From 64f33d1063cab6c78352663d58a0f91ed648691b Mon Sep 17 00:00:00 2001
From: Nate Maninger <me@n8m.us>
Date: Wed, 14 Aug 2024 15:02:07 -0700
Subject: [PATCH] ci: use publish workflow template

---
 .github/workflows/publish_v2.yml | 197 ++-----------------------------
 1 file changed, 7 insertions(+), 190 deletions(-)

diff --git a/.github/workflows/publish_v2.yml b/.github/workflows/publish_v2.yml
index 361786db..f23be05a 100644
--- a/.github/workflows/publish_v2.yml
+++ b/.github/workflows/publish_v2.yml
@@ -7,194 +7,11 @@ on:
     branches:
       - its-happening
 
-concurrency:
-  group: ${{ github.workflow }}
-  cancel-in-progress: false
-
 jobs:
-  test:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: '1.21'
-      - name: Test
-        uses: ./.github/actions/test
-  docker:
-    runs-on: ubuntu-latest
-    needs: [ test ]
-    permissions:
-      packages: write
-      contents: read
-    steps:
-      - uses: actions/checkout@v4
-      - uses: docker/setup-qemu-action@v3
-      - uses: docker/setup-buildx-action@v3
-      - uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - uses: docker/metadata-action@v5
-        name: generate tags
-        id: meta
-        with:
-          images: ghcr.io/${{ github.repository }}
-          tags: |
-            type=ref,event=branch
-            type=sha,prefix=
-            type=semver,pattern={{version}}
-      - uses: docker/build-push-action@v5
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-  build-linux:
-    runs-on: ubuntu-latest
-    needs: [ test ]
-    strategy:
-      matrix:
-        go-arch: [amd64, arm64]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: '1.21'
-      - name: Setup
-        run: |
-          sudo apt update
-          go generate ./...
-          if [ ${{ matrix.go-arch }} == "arm64" ]; then
-            sudo apt install -y gcc-aarch64-linux-gnu
-            echo "CC=aarch64-linux-gnu-gcc" >> $GITHUB_ENV
-          fi
-      - name: Build ${{ matrix.go-arch }}
-        env:
-          CGO_ENABLED: 1
-          GOOS: linux
-          GOARCH: ${{ matrix.go-arch }}
-        run: |
-          mkdir -p release
-          ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip
-          go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/hostd
-          cp README.md LICENSE bin/
-          zip -qj $ZIP_OUTPUT bin/*
-      - uses: actions/upload-artifact@v4
-        with:
-          name: hostd_linux_${{ matrix.go-arch }}
-          path: release/*
-  build-mac:
-    runs-on: macos-latest
-    needs: [ test ]
-    strategy:
-      matrix:
-        go-arch: [amd64, arm64]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: '1.21'
-      - name: Setup
-        env:
-          APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
-          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
-          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
-          APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
-          APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
-          APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
-          APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
-        run: |
-          # extract apple cert
-          APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12
-          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
-          echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH
-
-          # extract apple key
-          mkdir -p ~/private_keys
-          APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8
-          echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH
-
-          # create temp keychain
-          security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-          security default-keychain -s $KEYCHAIN_PATH
-          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
-          security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-
-          # import keychain
-          security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
-          security find-identity -v $KEYCHAIN_PATH -p codesigning
-          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH
-
-          # generate
-          go generate ./...
-
-          # resync system clock https://github.com/actions/runner/issues/2996#issuecomment-1833103110
-          sudo sntp -sS time.windows.com
-      - name: Build ${{ matrix.go-arch }}
-        env:
-          APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
-          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
-          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
-          APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
-          APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
-          APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
-          APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
-          CGO_ENABLED: 1
-          GOOS: darwin
-          GOARCH: ${{ matrix.go-arch }}
-        run: |
-          ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip
-          mkdir -p release
-          go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/hostd
-          cp README.md LICENSE bin/
-          /usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd
-          ditto -ck bin $ZIP_OUTPUT
-          xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT
-      - uses: actions/upload-artifact@v4
-        with:
-          name: hostd_darwin_${{ matrix.go-arch }}
-          path: release/*
-  build-windows:
-    runs-on: windows-latest
-    needs: [ test ]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: '1.21'
-      - name: Setup
-        shell: bash
-        run: |
-          dotnet tool install --global AzureSignTool
-          go generate ./...
-      - name: Build amd64
-        env:
-          CGO_ENABLED: 1
-          GOOS: windows
-          GOARCH: amd64
-        shell: bash
-        run: |
-          mkdir -p release
-          ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip
-          go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/hostd
-          azuresigntool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v bin/hostd.exe
-          cp README.md LICENSE bin/
-          7z a $ZIP_OUTPUT ./bin/*
-      - uses: actions/upload-artifact@v4
-        with:
-          name: hostd_windows_amd64
-          path: release/*
-  combine-release-assets:
-    runs-on: ubuntu-latest
-    needs: [ build-linux, build-mac, build-windows ]
-    steps:
-      - name: Merge Artifacts
-        uses: actions/upload-artifact/merge@v4
-        with:
-          name: hostd
\ No newline at end of file
+  publish:
+    uses: SiaFoundation/workflows/.github/workflows/go-publish@master
+    secrets: inherit
+    with:
+      build-args: -trimpath -a -ldflags '-s -w -linkmode external -extldflags "-static"'
+      cgo-enabled: 1
+      project: hostd