mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Merge pull request #697 from smallstep/max/deb-checksum

Browse source 
Add deb checksum, add golang 1.17 for tests, build with golang 1.17
This commit is contained in:
Max 2021-09-07 15:49:32 -07:00 committed by GitHub
commit efac0926df
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 47 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
.github/workflows/release.yml vendored
View file

@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
strategy: strategy:
matrix: matrix:
go: [ '1.15', '1.16' ] go: [ '1.15', '1.16', '1.17' ]
outputs: outputs:
is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }} is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
steps: steps:
@ -99,10 +99,23 @@ jobs:
name: Set up Go name: Set up Go
uses: actions/setup-go@v2 uses: actions/setup-go@v2
with: with:
go-version: 1.16 go-version: 1.17
-
name: APT Install
id: aptInstall
run: sudo apt-get -y install build-essential debhelper fakeroot
-
name: Build Debian package
id: make_debian
run: |
PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin
make debian
# need to restore the git state otherwise goreleaser fails due to dirty state
git restore debian/changelog
git clean -fd
- -
name: Install cosign name: Install cosign
uses: sigstore/cosign-installer@main uses: sigstore/cosign-installer@v1.1.0
with: with:
cosign-release: 'v1.1.0' cosign-release: 'v1.1.0'
- -
@ -119,40 +132,6 @@ jobs:
GITHUB_TOKEN: ${{ secrets.PAT }} GITHUB_TOKEN: ${{ secrets.PAT }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }} COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
release_deb:
name: Build & Upload Debian Package To Github
runs-on: ubuntu-20.04
needs: create_release
steps:
-
name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@v2
with:
go-version: '1.16'
-
name: APT Install
id: aptInstall
run: sudo apt-get -y install build-essential debhelper fakeroot
-
name: Build Debian package
id: build
run: |
PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin
make debian
-
name: Upload Debian Package
id: upload_deb
run: |
tag_name="${GITHUB_REF##*/}"
hub release edit $(find ./.releases -type f -printf "-a %p ") -m "" "$tag_name"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build_upload_docker: build_upload_docker:
name: Build & Upload Docker Images name: Build & Upload Docker Images
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
@ -165,10 +144,10 @@ jobs:
name: Setup Go name: Setup Go
uses: actions/setup-go@v2 uses: actions/setup-go@v2
with: with:
go-version: '1.16' go-version: '1.17'
- -
name: Install cosign name: Install cosign
uses: sigstore/cosign-installer@main uses: sigstore/cosign-installer@v1.1.0
with: with:
cosign-release: 'v1.1.0' cosign-release: 'v1.1.0'
- -

2
.github/workflows/test.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
strategy: strategy:
matrix: matrix:
go: [ '1.15', '1.16' ] go: [ '1.15', '1.16', '1.17' ]
steps: steps:
- -
name: Checkout name: Checkout

4
.gitignore vendored
View file

@ -14,8 +14,8 @@
# Others # Others
*.swp *.swp
.travis-releases .releases
coverage.txt coverage.txt
vendor
output output
vendor
.idea .idea

12
.goreleaser.yml
View file

@ -1,10 +1,12 @@
# This is an example .goreleaser.yml file with some sane defaults. # This is an example .goreleaser.yml file with some sane defaults.
# Make sure to check the documentation at http://goreleaser.com # Make sure to check the documentation at http://goreleaser.com
project_name: step-ca project_name: step-ca
before: before:
hooks: hooks:
# You may remove this if you don't use go modules. # You may remove this if you don't use go modules.
- go mod download - go mod download
builds: builds:
- -
id: step-ca id: step-ca
@ -93,6 +95,7 @@ builds:
binary: bin/step-awskms-init binary: bin/step-awskms-init
ldflags: ldflags:
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}} - -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
archives: archives:
- -
# Can be used to change the archive formats for specific GOOSs. # Can be used to change the archive formats for specific GOOSs.
@ -106,18 +109,25 @@ archives:
files: files:
- README.md - README.md
- LICENSE - LICENSE
source: source:
enabled: true enabled: true
name_template: '{{ .ProjectName }}_{{ .Version }}' name_template: '{{ .ProjectName }}_{{ .Version }}'
checksum: checksum:
name_template: 'checksums.txt' name_template: 'checksums.txt'
extra_files:
- glob: ./.releases/*
signs: signs:
- cmd: cosign - cmd: cosign
stdin: '{{ .Env.COSIGN_PWD }}' stdin: '{{ .Env.COSIGN_PWD }}'
args: ["sign-blob", "-key=/tmp/cosign.key", "-output=${signature}", "${artifact}"] args: ["sign-blob", "-key=/tmp/cosign.key", "-output=${signature}", "${artifact}"]
artifacts: all artifacts: all
snapshot: snapshot:
name_template: "{{ .Tag }}-next" name_template: "{{ .Tag }}-next"
release: release:
# Repo in which the release will be created. # Repo in which the release will be created.
# Default is extracted from the origin remote URL or empty if its private hosted. # Default is extracted from the origin remote URL or empty if its private hosted.
@ -154,6 +164,8 @@ release:
# The filename on the release will be the last part of the path (base). If # The filename on the release will be the last part of the path (base). If
# another file with the same name exists, the latest one found will be used. # another file with the same name exists, the latest one found will be used.
# Defaults to empty. # Defaults to empty.
extra_files:
- glob: ./.releases/*
#extra_files: #extra_files:
# - glob: ./path/to/file.txt # - glob: ./path/to/file.txt
# - glob: ./glob/**/to/**/file/**/* # - glob: ./glob/**/to/**/file/**/*

3
CHANGELOG.md
View file

@ -6,12 +6,15 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
## [Unreleased - 0.17.3] - DATE ## [Unreleased - 0.17.3] - DATE
### Added ### Added
- go 1.17 to github action test matrix
### Changed ### Changed
- Using go 1.17 for binaries
### Deprecated ### Deprecated
### Removed ### Removed
### Fixed ### Fixed
### Security ### Security
- Use cosign to sign and upload signatures for multi-arch Docker container. - Use cosign to sign and upload signatures for multi-arch Docker container.
- Add debian checksum
## [0.17.2] - 08.30.2021 ## [0.17.2] - 08.30.2021
### Added ### Added

1
kms/pkcs11/benchmark_test.go
View file

@ -1,3 +1,4 @@
//go:build cgo
// +build cgo // +build cgo
package pkcs11 package pkcs11

1
kms/pkcs11/opensc_test.go
View file

@ -1,3 +1,4 @@
//go:build opensc
// +build opensc // +build opensc
package pkcs11 package pkcs11

1
kms/pkcs11/other_test.go
View file

@ -1,3 +1,4 @@
//go:build cgo && !softhsm2 && !yubihsm2 && !opensc
// +build cgo,!softhsm2,!yubihsm2,!opensc // +build cgo,!softhsm2,!yubihsm2,!opensc
package pkcs11 package pkcs11

1
kms/pkcs11/pkcs11.go
View file

@ -1,3 +1,4 @@
//go:build cgo
// +build cgo // +build cgo
package pkcs11 package pkcs11

1
kms/pkcs11/pkcs11_no_cgo.go
View file

@ -1,3 +1,4 @@
//go:build !cgo
// +build !cgo // +build !cgo
package pkcs11 package pkcs11

1
kms/pkcs11/pkcs11_test.go
View file

@ -1,3 +1,4 @@
//go:build cgo
// +build cgo // +build cgo
package pkcs11 package pkcs11

1
kms/pkcs11/setup_test.go
View file

@ -1,3 +1,4 @@
//go:build cgo
// +build cgo // +build cgo
package pkcs11 package pkcs11

1
kms/pkcs11/softhsm2_test.go
View file

@ -1,3 +1,4 @@
//go:build cgo && softhsm2
// +build cgo,softhsm2 // +build cgo,softhsm2
package pkcs11 package pkcs11

1
kms/pkcs11/yubihsm2_test.go
View file

@ -1,3 +1,4 @@
//go:build cgo && yubihsm2
// +build cgo,yubihsm2 // +build cgo,yubihsm2
package pkcs11 package pkcs11

1
kms/yubikey/yubikey.go
View file

@ -1,3 +1,4 @@
//go:build cgo
// +build cgo // +build cgo
package yubikey package yubikey

1
kms/yubikey/yubikey_no_cgo.go
View file

@ -1,3 +1,4 @@
//go:build !cgo
// +build !cgo // +build !cgo
package yubikey package yubikey