Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revamp release automation #1250

Merged
merged 26 commits into from
Aug 14, 2023
Merged

Revamp release automation #1250

merged 26 commits into from
Aug 14, 2023

Commits on Aug 14, 2023

  1. release: outline release logic using GoReleaser 

    This adds the base for releasing using GoReleaser going forward in a
backwards compatible manner, which means:

- Publishing of artifacts in the same formats as previous releases
- Publishing of RPM and deb artifacts in the same formats as previous
  releases (although the metadata may need a bit of tweaking)

In addition, it includes:

- SBOM inclusion per binary artifact

It still needs work around:

- Artifact signing
- SLSA compliance
- Docker images
- GitHub release
- Changelog generation
- GitHub Action workflow

Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    02de4a8 View commit details
    Browse the repository at this point in the history

  2. release: configure build of Docker images 

    GoReleaser requires specifically crafted Dockerfiles as the build
context is dynamically constructed.

For more information, refer to https://goreleaser.com/errors/docker-build/#do
and other documentation around Docker image templates and manifests.

Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    b5b3760 View commit details
    Browse the repository at this point in the history

  3. release: sign checksum file and images with cosign 

    Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    138d9fe View commit details
    Browse the repository at this point in the history

  4. release: enable GitHub native note generation 

    This appears to be the best option at present to e.g. celebrate new
contributors while also allowing things to be grouped by pull request
label.

For more information, see xrefs in patch.

Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    947979b View commit details
    Browse the repository at this point in the history

  5. release: add release configuration 

    This still needs further configuration of at least the `.header` field.

Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    2186d1e View commit details
    Browse the repository at this point in the history

  6. release: publish container images to GHCR and Quay 

    Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    9907309 View commit details
    Browse the repository at this point in the history

  7. release: download modules and check dirty state 

    Plus a tiny nit to not have to pass `--yes` to Cosign everywhere, and
enabling of size reporting.

Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    22fb5f0 View commit details
    Browse the repository at this point in the history

  8. build: outline new release workflow 

    Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    10c827d View commit details
    Browse the repository at this point in the history

  9. release: remove stale Make target utilities 

    These are no longer required, as they are now handled by GoReleaser
or no longer under our control (`make_download_page.sh`).

Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    986a4c2 View commit details
    Browse the repository at this point in the history

  10. release: small nits 

    Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    12c6e3f View commit details
    Browse the repository at this point in the history

  11. release: refactor backwards compatible artifacts 

    Which in turn solves the generation of the checksum file.

Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    cf05f48 View commit details
    Browse the repository at this point in the history

  12. release: extend timeout 

    Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    0411c7d View commit details
    Browse the repository at this point in the history

  13. release: further improve build flags 

    Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    31823b0 View commit details
    Browse the repository at this point in the history

  14. release: pin GoReleaser version 

    Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    30abe25 View commit details
    Browse the repository at this point in the history

  15. release: artifact, SBOM and container provenance 

    Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    0e585a1 View commit details
    Browse the repository at this point in the history

  16. release: backwards compatible tag fmt, changelog 

    Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    feb34a0 View commit details
    Browse the repository at this point in the history

  17. release: further solve backwards compatible names 

    Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    fe45a84 View commit details
    Browse the repository at this point in the history

  18. build: remove obsolete Dockerfiles 

    These were only part of the release process, and now continue to exist
in `.release/*`.

Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    feb7d43 View commit details
    Browse the repository at this point in the history

  19. release: tweak signature and certificate filenames 

    Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    3deb00e View commit details
    Browse the repository at this point in the history

  20. release: disable Go cache for workflow 

    Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    5276fcf View commit details
    Browse the repository at this point in the history

  21. release: improve release notes 

    Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    cd23b73 View commit details
    Browse the repository at this point in the history

  22. release: remove DockerHub release util script 

    As it has been replaced with GoReleaser.

Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    bf884fa View commit details
    Browse the repository at this point in the history

  23. build: add release-snapshot Make target 

    This allows you to run the release locally, without publishing or
signing, against the current state of the repository.

There are some more improvements I would like to make to the
`Makefile` e.g., the deprecation of `golint` and the introduction of a
`help` target. But they are out of scope for the current things I am
working on.

Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    13794d7 View commit details
    Browse the repository at this point in the history

  24. docs: briefly outline release procedure 

    Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    8f2333c View commit details
    Browse the repository at this point in the history

  25. release: update GoReleaser to 1.20.0 

    Which now allows us to set the `mod_timestamp` on universal binaries.

Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    cbcd73d View commit details
    Browse the repository at this point in the history

  26. release: further improvements based on feedback 

    - Describe difference between Debian (slim) and Alpine image
- Add `-o text` flag to `cosign verify` example to print readable text
  instead of JSON blob
- Fix typo in one of the `ghcr.io` domains
- Use correct OCI annotation for image "title"

Signed-off-by: Hidde Beydals <[email protected]>
    @hiddeco
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    79bbb22 View commit details
    Browse the repository at this point in the history