From 0754030d0f34b74552c7ee54f92fbc42136d9057 Mon Sep 17 00:00:00 2001 From: sbailey <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 17 Aug 2023 09:52:24 -0700 Subject: [PATCH] feat(ci): Adding CI to build different architectures of the plugin. --- .github/dependabot.yml | 12 +++ .github/images/kf_logo.png | Bin 0 -> 3602 bytes .../workflows/keyfactor-starter-workflow.yml | 43 +++++++++ .github/workflows/release.yml | 43 +++++++++ .goreleaser.yml | 86 ++++++++++++++++++ 5 files changed, 184 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/images/kf_logo.png create mode 100644 .github/workflows/keyfactor-starter-workflow.yml create mode 100644 .github/workflows/release.yml create mode 100644 .goreleaser.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..fa3ed22 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +# See GitHub's documentation for more information on this file: +# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + - package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "daily" \ No newline at end of file diff --git a/.github/images/kf_logo.png b/.github/images/kf_logo.png new file mode 100644 index 0000000000000000000000000000000000000000..027e15ead76cb673ad0772596a804258e601476d GIT binary patch literal 3602 zcmX|^cRUpSAICXoCtNbl-YbWk3mHdt4jK8{B;yVpiIdI@QAU|(UnR3BPK3RM2InIa7aI?8TQSYbsm z>HrG^9jb}}zBS50*Zn^u4+MfrhQbU~)X$Jqz<&{nz!XtY(cr16Xedto?+y?6|LZcI z=KrkmFDRK3U``o|HPY3#3Z^FKhJLiRzS@$E2*0m`f{Kd37TaG6y$0w+KZ;9sxxT9% zcZu#&EJr60WE+1!F3}i`H)P^*)=?=+XcS|PP3AU+FSKj7Mo?#`n0p$h6rK&vY)&?9 zU^eVd*8?`bCI@W(@?QB`y?NpAgj{oQGI5%_ONVLN&69%TDeHmMR@0OVh>ekhfkVn% zh{4?@8XlQ@hXMnfV)!dkY|+=ZD6xTm;K>XcqU3aVf`!b5JSmV>P0P3nWCFgvq|PSw zQi%e6Kcj$;0JKr&bOH<<-8>Xn@zDmTMFO;?Xjp+vO9>PR_$)-72agm=i=+q8KGdgx zs{P9dQ+&(mO)#U~<=HEaBjh*VkY<8kplXEE^lu@rb@1?a(nIsm<@Uo0v%>j|jB{ZhB3^<_6_OER8C!6Q+Y_;yBd;Cats{++eSor$E? z^tXSlzTeWu!)v66gkwO?>{pa8R~DSu>>Z_$x7W9Bn&TZQV*nbl^@srbH?5+Y0**t+ z*wm{ZoT^kqb_M@RUu?w1YrlPxVRE`Pld7zpY1cU|QEw^bIiuBCVQ;c|y14Ci*!i|& z)?%S88LN;DC54oh;0|-F!)3CcPyW}@tJC%X{oEFJQ9yPL%TTYa)cTKMK?vJ?wmr7$ zy^EG2whsE(Zeu@%fi%Bw&X~XV25APs0?EZhu4SY1m{EjXI8tFtV}Ja{n};_Pi_K@$yrZE(!tzE^T<>#N#fTLjLGD2FtqaET6zU=C%sPdv)R4c+3kc&RHq4 znorZLty(KDW(%FGrrR;Sk@F}ckZ>B&oFh1qCjH#`YC%dz5ZU4A0dujI>!7e@i0)$X z+qxb=sty}Vg+Q=gBoE@4rn=zTQRa#Xhzwjr!XF*H5=_(g90pwr5vL|E16JDVkddko z2W4ryqwf3iMW0W*rk=Ul_?+u&r~Yy$r{~xD_z;##d9wVSt4a1*s~H|)TYr1|t3{!Y z?Mmv*+r%)+iI@e&@Lsnv#w8yqj)D5k&XlQlm~%CqU?}`1H$2YQ_sQv@LG88@LSy&a zQo0F#4b$)|>!4{+^C<+Aomy02@A1VEXgR3P-u>)GU&6#tFEtE!^1Ar|2utmhUiJ<1 z>R<5<5b<*G#nlF5qnFd^WFTp~;jrNzqL%ZXk3@O}qRb`ZTaaiHRN)hJPCt1`iGz^m z);hd}YxIZPXMSJW)|BjPgyf4~2q?qy{O0e%tBtA73B@iVFVo*Bfy0N(O378FE(cw5 zYFy{CGHD8GH%sVn=^#t*{m@-cNZsq`IzC?^U9bzP6Z06x!R7MXSP1D|nvWI;X6HGe z#xY}B=_fupK8RVPaUM9!QYXi|+;g}FB5Z=H3R(1+%I1_NvgvQnb-xJD zjNKa$ZJ`NkQt)Vth|4jCz=u+??j`}!^}T$OgFK}tevS>!4&2!#i@7;Aab8&01-Nwy z0fx>C8>Ic@m~=$NAeh0<>pxXv*p`QQUXwWn)4bfQI(tFB^2GSLn)9Quy;5NftI^4$ zznWZ@G9qc$REi>)t4>~d4mOezACHds{1ciUN67fBH?rYqg;Pj?Gop$Dnm}M-DBJ}6 zBCiuT=Y)UD9$PAK7S(#U#$WP|8tBAy;g-cO`T9jAHHV*cM3th@aF2HAuAY#|BthA1 zTrqvDlc4vJkjcQ-{nO2+1j1goOS&F9e9uUQ+rjDPajact;&u#w7c(`~ayINT_kkh_ zoK=5S(Ro+}Jj`7(5>}`^L;BemoLUWLj`~S%3-7Oz6H#%CHCmQkKNcayt*XhwIWtr*pG$`tP5==m5FOf(3xQBtCw{Xe+p!vd>U4D#y6v9$xvIIRp8Y3&? z8|iwU`Q25XP9NU_NVBi;HKkydA#?XKJF>obm(PmX~rPm;{aZ|v-a4h3k#<}?E1xE z{$u%iBxzjdWa4}A_18Vq#D`S*nC-7)H}1w)mge;o-&ag64C^MHdL89eV+$%Tb1x0) zH?gaZ7UfD-M0}oLc+G+<@iJpf0ccv}*!BHcFa5c5y%yS-X(W{;WnpGzLBnlgxoek$ zBDMF~0S5$lW6_(HtX|{G6RzS~{-gEhu-*=W?40HMy}!E2Gt&#UUrzgTxIoaofgstn zvZhRVT+SFO55cEjzD9DlIOC8?U^RuI#jI zfD|8xHrrcu<^z*3V;GN6>_&AoqDY;qP#h{h17kKiVCdgmdmd(l}qM|kQJhBSqPNf=H-e?w0*dnK;TMmtKqxPPD%nvIG3f=bX0Ou!51cZ{#P4D#C@lKhC&^7^h;-uicRDH)XN)x zM-<9q(W=KQ+5CNF=RX%40P4$g+wYK1C!ymIe)AsEz6dUSt)8btb6BNubb|QMUP7sA z;*~)gXH;2R%lGLS%J_GNKLkJkPvoON8o1(ySp>mRK7Vs7RF z)G|>z9lFc%r$I0A>xL|sdyNL5B~hX?g~~Ua+^wlM^+~t>a22$Fw&XsbI%@MpTf@tz z$w_#gZq}PLViCF{Baya#;lMfP>&;Sil(`N|`S~tU`y!H*-0(cWx`;N|g%eS3l-u{(bt|<@Pn+}R8BUddX70KQx={oxah8q4ky=x++ z-OZQkb;FbGW8-lqSooLd?A5u}!W~8so9%M70LZU_LC!5=e|{3b&5Q_BHN$#6NqBhj zutv{sW%l!A&soKR1rH?C7hxEP-N7}lRF4X<2+j&Qp5OgeOrSSZljz9_M=s9HAZ;Qf z!(8F*Ea3tlWT;zT9lfIWxP}h40>nY?MwN#8M;^C2=2W7!h~FPt&HvU~E0J6K0dLrR z&Mcny6#v36U8R{IdFKV?7y8L}sy_PVC^pt3bJo_Sj(bVrRa8fEb)hwx5`!bnhNh=U-{3H0pf0Bl6%-bv3WJKDxC!&8v7 z6k{8w={kk$&Q)L8&l)qxBk3$OKY`q~4KNO0y zizt-s)D(f$u%Pr7jS3Xb5@AUpguFAnNkEz{x=O%Cxv#Y79~EWF3ppoq90?j0mW7nJ Sy(#(E$Bgt$bt`mSqW%ZgDACCP literal 0 HcmV?d00001 diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml new file mode 100644 index 0000000..7e58879 --- /dev/null +++ b/.github/workflows/keyfactor-starter-workflow.yml @@ -0,0 +1,43 @@ +name: Starter Workflow +on: workflow_dispatch + +jobs: + catalog-update-check: + runs-on: windows-latest + outputs: + upd_cat: ${{ steps.read-json.outputs.prop }} + steps: + - uses: actions/checkout@v3 + - name: Read json + id: read-json + shell: pwsh + run: | + $json = Get-Content integration-manifest.json | ConvertFrom-Json + echo "::set-output name=prop::$(echo $json.update_catalog)" + + #call-create-github-release-workflow: + # uses: Keyfactor/actions/.github/workflows/github-release.yml@main + + #call-dotnet-build-and-release-workflow: + # needs: [call-create-github-release-workflow] + # uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main + # with: + # release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} + # release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }} + # release_dir: SslStoreCaProxy/bin/Release + # secrets: + # token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }} + + call-generate-readme-workflow: + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main + secrets: + token: ${{ secrets.APPROVE_README_PUSH }} + + call-update-catalog-workflow: + needs: catalog-update-check + if: needs.catalog-update-check.outputs.upd_cat == 'True' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') + uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main + secrets: + token: ${{ secrets.SDK_SYNC_PAT }} + \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..7c4987a --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,43 @@ +# Terraform Provider release workflow. +name: Release + +# This GitHub action creates a release when a tag that matches the pattern +# "v*" (e.g. v0.1.0) is created. +on: + push: + tags: + - 'v*' + +# Releases need permissions to read and write the repository contents. +# GitHub considers creating releases and uploading assets as writing contents. +permissions: + contents: write + +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + # Allow goreleaser to access older tag information. + fetch-depth: 0 + - uses: actions/setup-go@v4 + with: + go-version-file: 'go.mod' + cache: true + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v5 + id: import_gpg + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.PASSPHRASE }} + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v4 + with: + args: release --clean + env: + # GitHub sets the GITHUB_TOKEN secret automatically. + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PAT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} + GPG_TTY: $(tty) \ No newline at end of file diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 0000000..3fb2cc3 --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,86 @@ +# Visit https://goreleaser.com for documentation on how to customize this +# behavior. +before: + hooks: + # this is just an example and not a requirement for provider building/publishing + - go mod tidy +builds: + - env: + # goreleaser does not work with CGO, it could also complicate + # usage by users in CI/CD systems like Terraform Cloud where + # they are unable to install libraries. + - CGO_ENABLED=0 + mod_timestamp: '{{ .CommitTimestamp }}' + flags: + - -trimpath + ldflags: + - '-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}' + goos: + - freebsd + - windows + - linux + - darwin + goarch: + - amd64 + - '386' + - arm + - arm64 + ignore: + - goos: darwin + goarch: '386' + binary: 'kfutil' +archives: + - format: zip + name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}' +checksum: + extra_files: + - glob: 'integration-manifest.json' + name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json' + name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS' + algorithm: sha256 +signs: + - artifacts: checksum + args: + # if you are using this in a GitHub action or some other automated pipeline, you + # need to pass the batch flag to indicate its not interactive. + - "--batch" + - "--local-user" + - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key + - "--output" + - "${signature}" + - "--detach-sign" + - "${artifact}" +release: + prerelease: auto + extra_files: + - glob: 'integration-manifest.json' + name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json' + # If you want to manually examine the release before its live, uncomment this line: + draft: true +changelog: + sort: asc + use: github + filters: + exclude: + - '^test:' + - '^chore' + - 'merge conflict' + - Merge pull request + - Merge remote-tracking branch + - Merge branch + - go mod tidy + groups: + - title: Dependency updates + regexp: "^.*(feat|fix)\\(deps\\)*:+.*$" + order: 300 + - title: 'New Features' + regexp: "^.*feat[(\\w)]*:+.*$" + order: 100 + - title: 'Bug fixes' + regexp: "^.*fix[(\\w)]*:+.*$" + order: 200 + - title: 'Documentation updates' + regexp: "^.*docs[(\\w)]*:+.*$" + order: 400 + - title: Other work + order: 9999