Merge pull request #95 from PierreBeucher/release-process

Release process

CHANGELOG.md

@@ -6,7 +6,7 @@
 ### Features
 
 * macOS (Darwin) support ([4daa2df](https://github.com/PierreBeucher/novops/commit/4daa2dfc22bbe55dfb53c7e1f8a2ae9960126a69))
-* multi-arch support (x64_64 / aarch64) ([b673e30](https://github.com/PierreBeucher/novops/commit/b673e30e66ce7cb21418c8299a36f921ebdf59c5))
+* multi-arch support (x86_64 / aarch64) ([b673e30](https://github.com/PierreBeucher/novops/commit/b673e30e66ce7cb21418c8299a36f921ebdf59c5))
 
 
 ### Bug Fixes

README.md

@@ -101,17 +101,17 @@ environments:
 Run commands with secrets and configs and discard them as soon as they're not needed anymore:
 
 ```sh
-# Run a sub-process with secrets and configs
-# Secrets are discard when command finishes
-novops run -- make deploy-aws-app
+# bash: source with process substitution
+source <(novops load)
 
-# Run a sub-shell with secrets and configs
-# Secrets are discarded on exit
-novops run -- sh
+# zsh / ksh: source with process substitution
+source =(novops load)
 
-# Or source directly into your shell
-# Secrets are discarded on exit
-source <(novops load)
+# Run sub-process directly
+novops run -- sh # or any other command, like 'terraform apply'
+
+# load in .env file (novops creates a symlink pointing to secure temporary file)
+novops load -s .envrc && source .envrc
 ```
 
 Secrets are available as environment variables and secure in-memory files:

docs/src/contributing/development.md

@@ -94,4 +94,21 @@ make doc-serve
 
 ## Release
 
-`release-please` should create/update Release PRs automatically on `main` changes. Merging automatically creates release and related artifacts. 
+`release-please` should create/update Release PRs automatically on `main` changes. After merge, release tag and artifacts must be created locally:
+
+Run `cross` Nix shell
+
+```sh
+nix develop .#cross
+```
+
+Create release
+
+```sh
+# GITHUB_TOKEN must be set with read/write permissions 
+# on Contents and Pull requests
+export GITHUB_TOKEN=xxx 
+
+git checkout <release_commit_sha>
+hack/create-release.sh
+```

docs/src/examples/shell.md

@@ -6,10 +6,21 @@
 
 ## Source into current shell
 
-Source directly into your shell
+Source into your shell
 
 ```sh
+# bash
 source <(novops load)
+
+# zsh / ksh 
+source =(novops load)
+
+# dash
+novops load -s .envrc
+. ./.envrc
+
+# fish
+source (novops load | psub)
 ```
 
 You can also create an alias such as
@@ -23,7 +34,11 @@ alias nload="source <(novops load)"
 Run a sub-process or command loaded with environment variables:
 
 ```sh
+# Run terraform apply
 novops run -- terraform apply
+
+# Run a sub-shell
+novops run -- sh
 ```
 
 This will ensure secrets are only exists in memory for as long as command run.

docs/src/getting-started.md

@@ -93,11 +93,17 @@ Secrets are loaded temporarily as environment variables or in a protected `tmpfs
 Either source directly into your shell or run a sub-process:
 
 ```sh
-# Source directly into your shell
+# bash / ksh: source with process substitution
 source <(novops load)
 
+# zsh: source with process substitution
+source =(novops load)
+
 # Run sub-process directly
-novops run -- terraform apply
+novops run -- some_command
+
+# load in .env file (novops creates a symlink pointing to secure temporary file)
+novops load -s .envrc && source .envrc
 ```
 
 ### 🐳 Docker & Podman

docs/src/install.md

@@ -1,35 +1,93 @@
 # Installation
 
 - [Linux](#linux)
-  - [Updating](#updating)
+- [MacOS (Darwin)](#macos-darwin)
+- [Windows](#windows)
 - [Arch Linux](#arch-linux)
 - [Nix](#nix)
-- [From source](#from-source)
+- [Direct binary download](#direct-binary-download)
+- [Build from source](#build-from-source)
+  - [Updating](#updating)
+
+Novops is distributed as a standalone static binary. No dependencies are required.
 
 ## Linux
 
-Novops is distributed as a standalone static binary. To install, run:
+Download latest Novops binary latest version:
+
+```sh
+# x86-64
+curl -L "https://github.com/PierreBeucher/novops/releases/latest/download/novops_linux_x86_64.zip" -o novops.zip
+
+# arm64
+curl -L "https://github.com/PierreBeucher/novops/releases/latest/download/novops_linux_aarch64.zip" -o novops.zip
+```
+
+Or specific version:
+
+```sh
+NOVOPS_VERSION=v0.12.0
+
+# x86-64
+curl -L "https://github.com/PierreBeucher/novops/releases/download/${NOVOPS_VERSION}/novops_linux_x86_64.zip" -o novops.zip
+
+# arm64
+curl -L "https://github.com/PierreBeucher/novops/releases/download/${NOVOPS_VERSION}/novops_linux_aarch64.zip" -o novops.zip
+```
+
+Install it:
 
 ```sh
-curl -L "https://github.com/PierreBeucher/novops/releases/latest/download/novops-X64-Linux.zip" -o novops.zip
 unzip novops.zip
 sudo mv novops /usr/local/bin/novops
 ```
 
-Install a specific version:
+Check it works:
+
+```sh
+novops --version
+```
+
+## MacOS (Darwin)
+
+Download latest Novops binary latest version:
+
+```sh
+# x86-64
+curl -L "https://github.com/PierreBeucher/novops/releases/latest/download/novops_macos_x86_64.zip" -o novops.zip
+
+# arm64
+curl -L "https://github.com/PierreBeucher/novops/releases/latest/download/novops_macos_aarch64.zip" -o novops.zip
+```
+
+Or specific version:
+
+```sh
+NOVOPS_VERSION=v0.12.0
+
+# x86-64
+curl -L "https://github.com/PierreBeucher/novops/releases/download/${NOVOPS_VERSION}/novops_macos_x86_64.zip" -o novops.zip
+
+# arm64
+curl -L "https://github.com/PierreBeucher/novops/releases/download/${NOVOPS_VERSION}/novops_macos_aarch64.zip" -o novops.zip
+```
+
+Install it:
 
 ```sh
-export NOVOPS_VERSION=0.6.0
-curl -L "https://github.com/PierreBeucher/novops/releases/download/v${NOVOPS_VERSION}/novops-X64-Linux.zip" -o novops.zip
 unzip novops.zip
 sudo mv novops /usr/local/bin/novops
 ```
 
-Novops is currently only available for x86-64 systems. More will come soon!
+Check it works:
 
-### Updating
+```sh
+novops --version
+```
 
-To update Novops, simply replace binary with a new one.
+## Windows
+
+Novops does not offer native Windows ([coming soon](https://github.com/PierreBeucher/novops/issues/90)). You can use [WSL](https://learn.microsoft.com/en-us/windows/wsl/install) in the meantime, following Linux installation.
 
 ## Arch Linux
 
@@ -84,21 +142,14 @@ Use a `flake.nix` such as:
 }
 ```
 
-## From source
-
-Requirements:
+## Direct binary download
 
-- Make
-- Docker
+See [GithHub releases](https://github.com/PierreBeucher/novops/releases) to download binaries directly.
 
-Clone [Novops repository](https://github.com/PierreBeucher/novops) and run:
+## Build from source
 
-```
-make build
-```
+See [Development and contribution guide](contributing/development.md) to build from source.
 
-Binary is built under `build/novops`
+### Updating
 
-```
-build/novops --version
-```
+To update Novops, replace binary with a new one following installation steps above.

hack/create-release.sh

@@ -0,0 +1,80 @@
+#!/bin/sh
+
+set -e
+
+#
+# Create a release from current commit
+# Build all cross-platforms binaries locally 
+# and create releases with artifacts
+# 
+# Must be run after release-please PR has been merged 
+# If script fails, it can be restarted safely and should be reasonably idempotent
+#
+
+if [ -z ${var+x} ]; then 
+    echo "GITHUB_TOKEN variable must be set (with read/write permissions on content and pull requests)"
+else 
+    echo "var is set to '$var'"
+fi
+
+echo "Current commit message:"
+echo "---"
+git log -1 --pretty=%B | cat
+echo "---"
+echo
+
+echo "Create release for from current commit?"
+read -p "'yes' to continue: " answer
+
+case ${answer:-N} in
+    yes ) echo "🚀";;
+    * ) echo "Type 'yes' to continue"; exit 1;;
+esac
+
+function build_and_zip() {
+    local target_name="$1"
+    local artifact_suffix="$2"
+
+    # Use different target dir to avoid glibc version error
+    # See https://github.com/cross-rs/cross/issues/724
+    local target_dir="target/cross/${target_name}"
+    local novops_binary="${target_dir}/${target_name}/release/novops"
+    cross build --target "${target_name}" --target-dir "${target_dir}" --release
+
+    # zip artifact + sha
+    zip -j "release/novops${artifact_suffix}.zip" "${novops_binary}"
+    sha256sum "${novops_binary}" > "release/novops${artifact_suffix}.sha256sum"
+}
+
+# cleanup before packaging release
+rm -r release || true
+mkdir release
+
+build_and_zip x86_64-unknown-linux-musl     "_linux_x86_64"
+build_and_zip aarch64-unknown-linux-musl    "_linux_aarch64"
+build_and_zip x86_64-apple-darwin           "_macos_x86_64"
+build_and_zip aarch64-apple-darwin          "_macos_aarch64"
+
+# Legacy release name using "novops-X64-Linux.zip" 
+# to avoid disruption on install scripts relying on this release name
+build_and_zip x86_64-unknown-linux-musl     "-X64-Linux"
+
+# Create release draft
+npx release-please github-release --repo-url https://github.com/PierreBeucher/novops --token=${GITHUB_TOKEN} --draft
+
+current_release=$(gh release list -L 1 | cut -d$'\t' -f1)
+echo "Upload artifacts for release '${current_release}'"
+read -p "'yes' to continue: " answer
+case ${answer:-N} in
+    yes ) echo "Uploading artifacts...";;
+    * ) echo "Type 'yes' to continue"; exit 1;;
+esac
+
+# make sure release is draft (normally it's ok but release-please may ignore draft)
+gh release edit "${current_release}" --draft
+
+# Upload all artifacts
+gh release upload "${current_release}" release/*
+
+# Finalize it !
+gh release edit "${current_release}" --latest --draft=false

release-please-config.json

@@ -5,8 +5,6 @@
       "release-type": "rust",
       "bump-minor-pre-major": false,
       "bump-patch-for-minor-pre-major": false,
-      "draft": false,
-      "prerelease": false,
       "include-component-in-tag": false
     }
   },