From e4739171b4cf66dba0dc80bed67025758f9a6266 Mon Sep 17 00:00:00 2001 From: max furman Date: Tue, 7 Sep 2021 11:28:16 -0700 Subject: [PATCH 1/7] [action] Build deb during goreleaser action, add to checksum and ... - add go 1.17 to test matrix - build with go 1.17 --- .github/workflows/release.yml | 25 +++++++++++++++++++------ .github/workflows/test.yml | 2 +- .goreleaser.yml | 12 ++++++++++++ 3 files changed, 32 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 87a3228b..08dd88ce 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - go: [ '1.15', '1.16' ] + go: [ '1.15', '1.16', '1.17' ] outputs: is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }} steps: @@ -99,10 +99,23 @@ jobs: name: Set up Go uses: actions/setup-go@v2 with: - go-version: 1.16 + go-version: 1.17 + - + name: APT Install + id: aptInstall + run: sudo apt-get -y install build-essential debhelper fakeroot + - + name: Build Debian package + id: make_debian + run: | + PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin + make debian + # need to restore the git state otherwise goreleaser fails due to dirty state + git restore debian/changelog + git clean -fd - name: Install cosign - uses: sigstore/cosign-installer@main + uses: sigstore/cosign-installer@v1.1.0 with: cosign-release: 'v1.1.0' - @@ -133,7 +146,7 @@ jobs: name: Set up Go uses: actions/setup-go@v2 with: - go-version: '1.16' + go-version: '1.17' - name: APT Install id: aptInstall @@ -165,10 +178,10 @@ jobs: name: Setup Go uses: actions/setup-go@v2 with: - go-version: '1.16' + go-version: '1.17' - name: Install cosign - uses: sigstore/cosign-installer@main + uses: sigstore/cosign-installer@v1.1.0 with: cosign-release: 'v1.1.0' - diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9c73cfbd..96655664 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - go: [ '1.15', '1.16' ] + go: [ '1.15', '1.16', '1.17' ] steps: - name: Checkout diff --git a/.goreleaser.yml b/.goreleaser.yml index 1acf405a..8dbbac29 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -1,10 +1,12 @@ # This is an example .goreleaser.yml file with some sane defaults. # Make sure to check the documentation at http://goreleaser.com project_name: step-ca + before: hooks: # You may remove this if you don't use go modules. - go mod download + builds: - id: step-ca @@ -93,6 +95,7 @@ builds: binary: bin/step-awskms-init ldflags: - -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}} + archives: - # Can be used to change the archive formats for specific GOOSs. @@ -106,18 +109,25 @@ archives: files: - README.md - LICENSE + source: enabled: true name_template: '{{ .ProjectName }}_{{ .Version }}' + checksum: name_template: 'checksums.txt' + extra_files: + - glob: ./.releases/* + signs: - cmd: cosign stdin: '{{ .Env.COSIGN_PWD }}' args: ["sign-blob", "-key=/tmp/cosign.key", "-output=${signature}", "${artifact}"] artifacts: all + snapshot: name_template: "{{ .Tag }}-next" + release: # Repo in which the release will be created. # Default is extracted from the origin remote URL or empty if its private hosted. @@ -154,6 +164,8 @@ release: # The filename on the release will be the last part of the path (base). If # another file with the same name exists, the latest one found will be used. # Defaults to empty. + extra_files: + - glob: ./.releases/* #extra_files: # - glob: ./path/to/file.txt # - glob: ./glob/**/to/**/file/**/* From 8bec473f8ebfea7935db239d9ec18b3ed319f34b Mon Sep 17 00:00:00 2001 From: max furman Date: Tue, 7 Sep 2021 11:30:35 -0700 Subject: [PATCH 2/7] fix gofmt linting errors --- kms/pkcs11/pkcs11_no_cgo.go | 1 + kms/yubikey/yubikey_no_cgo.go | 1 + 2 files changed, 2 insertions(+) diff --git a/kms/pkcs11/pkcs11_no_cgo.go b/kms/pkcs11/pkcs11_no_cgo.go index 87c9a36b..6fa51dff 100644 --- a/kms/pkcs11/pkcs11_no_cgo.go +++ b/kms/pkcs11/pkcs11_no_cgo.go @@ -1,3 +1,4 @@ +//go:build !cgo // +build !cgo package pkcs11 diff --git a/kms/yubikey/yubikey_no_cgo.go b/kms/yubikey/yubikey_no_cgo.go index 6ed7c630..24a76174 100644 --- a/kms/yubikey/yubikey_no_cgo.go +++ b/kms/yubikey/yubikey_no_cgo.go @@ -1,3 +1,4 @@ +//go:build !cgo // +build !cgo package yubikey From 8ba9013f5d21c2a38a0011451fefc3bc5bc353aa Mon Sep 17 00:00:00 2001 From: max furman Date: Tue, 7 Sep 2021 11:35:51 -0700 Subject: [PATCH 3/7] gofmt linting errors --- kms/pkcs11/benchmark_test.go | 1 + kms/pkcs11/opensc_test.go | 1 + kms/pkcs11/other_test.go | 1 + kms/pkcs11/pkcs11.go | 1 + kms/pkcs11/pkcs11_test.go | 1 + kms/pkcs11/setup_test.go | 1 + kms/pkcs11/softhsm2_test.go | 1 + kms/pkcs11/yubihsm2_test.go | 1 + kms/yubikey/yubikey.go | 1 + 9 files changed, 9 insertions(+) diff --git a/kms/pkcs11/benchmark_test.go b/kms/pkcs11/benchmark_test.go index 30e21117..c567872f 100644 --- a/kms/pkcs11/benchmark_test.go +++ b/kms/pkcs11/benchmark_test.go @@ -1,3 +1,4 @@ +//go:build cgo // +build cgo package pkcs11 diff --git a/kms/pkcs11/opensc_test.go b/kms/pkcs11/opensc_test.go index f3b61932..b365e614 100644 --- a/kms/pkcs11/opensc_test.go +++ b/kms/pkcs11/opensc_test.go @@ -1,3 +1,4 @@ +//go:build opensc // +build opensc package pkcs11 diff --git a/kms/pkcs11/other_test.go b/kms/pkcs11/other_test.go index 835587f7..680d3860 100644 --- a/kms/pkcs11/other_test.go +++ b/kms/pkcs11/other_test.go @@ -1,3 +1,4 @@ +//go:build cgo && !softhsm2 && !yubihsm2 && !opensc // +build cgo,!softhsm2,!yubihsm2,!opensc package pkcs11 diff --git a/kms/pkcs11/pkcs11.go b/kms/pkcs11/pkcs11.go index 47c298a5..07d40c05 100644 --- a/kms/pkcs11/pkcs11.go +++ b/kms/pkcs11/pkcs11.go @@ -1,3 +1,4 @@ +//go:build cgo // +build cgo package pkcs11 diff --git a/kms/pkcs11/pkcs11_test.go b/kms/pkcs11/pkcs11_test.go index 77277366..6df9b92a 100644 --- a/kms/pkcs11/pkcs11_test.go +++ b/kms/pkcs11/pkcs11_test.go @@ -1,3 +1,4 @@ +//go:build cgo // +build cgo package pkcs11 diff --git a/kms/pkcs11/setup_test.go b/kms/pkcs11/setup_test.go index c9ff9311..52dc5207 100644 --- a/kms/pkcs11/setup_test.go +++ b/kms/pkcs11/setup_test.go @@ -1,3 +1,4 @@ +//go:build cgo // +build cgo package pkcs11 diff --git a/kms/pkcs11/softhsm2_test.go b/kms/pkcs11/softhsm2_test.go index 37aa667d..ed2ff208 100644 --- a/kms/pkcs11/softhsm2_test.go +++ b/kms/pkcs11/softhsm2_test.go @@ -1,3 +1,4 @@ +//go:build cgo && softhsm2 // +build cgo,softhsm2 package pkcs11 diff --git a/kms/pkcs11/yubihsm2_test.go b/kms/pkcs11/yubihsm2_test.go index 6d02a420..281aff54 100644 --- a/kms/pkcs11/yubihsm2_test.go +++ b/kms/pkcs11/yubihsm2_test.go @@ -1,3 +1,4 @@ +//go:build cgo && yubihsm2 // +build cgo,yubihsm2 package pkcs11 diff --git a/kms/yubikey/yubikey.go b/kms/yubikey/yubikey.go index 2dde244a..b1d5f7e3 100644 --- a/kms/yubikey/yubikey.go +++ b/kms/yubikey/yubikey.go @@ -1,3 +1,4 @@ +//go:build cgo // +build cgo package yubikey From 23d3232d7589f015f762bced6c10e70aca9cdbdc Mon Sep 17 00:00:00 2001 From: max furman Date: Tue, 7 Sep 2021 11:39:49 -0700 Subject: [PATCH 4/7] Changelog updates --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 272e2716..a99bbd1a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,12 +6,15 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased - 0.17.3] - DATE ### Added +- go 1.17 to github action test matrix ### Changed +- Using go 1.17 for binaries ### Deprecated ### Removed ### Fixed ### Security - Use cosign to sign and upload signatures for multi-arch Docker container. +- Add debian checksum ## [0.17.2] - 08.30.2021 ### Added From 9df5cc40b6b86e952c1e285767b495d22db8385c Mon Sep 17 00:00:00 2001 From: max furman Date: Tue, 7 Sep 2021 12:16:40 -0700 Subject: [PATCH 5/7] [action] remove duplicate debian step --- .github/workflows/release.yml | 34 ---------------------------------- 1 file changed, 34 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 08dd88ce..e2e0176c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -132,40 +132,6 @@ jobs: GITHUB_TOKEN: ${{ secrets.PAT }} COSIGN_PWD: ${{ secrets.COSIGN_PWD }} - release_deb: - name: Build & Upload Debian Package To Github - runs-on: ubuntu-20.04 - needs: create_release - steps: - - - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: '1.17' - - - name: APT Install - id: aptInstall - run: sudo apt-get -y install build-essential debhelper fakeroot - - - name: Build Debian package - id: build - run: | - PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin - make debian - - - name: Upload Debian Package - id: upload_deb - run: | - tag_name="${GITHUB_REF##*/}" - hub release edit $(find ./.releases -type f -printf "-a %p ") -m "" "$tag_name" - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - build_upload_docker: name: Build & Upload Docker Images runs-on: ubuntu-20.04 From 9641354675a2cc14ea00233d5d29d017c95ac768 Mon Sep 17 00:00:00 2001 From: max furman Date: Tue, 7 Sep 2021 12:37:45 -0700 Subject: [PATCH 6/7] [action] tmate debugger --- .github/workflows/release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e2e0176c..449bb072 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -122,6 +122,9 @@ jobs: name: Write cosign key to disk id: write_key run: echo "${{ secrets.COSIGN_KEY }}" > "/tmp/cosign.key" + - + name: Setup tmate session + uses: mxschmitt/action-tmate@v3 - name: Run GoReleaser uses: goreleaser/goreleaser-action@5a54d7e660bda43b405e8463261b3d25631ffe86 # v2.7.0 From 9ed84d71f605c10d29bf1bc099155ebbbace097c Mon Sep 17 00:00:00 2001 From: max furman Date: Tue, 7 Sep 2021 13:07:25 -0700 Subject: [PATCH 7/7] [action] Add .releases to .gitignore --- .github/workflows/release.yml | 3 --- .gitignore | 4 ++-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 449bb072..e2e0176c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -122,9 +122,6 @@ jobs: name: Write cosign key to disk id: write_key run: echo "${{ secrets.COSIGN_KEY }}" > "/tmp/cosign.key" - - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 - name: Run GoReleaser uses: goreleaser/goreleaser-action@5a54d7e660bda43b405e8463261b3d25631ffe86 # v2.7.0 diff --git a/.gitignore b/.gitignore index 7cba0d08..d87786b0 100644 --- a/.gitignore +++ b/.gitignore @@ -14,8 +14,8 @@ # Others *.swp -.travis-releases +.releases coverage.txt -vendor output +vendor .idea