Skip to content

Commit

Permalink
use goreleaser for releasing and cosign for signing (#322)
Browse files Browse the repository at this point in the history
  • Loading branch information
maditya authored Nov 6, 2023
1 parent 0a59c46 commit ee2e95f
Show file tree
Hide file tree
Showing 12 changed files with 106 additions and 214 deletions.
11 changes: 7 additions & 4 deletions .github/workflows/golangci-lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,18 @@ on:
branches:
- main
pull_request:

permissions:
contents: read
env:
GO_VERSION: 1.21.3
jobs:
golangci:
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v4
with:
go-version: 1.20.6
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: '${{ env.GO_VERSION }}'
- name: golangci-lint
uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
5 changes: 4 additions & 1 deletion .github/workflows/license.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,14 +20,17 @@ on:
- main
pull_request:

env:
GO_VERSION: 1.21.3

jobs:
license-check:
runs-on: ubuntu-latest
steps:
- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: 1.20.6
go-version: '${{ env.GO_VERSION }}'
- name: checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install addlicense
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/linux.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
go: [ '1.19.x', '1.20.x', '1.21.0' ]
go: [ '1.19.x', '1.20.x', '1.21.x' ]
name: Go ${{ matrix.go }} build
steps:
- name: checkout
Expand Down
77 changes: 36 additions & 41 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,51 +12,46 @@
# See the License for the specific language governing permissions and
# limitations under the License.

name: create release and upload binary

name: Create Release and Upload Binaries
# run only on tags
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+'

permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
packages: write # needed to upload artifacts
env:
GO_VERSION: 1.21.3

jobs:
build:
release:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: install go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: 1.20.6

- name: get version
id: v
run: echo ::set-output name=tag::$( awk -F '/' '{print $NF}' <<< "${GITHUB_REF}" )

- name: build
run: |
go build ./cmd/crypki
tar -czvf crypki-${{ steps.v.outputs.tag }}-linux.tar.gz --transform 's,^,crypki-${{ steps.v.outputs.tag }}-${OS}/,' crypki
- name: create release
id: create-release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.v.outputs.tag }}
release_name: ${{ steps.v.outputs.tag }}
draft: false
prerelease: false

- name: upload linux binary
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create-release.outputs.upload_url }}
asset_path: crypki-${{ steps.v.outputs.tag }}-linux.tar.gz
asset_name: crypki-${{ steps.v.outputs.tag }}-linux.tar.gz
asset_content_type: application/gzip
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0 # this is important, otherwise it won't checkout the full tree (i.e. no previous tags)

- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: ${{ env.GO_VERSION }}

- uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
with:
cosign-release: 'v2.2.0' # optional
- uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
- uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
with:
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
161 changes: 0 additions & 161 deletions .github/workflows/reuse.yml

This file was deleted.

52 changes: 52 additions & 0 deletions .goreleaser.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
project_name: crypki

gomod:
proxy: true

env:
- GO111MODULE=on
- COSIGN_YES=true


sboms:
- artifacts: binary

builds:
- main: ./cmd/crypki
goos:
- linux

kos:
- repository: ghcr.io/theparanoids/crypki
tags:
- '{{.Version}}'
- latest
bare: true
preserve_import_paths: false
platforms:
- linux/amd64
- linux/arm64

signs:
- cmd: cosign
signature: "${artifact}.sig"
certificate: "${artifact}.pem"
args:
- sign-blob
- '--output-certificate=${certificate}'
- '--output-signature=${signature}'
- '${artifact}'
artifacts: all
output: true

docker_signs:
- cmd: cosign
args:
- 'sign'
- '${artifact}'
artifacts: manifests
output: true

release:
footer: |
### Thanks for all contributors!
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ You should be able to run crypki server on any linux platform as long as you hav

Prerequisites:

- Go >= 1.18
- Go >= 1.19

Run:

Expand Down
2 changes: 1 addition & 1 deletion proto/healthcheck.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion proto/healthcheck_grpc.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion proto/protogen.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
// Package proto contains proto generated code.
package proto

// use protoc v4.23.4
// use protoc v4.25.0
//go:generate protoc -I. -I../third_party/googleapis --go_out=paths=source_relative:. --go-grpc_out=paths=source_relative:. sign.proto healthcheck.proto
//go:generate protoc -I. -I../third_party/googleapis --grpc-gateway_out=paths=source_relative:. --grpc-gateway_opt logtostderr=true --grpc-gateway_opt paths=source_relative --grpc-gateway_opt generate_unbound_methods=true sign.proto
//go:generate mockgen -source=./sign_grpc.pb.go -destination=./sign_grpc_mock.go -package=proto
2 changes: 1 addition & 1 deletion proto/sign.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit ee2e95f

Please sign in to comment.