diff --git a/.github/workflows/golang.yaml b/.github/workflows/golang.yaml index d135046..31f2183 100644 --- a/.github/workflows/golang.yaml +++ b/.github/workflows/golang.yaml @@ -8,28 +8,44 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: setup-go - uses: actions/setup-go@v3 + uses: actions/setup-go@v5 with: - go-version: 1.19 + go-version: 1.22 cache: true cache-dependency-path: go.sum - name: build run: go build -v ./... - name: test - run: go test ./... + run: go test -race ./... lint: + # https://github.com/golangci/golangci-lint-action?tab=readme-ov-file#annotations + permissions: + contents: read # read the repo + pull-requests: read # allows the 'only-new-issues' option to work + checks: write # annotate code in the PR runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: setup-go - uses: actions/setup-go@v3 + uses: actions/setup-go@v5 with: - go-version: 1.19 + go-version: 1.22 cache: true cache-dependency-path: go.sum - name: golangci-lint - uses: golangci/golangci-lint-action@v3 + uses: golangci/golangci-lint-action@v5 with: - version: v1.50.1 + install-mode: "binary" + version: "v1.57.1" + # https://github.com/golangci/golangci-lint-action/issues/244 + # https://github.com/Kong/mesh-perf/pull/168 + # https://github.com/golangci/golangci-lint-action/issues/552#issuecomment-1413509544 + args: --timeout 10m + skip-cache: true + - name: go mod tidy + run: go mod tidy + - name: check for any changes + run: | + [[ $(git status --porcelain) == "" ]] || (echo "changes detected" && exit 1) diff --git a/.github/workflows/nix.yaml b/.github/workflows/nix.yaml index 0c3f02a..e1a39ee 100644 --- a/.github/workflows/nix.yaml +++ b/.github/workflows/nix.yaml @@ -5,44 +5,32 @@ on: - main pull_request: jobs: - standard: + build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v18 - with: - nix_path: nixpkgs=channel:nixos-unstable - extra_nix_config: | - access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} - - run: nix-shell --run 'which go' - - run: nix-build && ./result/bin/nix-search --help - flakes: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v18 + - name: Install Nix + uses: cachix/install-nix-action@v22 with: nix_path: nixpkgs=channel:nixos-unstable extra_nix_config: | access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} + - name: Install Cache + uses: DeterminateSystems/magic-nix-cache-action@v1 + - run: nix flake check + - name: lint formatting + run: | + nix develop --command nixpkgs-fmt --check *.nix + if ! git diff-index --quiet HEAD --; then + echo "nixpkgs-fmt had changes" + exit 1 + fi + # flakes - run: nix develop --command which go - run: nix build . && ./result/bin/nix-search --help - run: nix build .#nix-search && ./result/bin/nix-search --help - run: nix run . -- --help - run: nix run .#nix-search -- --help - - run: nix flake check - lint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v18 - with: - nix_path: nixpkgs=channel:nixos-unstable - extra_nix_config: | - access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} - - run: nix develop --command nixpkgs-fmt --check *.nix - - run: | - if ! git diff-index --quiet HEAD --; then - echo "gomod2nix had changes" - exit 1 - fi + # standard + - run: nix-shell --run 'which go' + - run: nix-build && ./result/bin/nix-search --help diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 74bf357..867938b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,48 +1,77 @@ name: release +concurrency: + group: build-${{ github.ref }} + cancel-in-progress: true on: push: branches: - main jobs: - create-release: + upload-binaries: runs-on: ubuntu-latest + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: setup-go - uses: actions/setup-go@v3 + uses: actions/setup-go@v5 with: - go-version: 1.19 + go-version: 1.22 cache: true cache-dependency-path: go.sum - - run: | - GOOS=darwin GOARCH=amd64 go build -o ./bin/nix-search-darwin-amd64 ./cmd/nix-search - GOOS=darwin GOARCH=arm64 go build -o ./bin/nix-search-darwin-arm64 ./cmd/nix-search - GOOS=linux GOARCH=arm64 go build -o ./bin/nix-search-linux-arm64 ./cmd/nix-search - GOOS=linux GOARCH=amd64 go build -o ./bin/nix-search-linux-amd64 ./cmd/nix-search - - run: | - commit_sha="$(git rev-parse --short HEAD)" - timestamp="$(date +%s)" - release_name="release-$timestamp-$commit_sha" - token=${{ secrets.GITHUB_TOKEN }} - # https://docs.github.com/en/rest/releases/releases#create-a-release - # https://stackoverflow.com/questions/45240336/how-to-use-github-release-api-to-make-a-release-without-source-code - upload_url=$(curl -s -H "Authorization: token $token" \ - -d "{\"tag_name\": \"$release_name\", \"name\":\"$release_name\",\"target_comitish\": \"$commit_sha\"}" \ - "https://api.github.com/repos/peterldowns/nix-search-cli/releases" | jq -r '.upload_url') - upload_url="${upload_url%\{*}" - curl -s -H "Authorization: token $token" \ + - name: release-darwin-amd64 + run: | + ldflags=$(./scripts/golang-ldflags.sh) + CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags "$ldflags" -o ./bin/nix-search-darwin-amd64 ./cmd/nix-search + upload_url=$(./scripts/upsert-gh-release.sh) + curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN}}" \ -H "Content-Type: application/octet-stream" \ --data-binary @bin/nix-search-darwin-amd64 \ "$upload_url?name=nix-search-darwin-amd64&label=nix-search-darwin-amd64" - curl -s -H "Authorization: token $token" \ + bottle_name=$(./scripts/make-bottle.sh ./bin/nix-search-darwin-amd64 monterey) + curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN}}" \ + -H "Content-Type: application/octet-stream" \ + --data-binary @"${bottle_name}" \ + "$upload_url?name=${bottle_name}&label=${bottle_name}" + - name: release-darwin-arm64 + run: | + ldflags=$(./scripts/golang-ldflags.sh) + CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -ldflags "$ldflags" -o ./bin/nix-search-darwin-arm64 ./cmd/nix-search + upload_url=$(./scripts/upsert-gh-release.sh) + curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ -H "Content-Type: application/octet-stream" \ --data-binary @bin/nix-search-darwin-arm64 \ "$upload_url?name=nix-search-darwin-arm64&label=nix-search-darwin-arm64" - curl -s -H "Authorization: token $token" \ + bottle_name=$(./scripts/make-bottle.sh ./bin/nix-search-darwin-arm64 arm64_monterey) + curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN}}" \ + -H "Content-Type: application/octet-stream" \ + --data-binary @"${bottle_name}" \ + "$upload_url?name=${bottle_name}&label=${bottle_name}" + - name: release-linux-arm64 + run: | + ldflags=$(./scripts/golang-ldflags.sh) + CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "$ldflags" -o ./bin/nix-search-linux-arm64 ./cmd/nix-search + upload_url=$(./scripts/upsert-gh-release.sh) + curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ -H "Content-Type: application/octet-stream" \ --data-binary @bin/nix-search-linux-arm64 \ "$upload_url?name=nix-search-linux-arm64&label=nix-search-linux-arm64" - curl -s -H "Authorization: token $token" \ + bottle_name=$(./scripts/make-bottle.sh ./bin/nix-search-linux-arm64 arm64_linux) + curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN}}" \ + -H "Content-Type: application/octet-stream" \ + --data-binary @"${bottle_name}" \ + "$upload_url?name=${bottle_name}&label=${bottle_name}" + - name: release-linux-amd64 + run: | + ldflags=$(./scripts/golang-ldflags.sh) + CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$ldflags" -o ./bin/nix-search-linux-amd64 ./cmd/nix-search + upload_url=$(./scripts/upsert-gh-release.sh) + curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ -H "Content-Type: application/octet-stream" \ --data-binary @bin/nix-search-linux-amd64 \ "$upload_url?name=nix-search-linux-amd64&label=nix-search-linux-amd64" + bottle_name=$(./scripts/make-bottle.sh ./bin/nix-search-linux-amd64 x86_64_linux) + curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN}}" \ + -H "Content-Type: application/octet-stream" \ + --data-binary @"${bottle_name}" \ + "$upload_url?name=${bottle_name}&label=${bottle_name}" diff --git a/Justfile b/Justfile index 971e9be..c69a113 100644 --- a/Justfile +++ b/Justfile @@ -40,50 +40,3 @@ build-docker: --file ./Dockerfile \ -o type=image \ . - -# builds and pushes peterldowns/nix-search-cli, tagged with :latest and :$COMMIT_SHA -release-container: - #!/usr/bin/env bash - COMMIT_SHA=$(git log -1 | head -1 | cut -f 2 -d ' ') - docker buildx build \ - --platform linux/arm64,linux/amd64,darwin/arm64,darwin/amd64 \ - --label nix-search-cli \ - --tag ghcr.io/peterldowns/nix-search-cli:"$COMMIT_SHA" \ - --tag ghcr.io/peterldowns/nix-search-cli:latest \ - --cache-from ghcr.io/peterldowns/nix-search-cli:latest \ - --build-arg COMMIT_SHA="$COMMIT_SHA" \ - --output type=image,push=true \ - --file ./Dockerfile \ - . - -release-binaries: - #!/usr/bin/env bash - GOOS=darwin GOARCH=amd64 go build -o ./bin/nix-search-darwin-amd64 ./cmd/nix-search - GOOS=darwin GOARCH=arm64 go build -o ./bin/nix-search-darwin-arm64 ./cmd/nix-search - GOOS=linux GOARCH=amd64 go build -o ./bin/nix-search-linux-amd64 ./cmd/nix-search - GOOS=linux GOARCH=arm64 go build -o ./bin/nix-search-linux-arm64 ./cmd/nix-search - commit_sha="$(git rev-parse --short HEAD)" - timestamp="$(date +%s)" - release_name="release-$timestamp-$commit_sha" - token="$GITHUB_TOKEN" - upload_url=$(curl -s -H "Authorization: token $token" \ - -X POST \ - -d "{\"tag_name\": \"$release_name\", \"name\":\"$release_name\",\"target_comitish\": \"$commit_sha\"}" \ - "https://api.github.com/repos/peterldowns/nix-search-cli/releases" | jq -r '.upload_url') - upload_url="${upload_url%\{*}" - curl -s -H "Authorization: token $token" \ - -H "Content-Type: application/octet-stream" \ - --data-binary @bin/nix-search-darwin-amd64 \ - "$upload_url?name=nix-search-darwin-amd64&label=nix-search-darwin-amd64" - curl -s -H "Authorization: token $token" \ - -H "Content-Type: application/octet-stream" \ - --data-binary @bin/nix-search-darwin-arm64 \ - "$upload_url?name=nix-search-darwin-arm64&label=nix-search-darwin-arm64" - curl -s -H "Authorization: token $token" \ - -H "Content-Type: application/octet-stream" \ - --data-binary @bin/nix-search-linux-amd64 \ - "$upload_url?name=nix-search-linux-amd64&label=nix-search-linux-amd64" - curl -s -H "Authorization: token $token" \ - -H "Content-Type: application/octet-stream" \ - --data-binary @bin/nix-search-linux-arm64 \ - "$upload_url?name=nix-search-linux-arm64&label=nix-search-linux-arm64" diff --git a/go.sum b/go.sum index 63e4986..410d70e 100644 --- a/go.sum +++ b/go.sum @@ -1,4 +1,3 @@ -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= @@ -9,8 +8,6 @@ github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxC github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0= github.com/hashicorp/go-retryablehttp v0.7.2/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= -github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= -github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= @@ -22,8 +19,6 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/snugfox/ansi-escapes v0.2.0 h1:vKrafCe+sRkcVBUP+0AVmpH2vHsnDmSwSp/7p9m7Aqc= github.com/snugfox/ansi-escapes v0.2.0/go.mod h1:7GY2wPrDOaZyZ/OlSWalu7T+RKdkSrPfQHDr3xl8yGk= -github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= -github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= diff --git a/scripts/upsert-gh-release.sh b/scripts/upsert-gh-release.sh new file mode 100755 index 0000000..4a8e31d --- /dev/null +++ b/scripts/upsert-gh-release.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash +# Attempts to get an upload URL for adding assets to the current +# Github Release. It does this by attemping to create the release, +# then reading it if it already exists. +# +# On success, the result is a 0 status code and a valid upload URL. +# +# Docs: +# https://docs.github.com/en/rest/releases/releases#create-a-release +# https://stackoverflow.com/questions/45240336/how-to-use-github-release-api-to-make-a-release-without-source-code +version=$(cat ./VERSION) +commit_sha=$(git rev-parse --short HEAD || echo 'unknown') +# https://semver.org/#spec-item-10 +release_name="$version+commit.$commit_sha" +if ! upload_url=$( + gh api --method POST 'repos/{owner}/{repo}/releases' \ + -F "tag_name=$release_name" \ + -F "name=$release_name" \ + -F "target_comitish=$commit_sha" \ + --jq '.upload_url' \ +); then + if ! upload_url=$( + gh api --method GET 'repos/{owner}/{repo}/releases/tags/'"$release_name" \ + --jq '.upload_url' \ + ); then + exit 1 + fi +fi +# the upload url looks like +# https://uploads.github.com/...//assets{?name,label} +# this trick strips off the {?name,label} +upload_url="${upload_url%\{*}" +echo "$upload_url" +