mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Merge pull request #697 from smallstep/max/deb-checksum

Browse source 
Add deb checksum, add golang 1.17 for tests, build with golang 1.17
This commit is contained in:
Max 2021-09-07 15:49:32 -07:00 committed by GitHub
commit efac0926df
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 47 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
.github/workflows/release.yml vendored
View file

@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-20.04
strategy:
matrix:
go: [ '1.15', '1.16' ]
go: [ '1.15', '1.16', '1.17' ]
outputs:
is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
steps:
@ -99,10 +99,23 @@ jobs:
name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.16
go-version: 1.17
-
name: APT Install
id: aptInstall
run: sudo apt-get -y install build-essential debhelper fakeroot
-
name: Build Debian package
id: make_debian
run: |
PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin
make debian
# need to restore the git state otherwise goreleaser fails due to dirty state
git restore debian/changelog
git clean -fd
-
name: Install cosign
uses: sigstore/cosign-installer@main
uses: sigstore/cosign-installer@v1.1.0
with:
cosign-release: 'v1.1.0'
-
@ -119,40 +132,6 @@ jobs:
GITHUB_TOKEN: ${{ secrets.PAT }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
release_deb:
name: Build & Upload Debian Package To Github
runs-on: ubuntu-20.04
needs: create_release
steps:
-
name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@v2
with:
go-version: '1.16'
-
name: APT Install
id: aptInstall
run: sudo apt-get -y install build-essential debhelper fakeroot
-
name: Build Debian package
id: build
run: |
PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin
make debian
-
name: Upload Debian Package
id: upload_deb
run: |
tag_name="${GITHUB_REF##*/}"
hub release edit $(find ./.releases -type f -printf "-a %p ") -m "" "$tag_name"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build_upload_docker:
name: Build & Upload Docker Images
runs-on: ubuntu-20.04
@ -165,10 +144,10 @@ jobs:
name: Setup Go
uses: actions/setup-go@v2
with:
go-version: '1.16'
go-version: '1.17'
-
name: Install cosign
uses: sigstore/cosign-installer@main
uses: sigstore/cosign-installer@v1.1.0
with:
cosign-release: 'v1.1.0'
-

2
.github/workflows/test.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-20.04
strategy:
matrix:
go: [ '1.15', '1.16' ]
go: [ '1.15', '1.16', '1.17' ]
steps:
-
name: Checkout

4
.gitignore vendored
View file

@ -14,8 +14,8 @@
# Others
*.swp
.travis-releases
.releases
coverage.txt
vendor
output
vendor
.idea

12
.goreleaser.yml
View file

@ -1,10 +1,12 @@
# This is an example .goreleaser.yml file with some sane defaults.
# Make sure to check the documentation at http://goreleaser.com
project_name: step-ca
before:
hooks:
# You may remove this if you don't use go modules.
- go mod download
builds:
-
id: step-ca
@ -93,6 +95,7 @@ builds:
binary: bin/step-awskms-init
ldflags:
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
archives:
-
# Can be used to change the archive formats for specific GOOSs.
@ -106,18 +109,25 @@ archives:
files:
- README.md
- LICENSE
source:
enabled: true
name_template: '{{ .ProjectName }}_{{ .Version }}'
checksum:
name_template: 'checksums.txt'
extra_files:
- glob: ./.releases/*
signs:
- cmd: cosign
stdin: '{{ .Env.COSIGN_PWD }}'
args: ["sign-blob", "-key=/tmp/cosign.key", "-output=${signature}", "${artifact}"]
artifacts: all
snapshot:
name_template: "{{ .Tag }}-next"
release:
# Repo in which the release will be created.
# Default is extracted from the origin remote URL or empty if its private hosted.
@ -154,6 +164,8 @@ release:
# The filename on the release will be the last part of the path (base). If
# another file with the same name exists, the latest one found will be used.
# Defaults to empty.
extra_files:
- glob: ./.releases/*
#extra_files:
# - glob: ./path/to/file.txt
# - glob: ./glob/**/to/**/file/**/*

3
CHANGELOG.md
View file

@ -6,12 +6,15 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
## [Unreleased - 0.17.3] - DATE
### Added
- go 1.17 to github action test matrix
### Changed
- Using go 1.17 for binaries
### Deprecated
### Removed
### Fixed
### Security
- Use cosign to sign and upload signatures for multi-arch Docker container.
- Add debian checksum
## [0.17.2] - 08.30.2021
### Added

1
kms/pkcs11/benchmark_test.go
View file

@ -1,3 +1,4 @@
//go:build cgo
// +build cgo
package pkcs11

1
kms/pkcs11/opensc_test.go
View file

@ -1,3 +1,4 @@
//go:build opensc
// +build opensc
package pkcs11

1
kms/pkcs11/other_test.go
View file

@ -1,3 +1,4 @@
//go:build cgo && !softhsm2 && !yubihsm2 && !opensc
// +build cgo,!softhsm2,!yubihsm2,!opensc
package pkcs11

1
kms/pkcs11/pkcs11.go
View file

@ -1,3 +1,4 @@
//go:build cgo
// +build cgo
package pkcs11

1
kms/pkcs11/pkcs11_no_cgo.go
View file

@ -1,3 +1,4 @@
//go:build !cgo
// +build !cgo
package pkcs11

1
kms/pkcs11/pkcs11_test.go
View file

@ -1,3 +1,4 @@
//go:build cgo
// +build cgo
package pkcs11

1
kms/pkcs11/setup_test.go
View file

@ -1,3 +1,4 @@
//go:build cgo
// +build cgo
package pkcs11

1
kms/pkcs11/softhsm2_test.go
View file

@ -1,3 +1,4 @@
//go:build cgo && softhsm2
// +build cgo,softhsm2
package pkcs11

1
kms/pkcs11/yubihsm2_test.go
View file

@ -1,3 +1,4 @@
//go:build cgo && yubihsm2
// +build cgo,yubihsm2
package pkcs11

1
kms/yubikey/yubikey.go
View file

@ -1,3 +1,4 @@
//go:build cgo
// +build cgo
package yubikey

1
kms/yubikey/yubikey_no_cgo.go
View file

@ -1,3 +1,4 @@
//go:build !cgo
// +build !cgo
package yubikey