feat: release ci

.github/workflows/release.yaml

@@ -0,0 +1,44 @@
+name: Release UDS-CLI on Tag
+
+permissions:
+  contents: read
+
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          fetch-depth: 0
+
+      - name: Free up disk space
+        run: rm -rf /opt/hostedtoolcache
+
+      - name: Setup golang
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          go-version: 1.21.x
+
+      - name: Install syft
+        uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2
+
+      - name: Install grype
+        run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin"
+        shell: bash
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean --verbose --config .goreleaser.yaml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}

.goreleaser.yaml

@@ -0,0 +1,86 @@
+before:
+  hooks:
+    - go mod tidy
+
+# Build a universal macOS binary
+universal_binaries:
+  - replace: false
+
+# Build the different combination of goos/arch binaries
+builds:
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+    binary: uds-releaser
+
+# Save the built artifacts as binaries (instead of wrapping them in a tarball)
+archives:
+  - format: binary
+    name_template: "{{ .ProjectName }}_{{ .Tag }}_{{- title .Os }}_{{ .Arch }}"
+
+# generate a sha256 checksum of all release artifacts
+checksum:
+  name_template: "checksums.txt"
+  algorithm: sha256
+
+# generate sboms for each binary artifact
+sboms:
+  - artifacts: binary
+    documents:
+      - "sbom_{{ .ProjectName }}_{{ .Tag }}_{{- title .Os }}_{{ .Arch }}.sbom"
+
+snapshot:
+  name_template: "{{ incpatch .Version }}-snapshot"
+
+# Use the auto-generated changelog github provides
+changelog:
+  use: github-native
+
+# brews:
+#   - name: uds
+#     repository:
+#       owner: defenseunicorns
+#       name: homebrew-tap
+#       token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
+#       branch: "{{ .ProjectName }}-{{ .Tag }}"
+#       pull_request:
+#         enabled: true
+#         base:
+#           branch: main
+#           owner: defenseunicorns
+#           name: homebrew-tap
+#     commit_msg_template: "Brew formula update for {{ .ProjectName }} version {{ .Tag }}"
+#     homepage: "https://github.com/defenseunicorns/uds-cli"
+#     description: "CLI for Unicorn Delivery Service"
+
+#   # NOTE: We are using .Version instead of .Tag because homebrew has weird semver parsing rules and won't be able to
+#   #       install versioned releases that has a `v` character before the version number.
+#   - name: "uds@{{ .Version }}"
+#     repository:
+#       owner: defenseunicorns
+#       name: homebrew-tap
+#       token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
+#       branch: "{{ .ProjectName }}-{{ .Tag }}"
+#       pull_request:
+#         enabled: true
+#         base:
+#           branch: main
+#           owner: defenseunicorns
+#           name: homebrew-tap
+#     commit_msg_template: "Brew formula update for {{ .ProjectName }} versioned release {{ .Tag }}"
+#     homepage: "https://github.com/defenseunicorns/uds-cli"
+#     description: "CLI for Unicorn Delivery Service"
+
+# Generate a GitHub release and publish the release for the tag
+release:
+  github:
+    owner: defenseunicorns
+    name: uds-releaser
+  prerelease: auto
+  mode: append
+  draft: false

tasks.yaml

@@ -0,0 +1,50 @@
+# Copyright © 2024 The Authors of uds-releaser
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#   http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+includes:
+  - test: tasks/tests.yaml
+  - schema: tasks/schema.yaml
+  - docs: tasks/docs.yaml
+  - dev: tasks/dev.yaml
+
+tasks:
+  # build tasks
+  - name: build-all
+    description: build all the CLI binaries and gen checksums
+    actions:
+      - task: build-cli-linux-amd
+      - task: build-cli-linux-arm
+      - task: build-cli-mac-intel
+      - task: build-cli-mac-apple
+      - cmd: sha256sum build/* > build/checksums.txt
+
+  - name: build-cli-linux-amd
+    description: build the CLI for Linux AMD64
+    actions:
+      - cmd: CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="${BUILD_ARGS}" -o build/uds-releaser main.go
+
+  - name: build-cli-linux-arm
+    description: build the CLI for Linux ARM64
+    actions:
+      - cmd: CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="${BUILD_ARGS}" -o build/uds-releaser-arm main.go
+
+  - name: build-cli-mac-intel
+    description: build the CLI for Mac Intel
+    actions:
+      - cmd: GOOS=darwin GOARCH=amd64 go build -ldflags="${BUILD_ARGS}" -o build/uds-releaser-mac-intel main.go
+
+  - name: build-cli-mac-apple
+    description: build the CLI for Mac Apple
+    actions:
+      - cmd: GOOS=darwin GOARCH=arm64 go build -ldflags="${BUILD_ARGS}" -o build/uds-releaser-mac-apple main.go