Skip to content

Commit

Permalink
WIP GoReleaser Workflow
Browse files Browse the repository at this point in the history
Signed-off-by: egibs <[email protected]>
  • Loading branch information
egibs committed Aug 14, 2024
1 parent 2267622 commit 676a528
Show file tree
Hide file tree
Showing 4 changed files with 139 additions and 133 deletions.
86 changes: 50 additions & 36 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -1,45 +1,59 @@
name: Cut Release
name: release

# run only on tags
on:
workflow_dispatch:
push:
tags:
- 'v*'

permissions:
id-token: write
contents: write

id-token: write # needed for federation
contents: write # needed to write releases
env:
VERSION_FILE: pkg/version/version.go
YARA_VERSION: 4.5.1

jobs:
tag:
if: ${{ github.repository }} == 'chainguard-dev/bincapz'
release-arm64:
if: github.ref_type == 'tag'
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- uses: chainguard-dev/actions/setup-gitsign@e82b4e5ae10182af72972addcb3fedf7454621c8
- name: Get Version
id: get-version
run: |
VERSION=$(awk -F'"' '/ID string =/ {print $2}' ${{ env.VERSION_FILE }})
if [[ ! "${VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: VERSION is not a valid semver"
exit 1
fi
echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT"
- name: Create Release
env:
GH_TOKEN: ${{ github.token }}
if: ${{ steps.get-version.outputs.VERSION != '' }}
run: |
VERSION=${{ steps.get-version.outputs.VERSION }}
if [[ ! "${VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: VERSION is not a valid semver"
exit 1
fi
git config --global tag.gpgsign true
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
gh release create "$VERSION" --title "$VERSION" --notes "Release $VERSION" --draft
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
fetch-depth: 0
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
with:
go-version-file: go.mod
cache: true
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
- uses: goto-bus-stop/setup-zig@7ab2955eb728f5440978d5824358023be3a2802d
- name: Fix zig-cache permissions
run: |
mkdir ${{ env.ZIG_USE_GLOBAL_CACHE_DIR }}
sudo chown -R $(whoami):$(id -u) ${{ env.ZIG_USE_GLOBAL_CACHE_DIR }}
env:
ZIG_USE_GLOBAL_CACHE_DIR: $HOME/zig-cache
- name: Set output
id: macos_sdk
run: echo "path=$(xcrun --show-sdk-path)" >> $GITHUB_OUTPUT
- name: Install yara
run: |
brew install autoconf automake libtool
mkdir -p /tmp/yara && cd /tmp/yara
wget https://github.com/VirusTotal/yara/archive/refs/tags/v${{ env.YARA_VERSION }}.tar.gz
tar -zxf v${{ env.YARA_VERSION }}.tar.gz
cd yara-${{ env.YARA_VERSION }}
./bootstrap.sh
./configure
make
sudo make install
rm -rf v${{ env.YARA_VERSION }}.tar.gz yara-${{ env.YARA_VERSION }}
cd -
- uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200
with:
version: ~> v2
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SDK_PATH: ${{ steps.macos_sdk.outputs.path }}
VERSION: ${{ github.ref_name }}
ZIG_USE_GLOBAL_CACHE_DIR: $HOME/zig-cache
83 changes: 0 additions & 83 deletions .github/workflows/version.yaml

This file was deleted.

101 changes: 88 additions & 13 deletions .goreleaser.yaml
Original file line number Diff line number Diff line change
@@ -1,28 +1,103 @@
# Sourced and adapted from https://github.com/goreleaser/goreleaser-example-zig-cgo/blob/master/.goreleaser.yaml
project_name: bincapz

before:
hooks:
- go mod tidy

env:
- COSIGN_YES=true

builds:
- id: bincapz-build
binary: bincapz
main: ./
- id: bincapz-macos-build
goos:
- darwin
- linux
- windows
- darwin
goarch:
- amd64
- arm64
ldflags:
- -s -w -X main.BuildVersion={{.Env.VERSION}}
flags:
- -trimpath
mod_timestamp: '{{ .CommitTimestamp }}'
- -trimpath
- -buildmode=pie
env:
- CGO_ENABLED=1
- id: bincapz-linux-build
goos:
- linux
goarch:
- amd64
- arm64
ldflags:
- -s -w -X main.BuildVersion={{.Env.VERSION}}
flags:
- -trimpath
env:
- CGO_ENABLED=1
- >-
{{- if eq .Os "linux" }}
{{- if eq .Arch "amd64" }}CC=zig cc -target x86_64-linux-gnu{{- end }}
{{- if eq .Arch "arm64" }}CC=zig cc -target aarch64-linux-gnu{{- end }}
{{- end }}
- >-
{{- if eq .Os "linux" }}
{{- if eq .Arch "amd64" }}CXX=zig c++ -target x86_64-linux-gnu{{- end }}
{{- if eq .Arch "arm64" }}CXX=zig c++ -target aarch64-linux-gnu{{- end }}
{{- end }}
- id: bincapz-windows-build
goos:
- windows
goarch:
- amd64
- arm64
ldflags:
- -X main.BuildVersion={{.Version}}
- -s -w -X main.BuildVersion={{.Env.VERSION}}
flags:
- -trimpath
env:
- CGO_ENABLED=1
- >-
{{- if eq .Os "windows" }}
{{- if eq .Arch "amd64" }}CC=zig cc -target x86_64-windows-gnu{{- end }}
{{- if eq .Arch "arm64"}}CC=zig cc -target aarch64-windows-gnu{{- end }}
{{- end }}
- >-
{{- if eq .Os "windows" }}
{{- if eq .Arch "amd64" }}CXX=zig c++ -target x86_64-windows-gnu{{- end }}
{{- if eq .Arch "arm64" }}CXX=zig c++ -target aarch64-windows-gnu{{- end }}
{{- end }}
archives:
- format: tar.gz
# this name template makes the OS and Arch compatible with the results of uname.
name_template: >-
{{ .ProjectName }}_
{{- title .Os }}_
{{- if eq .Arch "amd64" }}x86_64
{{- else if eq .Arch "386" }}i386
{{- else }}{{ .Arch }}{{ end }}
{{- if .Arm }}v{{ .Arm }}{{ end }}
# use zip for windows archives
format_overrides:
- goos: windows
format: zip
files:
- LICENSE
wrap_in_directory: true
checksum:
name_template: 'checksums.txt'

changelog:
sort: asc

snapshot:
name_template: "{{ incpatch .Version }}-next"
changelog:
sort: asc
filters:
exclude:
- '^docs:'
- '^test:'
signs:
- id: apko-cosign
cmd: cosign
certificate: "${artifact}.crt"
args: ["sign-blob", "--output-signature", "${signature}", "--output-certificate", "${certificate}", "${artifact}", "--yes"]
artifacts: all
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/chainguard-dev/bincapz

go 1.23
go 1.23.0

require (
github.com/agext/levenshtein v1.2.3
Expand Down

0 comments on commit 676a528

Please sign in to comment.