-
Notifications
You must be signed in to change notification settings - Fork 446
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[action] updates and first pass at goreleaser deb
- Loading branch information
Showing
3 changed files
with
80 additions
and
65 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,34 +8,25 @@ on: | |
|
||
jobs: | ||
ci: | ||
uses: smallstep/certificates/.github/workflows/ci.yml@main | ||
uses: smallstep/certificates/.github/workflows/ci.yml@master | ||
secrets: inherit | ||
|
||
create_release: | ||
name: Create Release | ||
needs: ci | ||
#needs: ci | ||
runs-on: ubuntu-20.04 | ||
outputs: | ||
debversion: ${{ steps.extract-tag.outputs.DEB_VERSION }} | ||
is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }} | ||
steps: | ||
- | ||
name: Extract Tag Names | ||
id: extract-tag | ||
run: | | ||
DEB_VERSION=$(echo ${GITHUB_REF#refs/tags/v} | sed 's/-/./') | ||
echo "::set-output name=DEB_VERSION::${DEB_VERSION}" | ||
- | ||
name: Is Pre-release | ||
- name: Is Pre-release | ||
id: is_prerelease | ||
run: | | ||
set +e | ||
echo ${{ github.ref }} | grep "\-rc.*" | ||
OUT=$? | ||
if [ $OUT -eq 0 ]; then IS_PRERELEASE=true; else IS_PRERELEASE=false; fi | ||
echo "::set-output name=IS_PRERELEASE::${IS_PRERELEASE}" | ||
- | ||
name: Create Release | ||
- name: Create Release | ||
id: create_release | ||
uses: actions/create-release@v1 | ||
env: | ||
|
@@ -51,80 +42,55 @@ jobs: | |
runs-on: ubuntu-20.04 | ||
needs: create_release | ||
steps: | ||
- | ||
name: Checkout | ||
uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 | ||
- | ||
name: Set up Go | ||
uses: actions/setup-go@v2 | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
- name: Set up Go | ||
uses: actions/setup-go@v3 | ||
with: | ||
go-version: 1.19 | ||
- | ||
name: APT Install | ||
id: aptInstall | ||
run: sudo apt-get -y install build-essential debhelper fakeroot | ||
- | ||
name: Build Debian package | ||
id: make_debian | ||
run: | | ||
PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin | ||
make debian | ||
# need to restore the git state otherwise goreleaser fails due to dirty state | ||
git restore debian/changelog | ||
git clean -fd | ||
- | ||
name: Install cosign | ||
uses: sigstore/[email protected] | ||
check-latest: true | ||
- name: Install cosign | ||
uses: sigstore/[email protected] | ||
with: | ||
cosign-release: 'v1.1.0' | ||
- | ||
name: Write cosign key to disk | ||
cosign-release: 'v1.12.1' | ||
- name: Write cosign key to disk | ||
id: write_key | ||
run: echo "${{ secrets.COSIGN_KEY }}" > "/tmp/cosign.key" | ||
- | ||
name: Get Release Date | ||
- name: Get Release Date | ||
id: release_date | ||
run: | | ||
RELEASE_DATE=$(date +"%y-%m-%d") | ||
echo "::set-output name=RELEASE_DATE::${RELEASE_DATE}" | ||
- | ||
name: Run GoReleaser | ||
uses: goreleaser/goreleaser-action@5a54d7e660bda43b405e8463261b3d25631ffe86 # v2.7.0 | ||
- name: Run GoReleaser | ||
uses: goreleaser/goreleaser-action@v3 | ||
with: | ||
version: 'v1.7.0' | ||
version: 'latest' | ||
args: release --rm-dist | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.PAT }} | ||
COSIGN_PWD: ${{ secrets.COSIGN_PWD }} | ||
DEB_VERSION: ${{ needs.create_release.outputs.debversion }} | ||
RELEASE_DATE: ${{ steps.release_date.outputs.RELEASE_DATE }} | ||
|
||
build_upload_docker: | ||
name: Build & Upload Docker Images | ||
runs-on: ubuntu-20.04 | ||
needs: ci | ||
steps: | ||
- | ||
name: Checkout | ||
uses: actions/checkout@v2 | ||
- | ||
name: Setup Go | ||
uses: actions/setup-go@v2 | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
- name: Setup Go | ||
uses: actions/setup-go@v3 | ||
with: | ||
go-version: '1.19' | ||
- | ||
name: Install cosign | ||
check-latest: true | ||
- name: Install cosign | ||
uses: sigstore/[email protected] | ||
with: | ||
cosign-release: 'v1.1.0' | ||
- | ||
name: Write cosign key to disk | ||
- name: Write cosign key to disk | ||
id: write_key | ||
run: echo "${{ secrets.COSIGN_KEY }}" > "/tmp/cosign.key" | ||
- | ||
name: Build | ||
- name: Build | ||
id: build | ||
run: | | ||
PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -71,6 +71,24 @@ builds: | |
binary: bin/step-awskms-init | ||
ldflags: | ||
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}} | ||
- | ||
# This build is specifically for nFPM targets (.deb and .rpm files). | ||
# It's exactly the same as the default build above, except: | ||
# - it only builds the archs we want to produce .deb and .rpm files for | ||
# - the name of the output binary is step-cli | ||
id: nfpm | ||
env: | ||
- CGO_ENABLED=0 | ||
goos: | ||
- linux | ||
goarch: | ||
- amd64 | ||
flags: | ||
- -trimpath | ||
main: ./cmd/step-ca/main.go | ||
binary: bin/step-ca | ||
ldflags: | ||
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}} | ||
|
||
archives: | ||
- | ||
|
@@ -85,6 +103,41 @@ archives: | |
files: | ||
- README.md | ||
- LICENSE | ||
allow_different_binary_count: true | ||
|
||
nfpms: | ||
# Configure nFPM for .deb and .rpm releases | ||
# | ||
# See https://nfpm.goreleaser.com/configuration/ | ||
# and https://goreleaser.com/customization/nfpm/ | ||
# | ||
# Useful tools for debugging .debs: | ||
# List file contents: dpkg -c dist/step_...deb | ||
# Package metadata: dpkg --info dist/step_....deb | ||
# | ||
- | ||
builds: | ||
- nfpm | ||
package_name: step-ca | ||
file_name_template: "{{ .PackageName }}_{{ .Version }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}" | ||
vendor: Smallstep Labs | ||
homepage: https://github.com/smallstep/certificates | ||
maintainer: Smallstep <[email protected]> | ||
description: > | ||
step-ca is an online certificate authority for secure, automated certificate management. | ||
license: Apache 2.0 | ||
section: utils | ||
formats: | ||
- deb | ||
- rpm | ||
priority: optional | ||
bindir: /usr/bin | ||
contents: | ||
- src: debian/copyright | ||
dst: /usr/share/doc/step-ca/copyright | ||
scripts: | ||
postinstall: scripts/postinstall.sh | ||
postremove: scripts/postremove.sh | ||
|
||
source: | ||
enabled: true | ||
|
@@ -98,7 +151,7 @@ checksum: | |
signs: | ||
- cmd: cosign | ||
stdin: '{{ .Env.COSIGN_PWD }}' | ||
args: ["sign-blob", "-key=/tmp/cosign.key", "-output=${signature}", "${artifact}"] | ||
args: ["sign-blob", "-key=/tmp/cosign.key", "-output-signature=${signature}", "${artifact}"] | ||
artifacts: all | ||
|
||
snapshot: | ||
|