diff --git a/.github/workflows/nightly-release.yaml b/.github/workflows/nightly-release.yaml new file mode 100644 index 00000000..90da7394 --- /dev/null +++ b/.github/workflows/nightly-release.yaml @@ -0,0 +1,69 @@ +name: Nightly Release +on: + workflow_dispatch: + schedule: + - cron: '0 0 * * *' ## Every day at midnight UTC + +permissions: + contents: read + +jobs: + test: + runs-on: ubuntu-latest + needs: checkout + steps: + - name: Run tests + uses: ./.github/workflows/release-tests.yaml + + push: + runs-on: ubuntu-latest + environment: release + needs: test + permissions: + contents: write + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + fetch-depth: 0 + + - name: Setup golang + uses: ./.github/actions/golang + + - name: Install tools + uses: ./.github/actions/install-tools + + - name: Download build artifacts + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: build-artifacts + path: build/ + + - name: Create tag + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + # try to create a tag, if it already exists, update it + script: | + github.rest.git.createRef({ + owner: context.repo.owner, + repo: context.repo.repo, + ref: 'refs/tags/nightly', + sha: context.sha + }).catch(err => { + if (err.status !== 422) throw err; + github.rest.git.updateRef({ + owner: context.repo.owner, + repo: context.repo.repo, + ref: 'tags/nightly', + sha: context.sha + }); + }) + + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 + with: + distribution: goreleaser + version: latest + args: release --clean --verbose --config .goreleaser-nightly.yaml + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/parallel-tests.yaml b/.github/workflows/parallel-tests.yaml index 7d1dd8fb..5d3b452a 100644 --- a/.github/workflows/parallel-tests.yaml +++ b/.github/workflows/parallel-tests.yaml @@ -1,4 +1,4 @@ -name: E2E Tests +name: Helper workflow for E2E Tests on: workflow_call: # This is the event that triggers the workflow diff --git a/.github/workflows/release-tests.yaml b/.github/workflows/release-tests.yaml new file mode 100644 index 00000000..8b58b602 --- /dev/null +++ b/.github/workflows/release-tests.yaml @@ -0,0 +1,90 @@ +name: E2E Tests +on: + workflow_call: # This is the event that triggers the workflow + +jobs: + test: + uses: ./.github/workflows/parallel-tests.yaml + + test-ghcr: + runs-on: ubuntu-latest + needs: test + permissions: + packages: write + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + fetch-depth: 0 + + - name: Download build artifacts + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: build-artifacts + path: build/ + + - name: setup-using-previous-job + uses: ./.github/actions/setup-from-previous + + - name: Login to GHCR + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Run GHCR tests + run: | + build/uds run test:e2e-ghcr + env: + GITHUB_TOKEN: secrets.GITHUB_TOKEN + + - name: Save logs + if: always() + uses: defenseunicorns/uds-common/.github/actions/save-logs@172a905901cb9bd76d096d2850bf31af5c5a4fa1 # v0.8.0 + with: + suffix: test-ghcr + + + smoke-test: + runs-on: ubuntu-latest + needs: test + steps: + # Checkout the repo and setup the tooling for this job + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + fetch-depth: 0 + + - name: Download build artifacts + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: build-artifacts + path: build/ + + - name: Setup golang + uses: ./.github/actions/golang + + - name: Make UDS-CLI executable + run: | + chmod +x build/uds + + - name: Setup K3d + uses: ./.github/actions/k3d + + - name: Login to GHCR + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Run UDS Core smoke test + run: build/uds run test:ci-uds-core-smoke-test + shell: bash + + - name: Save logs + if: always() + uses: defenseunicorns/uds-common/.github/actions/save-logs@172a905901cb9bd76d096d2850bf31af5c5a4fa1 # v0.8.0 + with: + suffix: smoke-test diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 417ef227..6570eddc 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -9,106 +9,14 @@ on: - "v*" jobs: - checkout: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - fetch-depth: 0 - test: - uses: ./.github/workflows/parallel-tests.yaml + uses: ./.github/workflows/release-tests.yaml needs: checkout - test-ghcr: - runs-on: ubuntu-latest - needs: test - permissions: - packages: write - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - fetch-depth: 0 - - - name: Download build artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - name: build-artifacts - path: build/ - - - name: setup-using-previous-job - uses: ./.github/actions/setup-from-previous - - - name: Login to GHCR - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Run GHCR tests - run: | - build/uds run test:e2e-ghcr - env: - GITHUB_TOKEN: secrets.GITHUB_TOKEN - - - name: Save logs - if: always() - uses: defenseunicorns/uds-common/.github/actions/save-logs@172a905901cb9bd76d096d2850bf31af5c5a4fa1 # v0.8.0 - with: - suffix: test-ghcr - - - smoke-test: - runs-on: ubuntu-latest - needs: test - steps: - # Checkout the repo and setup the tooling for this job - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - fetch-depth: 0 - - - name: Download build artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - name: build-artifacts - path: build/ - - - name: Setup golang - uses: ./.github/actions/golang - - - name: Make UDS-CLI executable - run: | - chmod +x build/uds - - - name: Setup K3d - uses: ./.github/actions/k3d - - - name: Login to GHCR - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Run UDS Core smoke test - run: build/uds run test:ci-uds-core-smoke-test - shell: bash - - - name: Save logs - if: always() - uses: defenseunicorns/uds-common/.github/actions/save-logs@172a905901cb9bd76d096d2850bf31af5c5a4fa1 # v0.8.0 - with: - suffix: smoke-test - - push: runs-on: ubuntu-latest environment: release - needs: [test, test-ghcr, smoke-test] + needs: test permissions: contents: write steps: @@ -143,7 +51,7 @@ jobs: with: distribution: goreleaser version: latest - args: release --clean --verbose + args: release --clean --verbose --config .goreleaser.yaml env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.brew-tap-token.outputs.token }} diff --git a/.github/workflows/test-e2e-pr.yaml b/.github/workflows/test-e2e-pr.yaml index 6790494d..ae470b9e 100644 --- a/.github/workflows/test-e2e-pr.yaml +++ b/.github/workflows/test-e2e-pr.yaml @@ -10,8 +10,8 @@ on: - "adr/**" - "docs/**" - "CODEOWNERS" - - "goreleaser.yml" - - ".github/workflows/release.yaml" + - "goreleaser*.y*ml" + - ".github/workflows/*release*.y*ml" permissions: contents: read diff --git a/.goreleaser-nightly.yaml b/.goreleaser-nightly.yaml new file mode 100644 index 00000000..edbf7db2 --- /dev/null +++ b/.goreleaser-nightly.yaml @@ -0,0 +1,59 @@ +before: + hooks: + - go mod tidy + +# Build a universal macOS binary +universal_binaries: + - replace: false + +# Build the different combination of goos/arch binaries +builds: + - env: + - CGO_ENABLED=0 + goos: + - linux + - darwin + ldflags: + - -s -w -X 'github.com/defenseunicorns/uds-cli/src/config.CLIVersion={{.Tag}}' -X 'github.com/defenseunicorns/zarf/src/config.ActionsCommandZarfPrefix=zarf' + - -X 'github.com/defenseunicorns/zarf/src/config.ActionsCommandZarfPrefix=zarf' + - -X 'github.com/derailed/k9s/cmd.version=${K9S_VERSION}' + - -X 'github.com/google/go-containerregistry/cmd/crane/cmd.Version=${CRANE_VERSION}' + - -X 'github.com/defenseunicorns/zarf/src/cmd/tools.syftVersion=${SYFT_VERSION}' + - -X 'github.com/defenseunicorns/zarf/src/cmd/tools.archiverVersion=${ARCHIVER_VERSION}' + - -X 'github.com/defenseunicorns/zarf/src/cmd/tools.helmVersion=${HELM_VERSION}' + goarch: + - amd64 + - arm64 + binary: uds + +# Save the built artifacts as binaries (instead of wrapping them in a tarball) +archives: + - format: binary + name_template: "{{ .ProjectName }}_{{ .Tag }}_{{- title .Os }}_{{ .Arch }}" + +# generate a sha256 checksum of all release artifacts +checksum: + name_template: "checksums.txt" + algorithm: sha256 + +# generate sboms for each binary artifact +sboms: + - artifacts: binary + documents: + - "sbom_{{ .ProjectName }}_{{ .Tag }}_{{- title .Os }}_{{ .Arch }}.sbom" + +snapshot: + name_template: "{{ incpatch .Version }}-snapshot" + +# Use the auto-generated changelog github provides +changelog: + use: github-native + +# Generate a GitHub release and publish the release for the tag +release: + github: + owner: defenseunicorns + name: uds-cli + prerelease: auto + mode: append + draft: false diff --git a/.goreleaser.yaml b/.goreleaser.yaml index a49ead12..16809e93 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -15,6 +15,12 @@ builds: - darwin ldflags: - -s -w -X 'github.com/defenseunicorns/uds-cli/src/config.CLIVersion={{.Tag}}' -X 'github.com/defenseunicorns/zarf/src/config.ActionsCommandZarfPrefix=zarf' + - -X 'github.com/defenseunicorns/zarf/src/config.ActionsCommandZarfPrefix=zarf' + - -X 'github.com/derailed/k9s/cmd.version=${K9S_VERSION}' + - -X 'github.com/google/go-containerregistry/cmd/crane/cmd.Version=${CRANE_VERSION}' + - -X 'github.com/defenseunicorns/zarf/src/cmd/tools.syftVersion=${SYFT_VERSION}' + - -X 'github.com/defenseunicorns/zarf/src/cmd/tools.archiverVersion=${ARCHIVER_VERSION}' + - -X 'github.com/defenseunicorns/zarf/src/cmd/tools.helmVersion=${HELM_VERSION}' goarch: - amd64 - arm64