From a108c1eab5907a2c6d48b24cc63eb9a226f27f8c Mon Sep 17 00:00:00 2001 From: cpanato Date: Thu, 20 Jul 2023 18:38:26 +0200 Subject: [PATCH 1/3] fix deprecated flag Signed-off-by: cpanato --- .github/workflows/release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 0b720b1..4aede69 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -33,7 +33,7 @@ jobs: - name: Install cosign uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1 - - uses: ko-build/setup-ko@v0.6 + - uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 with: version: v0.14.1 @@ -53,7 +53,7 @@ jobs: uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0 with: version: latest - args: release --rm-dist + args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} LDFLAGS: ${{ env.GO_FLAGS }} From c1114a21a8a223cfe1c8f377c53605d55d3195e7 Mon Sep 17 00:00:00 2001 From: cpanato Date: Thu, 20 Jul 2023 19:02:46 +0200 Subject: [PATCH 2/3] refactor release job Signed-off-by: cpanato --- .github/workflows/release.yaml | 41 ++++++++++++++++------------------ .goreleaser.yaml | 4 +--- Makefile | 7 ++++++ 3 files changed, 27 insertions(+), 25 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4aede69..0da874f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -19,7 +19,11 @@ jobs: env: GO111MODULE: on - COSIGN_EXPERIMENTAL: "true" + COSIGN_YES: "true" + + outputs: + hashes: ${{ steps.hash.outputs.hashes }} + tag_name: ${{ steps.tag.outputs.tag_name }} steps: - name: Check out code onto GOPATH @@ -48,6 +52,9 @@ jobs: goflags=$(ldflags) echo "GO_FLAGS="${goflags}"" >> "$GITHUB_ENV" + - name: Log into ghcr.io + run: echo ${{ secrets.GITHUB_TOKEN }} | ko login ghcr.io -u ${{ github.repository_owner }} --password-stdin + - name: Run GoReleaser id: run-goreleaser uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0 @@ -67,32 +74,22 @@ jobs: checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path') echo "hashes=$(cat $checksum_file | base64 -w0)" >> "$GITHUB_OUTPUT" + - name: build images + run: make build-sign-release-images || true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + provenance: - needs: [release] + needs: + - release + permissions: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.release.outputs.hashes }}" - upload-assets: false # do not upload to a new release since goreleaser creates it - - release-provenance: - needs: [provenance] - runs-on: ubuntu-latest - permissions: - actions: read # To read the workflow path. - contents: write # To add assets to a release. - steps: - - name: Download the provenance - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 - with: - name: ${{needs.provenance.outputs.provenance-name}} - - - name: Release Provenance - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 - id: release-provenance - with: - draft: true - files: ${{needs.provenance.outputs.provenance-name}} + upload-assets: true # upload to a new release + upload-tag-name: "${{ needs.release.outputs.tag_name }}" diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 0010bf5..a051cc5 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -8,7 +8,6 @@ before: hooks: - go mod tidy - /bin/bash -c 'if [ -n "$(git --no-pager diff --exit-code go.mod go.sum)" ]; then exit 1; fi' - - /bin/bash -c 'make build-sign-release-images' gomod: proxy: true @@ -74,5 +73,4 @@ snapshot: name_template: SNAPSHOT-{{ .ShortCommit }} release: - prerelease: allow - draft: true # allow for manual edits + prerelease: auto diff --git a/Makefile b/Makefile index fe888f4..2198979 100644 --- a/Makefile +++ b/Makefile @@ -60,6 +60,13 @@ ko: --platform=all --tags $(GIT_VERSION) --tags $(GIT_HASH) \ --image-refs vexImagerefs github.com/openvex/vexctl +ko-local: + # vexctl + LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \ + KO_DOCKER_REPO=ko.local ko build --bare \ + --platform=all --tags $(GIT_VERSION) --tags $(GIT_HASH) \ + --image-refs vexImagerefs github.com/openvex/vexctl + .PHONY: build-sign-release-images build-sign-release-images: ko GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \ From f60bad2b4d09b651aa407cfc57a78aef3c58824e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Garc=C3=ADa=20Veytia=20=28Puerco=29?= Date: Fri, 21 Jul 2023 09:04:31 -0600 Subject: [PATCH 3/3] Rename artifacts to vexctl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Adolfo GarcĂ­a Veytia (Puerco) --- .goreleaser.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index a051cc5..c1da43c 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -14,7 +14,7 @@ gomod: builds: - id: binaries - binary: vex-{{ .Os }}-{{ .Arch }} + binary: vexctl-{{ .Os }}-{{ .Arch }} no_unique_dist_dir: true main: . flags: