diff --git a/Makefile b/Makefile index 2452d98..e8678b7 100644 --- a/Makefile +++ b/Makefile @@ -10,6 +10,11 @@ TAG ?= latest export CGO_ENABLED=0 export GOPRIVATE ?= github.com/mesosphere +GIT_MAIN_BRANCH = mesosphere +GIT_CURRENT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD) +GITHUB_ORG := $(shell gh repo view --jq '.owner.login' --json owner) +GITHUB_REPOSITORY := $(shell gh repo view --jq '.name' --json name) + KONVOY_ASYNC_AUTH_VERSION ?= v0.2.0 all: build @@ -17,6 +22,7 @@ all: build .PHONY: konvoy-async-auth konvoy-async-auth: @rm -rf _build/konvoy-async-auth* + @mkdir -p html/static/downloads @gh release download $(KONVOY_ASYNC_AUTH_VERSION) -R https://github.com/mesosphere/konvoy-async-auth -D _build/ @tar -xzvf "_build/konvoy-async-auth_$(KONVOY_ASYNC_AUTH_VERSION)_linux_amd64.tar.gz" -C html/static/downloads @tar -xzvf "_build/konvoy-async-auth_$(KONVOY_ASYNC_AUTH_VERSION)_darwin_amd64.tar.gz" -C html/static/downloads @@ -50,3 +56,12 @@ clean: @go clean rm -rf ./bin rm -rf ./_build + +.PHONY: release-please +release-please: +ifneq ($(GIT_CURRENT_BRANCH),$(GIT_MAIN_BRANCH)) + $(error "release-please should only be run on the $(GIT_MAIN_BRANCH) branch") +else + release-please release-pr \ + --repo-url $(GITHUB_ORG)/$(GITHUB_REPOSITORY) --token "$$(gh auth token)" +endif diff --git a/README.md b/README.md index f00ccf1..7cda435 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ A helper web-app which talks to one or more [Dex Identity services](https://github.com/coreos/dex) to generate `kubectl` commands for creating and modifying a `kubeconfig`. -The Web UI supports generating tokens against multiple cluster such as Dev / Staging / Production. +The Web UI supports generating tokens against multiple cluster such as Dev / Staging / Production. ## Also provides @@ -18,6 +18,25 @@ The Web UI supports generating tokens against multiple cluster such as Dev / Sta - [Using the Helm Charts](docs/helm.md) - [SSL Support](docs/ssl.md) +## Release + +### Creating a release PR + +This project uses [release-please] to automate changelog updates per release. Due to security restrictions[^1] in the +`nutanix-cloud-native` GitHub organization, the release process is a little more complex than just using the +[release-please-action]. + +When a release has been cut, a new release PR can be created manually using the `release-please` CLI locally. This needs +to be run by someone with write permissions to the repository. Create the `release-please` branch and PR: + +```shell +make release-please +``` + +This will create the branch and release PR. From this point on until a release is ready, the `release-please-action` +will keep the PR up to date (GHA workflows are only not allowed to create the original PR, they can keep the PR up to +date). + ## Screen shots ![Index Page](examples/index-page.png) @@ -38,4 +57,12 @@ Feel free to raise feature-requests and bugs. PR's are also very welcome. - https://github.com/fydrah/loginapp This application is based on the original [example-app](https://github.com/coreos/dex/tree/master/cmd/example-app -) available in the CoreOS Dex repo. \ No newline at end of file +) available in the CoreOS Dex repo. + +[^1]: Specifically, GitHub Actions workflows are not allowed to create or approve PRs due to a potential security flaw. + See [this blog post][cider-sec] for more details, as well as the [Security Hardening for GitHub Actions + docs][gha-security-hardening]. + +[release-please]: https://github.com/googleapis/release-please/ +[release-please-action]: https://github.com/googleapis/release-please-action + diff --git a/devbox.json b/devbox.json index 74da0f9..bd84fbb 100644 --- a/devbox.json +++ b/devbox.json @@ -2,7 +2,8 @@ "$schema": "https://raw.githubusercontent.com/jetify-com/devbox/0.12.0/.schema/devbox.schema.json", "packages": [ "go@latest", - "github-cli@latest" + "github-cli@latest", + "./hack/flake#release-please" ], "shell": { "init_hook": [ diff --git a/hack/flake/flake.lock b/hack/flake/flake.lock new file mode 100644 index 0000000..11a0e2a --- /dev/null +++ b/hack/flake/flake.lock @@ -0,0 +1,61 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1726042813, + "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "159be5db480d1df880a0135ca0bfed84c2f88353", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hack/flake/flake.nix b/hack/flake/flake.nix new file mode 100644 index 0000000..5e1ed57 --- /dev/null +++ b/hack/flake/flake.nix @@ -0,0 +1,31 @@ +{ + description = "Useful flakes for golang and Kubernetes projects"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + }; + + outputs = { self, nixpkgs, flake-utils }: + flake-utils.lib.eachDefaultSystem (system: + with nixpkgs.legacyPackages.${system}; { + packages = { + release-please = buildNpmPackage rec { + pname = "release-please"; + version = "16.12.0"; + src = fetchFromGitHub { + owner = "googleapis"; + repo = "release-please"; + rev = "v${version}"; + hash = "sha256-M4wsk0Vpkl6JAOM2BdSu8Uud7XA+iRHAaQOxHLux+VE="; + }; + npmDepsHash = "sha256-UXWzBUrZCIklITav3VShL+whiWmvLkFw+/i/k0s13k0="; + dontNpmBuild = true; + }; + + }; + + formatter = alejandra; + } + ); +}