Skip to content

Commit

Permalink
use locally appropriate release workflow config
Browse files Browse the repository at this point in the history
  • Loading branch information
n-oden committed Sep 7, 2023
1 parent a16080d commit 6711bcf
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 91 deletions.
54 changes: 26 additions & 28 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -1,43 +1,41 @@
# Terraform Provider release workflow.
name: Release

# This GitHub action creates a release when a tag that matches the pattern
# "v*" (e.g. v0.1.0) is created.
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+*'
- 'v*'

# Releases need permissions to read and write the repository contents.
# GitHub considers creating releases and uploading assets as writing contents.
permissions:
contents: write

jobs:
release-notes:
goreleaser:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
# Allow goreleaser to access older tag information.
fetch-depth: 0
- name: Generate Release Notes
run: sed -n -e "1{/# /d;}" -e "2{/^$/d;}" -e "/# $(git describe --abbrev=0 --exclude="$(git describe --abbrev=0 --match='v*.*.*' --tags)" --match='v*.*.*' --tags | tr -d v)/q;p" CHANGELOG.md > release-notes.txt
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
name: release-notes
path: release-notes.txt
retention-days: 1
terraform-provider-release:
name: 'Terraform Provider Release'
needs: [release-notes]
uses: hashicorp/ghaction-terraform-provider-release/.github/workflows/hashicorp.yml@01981baad5d35ce2342924e60ae91cf69fe31fd0 # v2.3.0
secrets:
hc-releases-key-prod: '${{ secrets.HC_RELEASES_KEY_PROD }}'
hc-releases-key-staging: '${{ secrets.HC_RELEASES_KEY_STAGING }}'
hc-releases-github-token: '${{ secrets.HASHI_RELEASES_GITHUB_TOKEN }}'
hc-releases-terraform-registry-sync-token: '${{ secrets.TF_PROVIDER_RELEASE_TERRAFORM_REGISTRY_SYNC_TOKEN }}'
setup-signore-github-token: '${{ secrets.HASHI_SIGNORE_GITHUB_TOKEN }}'
signore-client-id: '${{ secrets.SIGNORE_CLIENT_ID }}'
signore-client-secret: '${{ secrets.SIGNORE_CLIENT_SECRET }}'
hc-releases-host-staging: '${{ secrets.HC_RELEASES_HOST_STAGING }}'
hc-releases-host-prod: '${{ secrets.HC_RELEASES_HOST_PROD }}'
with:
release-notes: true
setup-go-version-file: 'go.mod'
# Product Version (e.g. v1.2.3 or github.ref_name)
product-version: '${{ github.ref_name }}'
go-version-file: 'go.mod'
cache: true
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@72b6676b71ab476b77e676928516f6982eef7a41 # v5.3.0
id: import_gpg
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@3fa32b8bb5620a2c1afe798654bbad59f9da4906 # v4.4.0
with:
args: release --clean
env:
# GitHub sets the GITHUB_TOKEN secret automatically.
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
111 changes: 48 additions & 63 deletions .goreleaser.yml
Original file line number Diff line number Diff line change
@@ -1,75 +1,60 @@
archives:
- files:
# Ensure only built binary is archived
- 'none*'
format: zip
name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
# Visit https://goreleaser.com for documentation on how to customize this
# behavior.
before:
hooks:
- 'go mod download'
# this is just an example and not a requirement for provider building/publishing
- go mod tidy
builds:
- # Binary naming only required for Terraform CLI 0.12
binary: '{{ .ProjectName }}_v{{ .Version }}_x5'
env:
- CGO_ENABLED=0
flags:
- -trimpath
goos:
- darwin
- freebsd
- linux
- windows
goarch:
- '386'
- amd64
- arm
- arm64
ignore:
- goarch: arm
goos: windows
- goarch: arm64
goos: freebsd
- goarch: arm64
goos: windows
ldflags:
- -s -w -X main.Version={{.Version}}
mod_timestamp: '{{ .CommitTimestamp }}'
- env:
# goreleaser does not work with CGO, it could also complicate
# usage by users in CI/CD systems like Terraform Cloud where
# they are unable to install libraries.
- CGO_ENABLED=0
mod_timestamp: '{{ .CommitTimestamp }}'
flags:
- -trimpath
ldflags:
- '-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}'
goos:
- freebsd
- windows
- linux
- darwin
goarch:
- amd64
- '386'
- arm
- arm64
ignore:
- goos: darwin
goarch: '386'
binary: '{{ .ProjectName }}_v{{ .Version }}'
archives:
- format: zip
name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
checksum:
algorithm: sha256
extra_files:
- glob: 'terraform-registry-manifest.json'
name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
publishers:
- checksum: true
# Terraform CLI 0.10 - 0.11 perform discovery via HTTP headers on releases.hashicorp.com
# For providers which have existed since those CLI versions, exclude
# discovery by setting the protocol version headers to 5.
env:
- HC_RELEASES_HOST={{ .Env.HC_RELEASES_HOST }}
- HC_RELEASES_KEY={{ .Env.HC_RELEASES_KEY }}
cmd: |
hc-releases upload -product {{ .ProjectName }} -version {{ .Version }} -file={{ .ArtifactPath }}={{ .ArtifactName }} -header=x-terraform-protocol-version=5 -header=x-terraform-protocol-versions=5.0
extra_files:
- glob: 'terraform-registry-manifest.json'
name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
name: upload
signature: true
algorithm: sha256
signs:
- artifacts: checksum
args:
# if you are using this in a GitHub action or some other automated pipeline, you
# need to pass the batch flag to indicate its not interactive.
- "--batch"
- "--local-user"
- "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key
- "--output"
- "${signature}"
- "--detach-sign"
- "${artifact}"
release:
extra_files:
- glob: 'terraform-registry-manifest.json'
name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
ids:
- none
signs:
- args: ["sign", "--dearmor", "--file", "${artifact}", "--out", "${signature}"]
artifacts: checksum
cmd: signore
signature: ${artifact}.sig
- args: ["sign", "--dearmor", "--file", "${artifact}", "--out", "${signature}"]
artifacts: checksum
cmd: signore
id: key-id
signature: ${artifact}.72D7468F.sig
snapshot:
name_template: "{{ .Tag }}-next"
# If you want to manually examine the release before its live, uncomment this line:
# draft: true
changelog:
skip: true

0 comments on commit 6711bcf

Please sign in to comment.