diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 648661b2e..8a4d15c70 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,45 +1,36 @@ -name: Cut Release +name: release +# run only on tags on: - workflow_dispatch: + push: + tags: + - 'v*' permissions: - id-token: write - contents: write - -env: - VERSION_FILE: pkg/version/version.go + id-token: write # needed for federation + contents: write # needed to write releases jobs: - tag: - if: ${{ github.repository }} == 'chainguard-dev/bincapz' - runs-on: ubuntu-latest + release: + if: github.ref_type == 'tag' + runs-on: macos-latest steps: - - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde - with: - egress-policy: audit - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - - uses: chainguard-dev/actions/setup-gitsign@e82b4e5ae10182af72972addcb3fedf7454621c8 - - name: Get Version - id: get-version - run: | - VERSION=$(awk -F'"' '/ID string =/ {print $2}' ${{ env.VERSION_FILE }}) - if [[ ! "${VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo "Error: VERSION is not a valid semver" - exit 1 - fi - echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT" - - name: Create Release - env: - GH_TOKEN: ${{ github.token }} - if: ${{ steps.get-version.outputs.VERSION != '' }} - run: | - VERSION=${{ steps.get-version.outputs.VERSION }} - if [[ ! "${VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo "Error: VERSION is not a valid semver" - exit 1 - fi - git config --global tag.gpgsign true - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - gh release create "$VERSION" --title "$VERSION" --notes "Release $VERSION" --draft + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + with: + fetch-depth: 0 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 + with: + go-version: go.mod + cache: true + - uses: goto-bus-stop/setup-zig@7ab2955eb728f5440978d5824358023be3a2802d + - name: Set output + id: macos_sdk + run: echo "path=$(xcrun --show-sdk-path)" >> $GITHUB_OUTPUT + - uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 + with: + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SDK_PATH: ${{ steps.macos_sdk.outputs.path }} + VERSION: ${{ github.ref_name }} diff --git a/.github/workflows/version.yaml b/.github/workflows/version.yaml deleted file mode 100644 index 275fd4259..000000000 --- a/.github/workflows/version.yaml +++ /dev/null @@ -1,83 +0,0 @@ -name: Bump Version - -on: - workflow_dispatch: - inputs: - update: - description: 'Semver update type (patch, minor, major)' - required: true - default: 'minor' - -permissions: - contents: write - id-token: write - pull-requests: write - -env: - VERSION_FILE: pkg/version/version.go - -jobs: - version: - if: ${{ github.repository }} == 'chainguard-dev/bincapz' - runs-on: ubuntu-latest - steps: - - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde - with: - egress-policy: audit - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - - uses: chainguard-dev/actions/setup-gitsign@e82b4e5ae10182af72972addcb3fedf7454621c8 - - name: Update Version - id: update - run: | - UPDATE_TYPE=${{ github.event.inputs.update }} - - CURRENT_VERSION=$(awk -F'"' '/ID string =/ {print $2}' ${{ env.VERSION_FILE }}) - - if [[ ! "${CURRENT_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo "Error: CURRENT_VERSION is not a valid semver" - exit 1 - fi - - IFS='.' read -ra VERSION_PARTS <<< "${CURRENT_VERSION:1}" - - case "$UPDATE_TYPE" in - major) - VERSION=$(printf "v%d.0.0" $((${VERSION_PARTS[0]}+1))) - ;; - minor) - VERSION=$(printf "v%s.%d.0" ${VERSION_PARTS[0]} $((${VERSION_PARTS[1]}+1))) - ;; - patch) - VERSION=$(printf "v%s.%s.%d" ${VERSION_PARTS[0]} ${VERSION_PARTS[1]} $((${VERSION_PARTS[2]}+1))) - ;; - *) - echo "Error: Invalid update type" - exit 1 - ;; - esac - - if [[ ! "${VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo "Error: VERSION is not a valid semver" - exit 1 - fi - - echo "Current bincapz version: $CURRENT_VERSION" - echo "New bincapz version: $VERSION" - - sed -i "s/ID string = \"v[0-9]*\.[0-9]*\.[0-9]*\"/ID string = \"${VERSION}\"/" ${{ env.VERSION_FILE }} - - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - BRANCH="bincapz-version-bump-$VERSION" - git checkout -b $BRANCH - git add ${{ env.VERSION_FILE }} - git commit -m "Bump bincapz version to $VERSION" - git push origin $BRANCH - - echo "VERSION=$VERSION" >> $GITHUB_OUTPUT - - name: Create Pull Request - env: - GH_TOKEN: ${{ github.token }} - run: | - VERSION=${{ steps.update.outputs.VERSION }} - gh pr create -t "Update bincapz to $VERSION" -b "PR to update the version in ${{ env.VERSION_FILE }} to $VERSION" -B main diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 597384392..0ebba9ed6 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -1,28 +1,104 @@ +# Sourced and adapted from https://github.com/goreleaser/goreleaser-example-zig-cgo/blob/master/.goreleaser.yaml project_name: bincapz before: hooks: - go mod tidy - builds: - - id: bincapz-build - binary: bincapz - main: ./ + - id: bincapz-macos-build goos: - - darwin - - linux - - windows + - darwin + goarch: + - amd64 + - arm64 + ldflags: + - -s -w + - -X main.BuildVersion={{.Env.VERSION}} flags: - - -trimpath - mod_timestamp: '{{ .CommitTimestamp }}' + - -trimpath + - -buildmode=pie + env: + - CGO_ENABLED=1 + - >- + {{- if eq .Os "darwin" }} + {{- if eq .Arch "amd64"}}CC=zig c -target x86_64-macos-none -F{{ .Env.SDK_PATH }}/System/Library/Frameworks{{- end }} + {{- if eq .Arch "arm64"}}CC=zig c -target aarch64-macos-none -F{{ .Env.SDK_PATH }}/System/Library/Frameworks{{- end }} + {{- end }} + - >- + {{- if eq .Os "darwin" }} + {{- if eq .Arch "amd64"}}CC=zig c++ -target x86_64-macos-none -F{{ .Env.SDK_PATH }}/System/Library/Frameworks{{- end }} + {{- if eq .Arch "arm64"}}CC=zig c++ -target aarch64-macos-none -F{{ .Env.SDK_PATH }}/System/Library/Frameworks{{- end }} + {{- end }} + + - id: bincapz-linux-build + goos: + - linux + goarch: + - amd64 + - arm64 + ldflags: + - -s -w + - -X main.BuildVersion={{.Env.VERSION}} + flags: + - -trimpath + env: + - CGO_ENABLED=1 + - >- + {{- if eq .Os "linux" }} + {{- if eq .Arch "amd64" }}CC=zig c -target x86_64-linux-musl{{- end }} + {{- if eq .Arch "arm64"}}CC=zig c -target aarch64-linux-musl{{- end }} + {{- end }} + - >- + {{- if eq .Os "linux" }} + {{- if eq .Arch "amd64" }}CC=zig c++ -target x86_64-linux-musl{{- end }} + {{- if eq .Arch "arm64"}}CC=zig c++ -target aarch64-linux-musl{{- end }} + {{- end }} + + - id: bincapz-windows-build + goos: + - windows + goarch: + - amd64 + - arm64 ldflags: - - -X main.BuildVersion={{.Version}} + - -s -w + - -X main.BuildVersion={{.Env.VERSION}} + flags: + - -trimpath + env: + - CGO_ENABLED=1 + - >- + {{- if eq .Os "windows" }} + {{- if eq .Arch "amd64" }}CC=zig c -target x86_64-windows-gnu{{- end }} + {{- if eq .Arch "arm64"}}CC=zig c -target aarch64-windows-gnu{{- end }} + {{- end }} + - >- + {{- if eq .Os "windows" }} + {{- if eq .Arch "amd64" }}CC=zig c++ -target x86_64-windows-gnu{{- end }} + {{- if eq .Arch "arm64"}}CC=zig c++ -target aarch64-windows-gnu{{- end }} + {{- end }} +archives: + - format: tar.gz + # this name template makes the OS and Arch compatible with the results of uname. + name_template: >- + {{ .ProjectName }}_ + {{- title .Os }}_ + {{- if eq .Arch "amd64" }}x86_64 + {{- else if eq .Arch "386" }}i386 + {{- else }}{{ .Arch }}{{ end }} + {{- if .Arm }}v{{ .Arm }}{{ end }} + # use zip for windows archives + format_overrides: + - goos: windows + format: zip checksum: name_template: 'checksums.txt' - -changelog: - sort: asc - snapshot: name_template: "{{ incpatch .Version }}-next" +changelog: + sort: asc + filters: + exclude: + - '^docs:' + - '^test:'