goarm:
- 7
flags:
- -trimpath
main: ./cmd/step-cloudkms-init/main.go
binary: bin/step-cloudkms-init
ldflags:
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
-
env:
- CGO_ENABLED=0
goos:
- linux
- darwin
goarch:
- amd64
- arm
- arm64
- 386
goarm:
- 7
flags:
- -trimpath
main: ./cmd/step-awskms-init/main.go
binary: bin/step-awskms-init
ldflags:
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
archives:
-
# Can be used to change the archive formats for specific GOOSs.
# Most common use case is to archive as zip on Windows.
# Default is empty.
name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Version }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
wrap_in_directory: "{{ .ProjectName }}_{{ .Version }}"
files:
- README.md
- LICENSE
source:
enabled: true
name_template: '{{ .ProjectName }}_{{ .Version }}'
checksum:
name_template: 'checksums.txt'
snapshot:
name_template: "{{ .Tag }}-next"
release:
# Repo in which the release will be created.
# Default is extracted from the origin remote URL or empty if its private hosted.
# Note: it can only be one: either github, gitlab or gitea
github:
owner: smallstep
name: certificates
# IDs of the archives to use.
# Defaults to all.
#ids:
# - foo
# - bar
# If set to true, will not auto-publish the release.
# Default is false.
#draft: true
# If set to auto, will mark the release as not ready for production
# in case there is an indicator for this in the tag e.g. v1.0.0-rc1
# If set to true, will mark the release as not ready for production.
# Default is false.
prerelease: auto
# You can change the name of the release.
# Default is `{{.Tag}}`
#name_template: "{{.ProjectName}}-v{{.Version}} {{.Env.USER}}"
# You can disable this pipe in order to not upload any artifacts.
# Defaults to false.
#disable: true
# You can add extra pre-existing files to the release.
# The filename on the release will be the last part of the path (base). If
# another file with the same name exists, the latest one found will be used.
# Defaults to empty.
#extra_files:
# - glob: ./path/to/file.txt
# - glob: ./glob/**/to/**/file/**/*
# - glob: ./glob/foo/to/bar/file/foobar/override_from_previous
scoop:
# Template for the url which is determined by the given Token (github or gitlab)
# Default for github is "https://github.com/<repo_owner>/<repo_name>/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
# Default for gitlab is "https://gitlab.com/<repo_owner>/<repo_name>/uploads/{{ .ArtifactUploadHash }}/{{ .ArtifactName }}"
# Default for gitea is "https://gitea.com/<repo_owner>/<repo_name>/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
url_template: "http://github.com/smallstep/certificates/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
# Repository to push the app manifest to.
bucket:
owner: smallstep
name: scoop-bucket
# Git author used to commit to the repository.
# Defaults are shown.
commit_author:
name: goreleaserbot
email: goreleaser@smallstep.com
# The project name and current git tag are used in the format string.
commit_msg_template: "Scoop update for {{ .ProjectName }} version {{ .Tag }}"
# Your app's homepage.
# Default is empty.
homepage: "https://smallstep.com/docs/step-ca"
# Skip uploads for prerelease.
skip_upload: auto
# Your app's description.
# Default is empty.
description: "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH."
# Your app's license
# Default is empty.
license: "Apache-2.0"
#dockers:
# - dockerfile: docker/Dockerfile
# goos: linux
# goarch: amd64
# use_buildx: true
# image_templates:
# - "smallstep/step-cli:latest"
# - "smallstep/step-cli:{{ .Tag }}"
# build_flag_templates:
# - "--platform=linux/amd64"
# - dockerfile: docker/Dockerfile
# goos: linux
# goarch: 386
# use_buildx: true
# image_templates:
# - "smallstep/step-cli:latest"
# - "smallstep/step-cli:{{ .Tag }}"
# build_flag_templates:
# - "--platform=linux/386"
# - dockerfile: docker/Dockerfile
# goos: linux
# goarch: arm
# goarm: 7
# use_buildx: true
# image_templates:
# - "smallstep/step-cli:latest"
# - "smallstep/step-cli:{{ .Tag }}"
# build_flag_templates:
# - "--platform=linux/arm/v7"
# - dockerfile: docker/Dockerfile
# goos: linux
# goarch: arm64
# use_buildx: true
# image_templates:
# - "smallstep/step-cli:latest"
# - "smallstep/step-cli:{{ .Tag }}"
# build_flag_templates:
# - "--platform=linux/arm64/v8"

37
.travis.yml
View file

@ -1,37 +0,0 @@
language: go
os: linux
dist: focal
services:
- docker
go:
- 1.14.x
addons:
apt:
packages:
- debhelper
- fakeroot
- bash-completion
- libpcsclite-dev
env:
global:
- V=1
before_script:
- make bootstrap
script:
- make travis
- make artifacts
after_success:
- bash <(curl -s https://codecov.io/bash) -t "$CODECOV_TOKEN" || echo "Codecov did
not collect coverage reports"
notifications:
email: false
deploy:
provider: releases
skip_cleanup: true
token:
secure: EVV43Vkqn67hhKGYn4WhQp2YO6KFmUDSkLXjYXYGX07Fm8p5KjRFBPOz9LV83QrvVmLigvg0CtR8Jqqcnq2SUhus3nhZaN2g19NhMypZLioyOVP0kAkas8ocuvxkwz3YxIK/yMrmTKbQ7JGXtbc8IjAox9ovNo1fFIQmVMAzPfu++OWBJ0j+gUqKtpaNA7gzsSv8UOw3/T3hNm6E1IbpWxl9BPSOzUOE9F/QOThANzifGfdxvqNJFkAgqu5DVPz8zQNbMrz4zH+KwASKxd6hjhzSSMzouKzOEHTA/elDCHEjke0Jos29MkGWHcIydLtCD95DGecqM8BFSC9f2acHDjmUO1rdfoLA3Pt+UiZJuTwyQm/jrHHhRnH8oJpK15G5LvxSqzY9YDWpAk38+jMw/udW6wt7BGAU8FEXLbq0bsFL3yfTepeWjmzT5WS0YXdiBz2SEK+Og9R2bSdtl4owghRzKNio5DNPuYAbqbpi+jqzqQVLj27x7LWoQ0MHvZcz9U+oO00r6M1tDCmFVRdtfgb2H+MIDY69qYGo5qoGMfH1btCWR8bA9wSYB/Z7hW/xZT9r7f/d5/P40k8yKINmTZqyUTQeplrE3y4BPVzKksclczBZa67syIUQ49I35QppnH4GFQHUwlra7r3W9zfZRvaLnp5qOIKAQe3MAIZqtLg=
file_glob: true
file: .travis-releases/*
on:
repo: smallstep/certificates
tags: true