diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..71e7d4c --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,44 @@ +name: Release UDS-CLI on Tag + +permissions: + contents: read + +on: + push: + tags: + - "v*" + +jobs: + push: + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + fetch-depth: 0 + + - name: Free up disk space + run: rm -rf /opt/hostedtoolcache + + - name: Setup golang + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + with: + go-version: 1.21.x + + - name: Install syft + uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2 + + - name: Install grype + run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin" + shell: bash + + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 + with: + distribution: goreleaser + version: latest + args: release --clean --verbose --config .goreleaser.yaml + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} \ No newline at end of file diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000..ece7b74 --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,86 @@ +before: + hooks: + - go mod tidy + +# Build a universal macOS binary +universal_binaries: + - replace: false + +# Build the different combination of goos/arch binaries +builds: + - env: + - CGO_ENABLED=0 + goos: + - linux + - darwin + goarch: + - amd64 + - arm64 + binary: uds-releaser + +# Save the built artifacts as binaries (instead of wrapping them in a tarball) +archives: + - format: binary + name_template: "{{ .ProjectName }}_{{ .Tag }}_{{- title .Os }}_{{ .Arch }}" + +# generate a sha256 checksum of all release artifacts +checksum: + name_template: "checksums.txt" + algorithm: sha256 + +# generate sboms for each binary artifact +sboms: + - artifacts: binary + documents: + - "sbom_{{ .ProjectName }}_{{ .Tag }}_{{- title .Os }}_{{ .Arch }}.sbom" + +snapshot: + name_template: "{{ incpatch .Version }}-snapshot" + +# Use the auto-generated changelog github provides +changelog: + use: github-native + +# brews: +# - name: uds +# repository: +# owner: defenseunicorns +# name: homebrew-tap +# token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}" +# branch: "{{ .ProjectName }}-{{ .Tag }}" +# pull_request: +# enabled: true +# base: +# branch: main +# owner: defenseunicorns +# name: homebrew-tap +# commit_msg_template: "Brew formula update for {{ .ProjectName }} version {{ .Tag }}" +# homepage: "https://github.com/defenseunicorns/uds-cli" +# description: "CLI for Unicorn Delivery Service" + +# # NOTE: We are using .Version instead of .Tag because homebrew has weird semver parsing rules and won't be able to +# # install versioned releases that has a `v` character before the version number. +# - name: "uds@{{ .Version }}" +# repository: +# owner: defenseunicorns +# name: homebrew-tap +# token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}" +# branch: "{{ .ProjectName }}-{{ .Tag }}" +# pull_request: +# enabled: true +# base: +# branch: main +# owner: defenseunicorns +# name: homebrew-tap +# commit_msg_template: "Brew formula update for {{ .ProjectName }} versioned release {{ .Tag }}" +# homepage: "https://github.com/defenseunicorns/uds-cli" +# description: "CLI for Unicorn Delivery Service" + +# Generate a GitHub release and publish the release for the tag +release: + github: + owner: defenseunicorns + name: uds-releaser + prerelease: auto + mode: append + draft: false \ No newline at end of file diff --git a/tasks.yaml b/tasks.yaml new file mode 100644 index 0000000..0a69452 --- /dev/null +++ b/tasks.yaml @@ -0,0 +1,50 @@ +# Copyright © 2024 The Authors of uds-releaser +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +includes: + - test: tasks/tests.yaml + - schema: tasks/schema.yaml + - docs: tasks/docs.yaml + - dev: tasks/dev.yaml + +tasks: + # build tasks + - name: build-all + description: build all the CLI binaries and gen checksums + actions: + - task: build-cli-linux-amd + - task: build-cli-linux-arm + - task: build-cli-mac-intel + - task: build-cli-mac-apple + - cmd: sha256sum build/* > build/checksums.txt + + - name: build-cli-linux-amd + description: build the CLI for Linux AMD64 + actions: + - cmd: CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="${BUILD_ARGS}" -o build/uds-releaser main.go + + - name: build-cli-linux-arm + description: build the CLI for Linux ARM64 + actions: + - cmd: CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="${BUILD_ARGS}" -o build/uds-releaser-arm main.go + + - name: build-cli-mac-intel + description: build the CLI for Mac Intel + actions: + - cmd: GOOS=darwin GOARCH=amd64 go build -ldflags="${BUILD_ARGS}" -o build/uds-releaser-mac-intel main.go + + - name: build-cli-mac-apple + description: build the CLI for Mac Apple + actions: + - cmd: GOOS=darwin GOARCH=arm64 go build -ldflags="${BUILD_ARGS}" -o build/uds-releaser-mac-apple main.go \ No newline at end of file