diff --git a/.gitignore b/.gitignore index 8a4cb6d..e3882f7 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,4 @@ *.swo *.orig -release/ +dist/ diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000..c3d2ebf --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,71 @@ +--- +# yaml-language-server: $schema=https://goreleaser.com/static/schema.json + +# This is an example .goreleaser.yml file with some sensible defaults. +# Make sure to check the documentation at https://goreleaser.com + +version: 2 + +builds: + - main: cmd/directorius/main.go + env: + - CGO_ENABLED=0 + flags: + - -trimpath + ldflags: + - "-X main.Version={{ .Version }}" + goos: + - linux + goarch: + - amd64 + mod_timestamp: '{{ .CommitTimestamp }}' + +archives: + - format: tar.gz + # this name template makes the OS and Arch compatible with the results of `uname`. + name_template: >- + {{ .ProjectName }}_ + {{- title .Os }}_ + {{- if eq .Arch "amd64" }}x86_64 + {{- else if eq .Arch "386" }}i386 + {{- else }}{{ .Arch }}{{ end }} + {{- if .Arm }}v{{ .Arm }}{{ end }} + wrap_in_directory: false + files: + # Do not include README.md and LICENCE file in archive + # (https://goreleaser-git-revert-1958-snapshot-auto.goreleaser.vercel.app/customization/archive/#packaging-only-the-binaries): + - none* + builds_info: + group: 0 + owner: 0 + mode: 0644 + +checksum: + name_template: "{{ .ProjectName }}_{{ .Version }}_SHA256SUMS" + algorithm: sha256 +signs: + - artifacts: checksum + args: + - "--batch" + - "--pinentry-mode" + - "loopback" + - "--passphrase-fd" + - "0" + - "--local-user" + - "0xC8B381683DBCEDFE" + - "--output" + - "${signature}" + - "--detach-sign" + - "${artifact}" + stdin: '{{ .Env.GPG_PASSWORD }}' + +release: + draft: true + prerelease: auto + +changelog: + sort: asc + filters: + exclude: + - "^docs:" + - "^test:" diff --git a/Makefile b/Makefile index 3aa18e0..faf49a1 100644 --- a/Makefile +++ b/Makefile @@ -1,54 +1,8 @@ -GIT_COMMIT := $(shell git rev-parse HEAD) -GIT_DIRTY := $(if $(shell git diff-files),-dirty) +BUILDFLAGS := -trimpath -LDFLAGS := "-X main.Version=$(GIT_COMMIT)$(GIT_DIRTY)" -BUILDFLAGS := -trimpath -ldflags=$(LDFLAGS) - -TARFLAGS := --mode=go=rX,u+rw,a-s --sort=name --owner=0 --group=0 --numeric-owner - -BIN = directorius -RELEASE_ARCHIVE = release/directorius-linux_amd64.tar.xz - -SRC = cmd/directorius/main.go - -export GO111MODULE=on -export GOFLAGS=-mod=vendor - -.PHONY: all -all: release_bin - -.PHONY: release_bin -release_bin: - $(info * compiling $(BIN)) - @CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build $(BUILDFLAGS) -o $(BIN) $(SRC) - -.PHONY: release -release: clean dirty_worktree_check release_bin $(RELEASE_ARCHIVE) $(RELEASE_ARCHIVE).sha256 - @echo - @echo next steps: - @echo - git tag vVERSION - @echo - git push --tags - @echo - upload $$(ls release/*) files - -$(RELEASE_ARCHIVE): - $(info * creating $@) - @mkdir -p release - @tar $(TARFLAGS) -cJf $(RELEASE_ARCHIVE) directorius dist/ README.md - -$(RELEASE_ARCHIVE).sha256: $(RELEASE_ARCHIVE) - $(info * creating $@) - @(cd $(dir $(RELEASE_ARCHIVE)) && sha256sum $(notdir $(RELEASE_ARCHIVE) > $@)) - -.PHONY: clean -clean: - rm -rf $(BIN) release/ - -.PHONY: dirty_worktree_check -dirty_worktree_check: - @if ! git diff-files --quiet || git ls-files --other --directory --exclude-standard | grep ".*" > /dev/null ; then \ - echo "remove untracked files and changed files in repository before creating a release, see 'git status'"; \ - exit 1; \ - fi +.PHONY: build +build: + CGO_ENABLED=0 go build -trimpath -o directorius cmd/directorius/main.go .PHONY: gen_mocks gen_mocks: diff --git a/dist/etc/directorius/config.toml b/dist/etc/directorius/config.toml deleted file mode 100644 index c8b626e..0000000 --- a/dist/etc/directorius/config.toml +++ /dev/null @@ -1,48 +0,0 @@ -#http_server_listen_addr = ":8085" -https_server_listen_addr = ":8084" -https_ssl_cert_file = "" -https_ssl_key_file = "" - -# the local http and https endpoints that receives github webhook events -github_webhook_endpoint = "/listener/github" -github_webhook_secret = "" - -# expose prometheus metrics at the specified endpoint -# prometheus_metrics_endpoint = "/metrics" - -# GitHub API token, required when github actions are defined or autoupdate is -# enabled. -github_api_token = "my-secret-token" - -# Supported log formats: logfmt, console, json -log_format = "logfmt" - -# The key that is used for logging the timestamp. If empty, timestamps will not -# be included in log messages. -log_time_key = "time_iso8601" - -# log_level controls the priority threshold for log messages. -# All messages with the the specified or a higher priority are logged. -# Supported values: debug, info, warn, error, panic, fatal -log_level = "info" - -# The autoupdater section configures a feature to automatically update GitHub -# pull request branches with changes from their base branch, in a serialized -# manner. -# autoupdater.repository defines for which GitHub repositories the feature is -# enabled. -[[autoupdater.repository]] - # the GitHub login name of the subject owning the repository - owner = "simplesurance" - repository = "directorius" - -# enqueue/dequeue a pull request for autoupdates when one of the labels is added/removed -autoupdater.trigger_labels = ["queue-add"] -# enqueue/dequeue a pull request for autoupdates when auto-merge is enabled -# (https://docs.github.com/en/github/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request) -autoupdater.trigger_on_auto_merge = true -# queue_pr_head_label is the name of the GitHub label that is applied to the pull -# request that is the first in the autoupdate queue -autoupdater.queue_pr_head_label = "autoupdater-first" -# local http server endpoint under which a minimal webinterface is served -autoupdater.http_endpoint = "/autoupdater" diff --git a/docs/RELEASE.md b/docs/RELEASE.md new file mode 100644 index 0000000..14d2033 --- /dev/null +++ b/docs/RELEASE.md @@ -0,0 +1,42 @@ +# Release + +## How to Create a Release + +1. Create a git tag for the new release + + ```sh + git tag v + ``` + + **ADVISE**: Do not push the tag. Instead let it be created by GitHub when + removing the draft status. This allows to eventually recreate + delete the + draft release without having the tags already on the on the git remote. + +2. Import our GPG signing private key: + - retrieve the GPG private key password and store it in an environment + variable: + + ```sh + export GPG_PASSWORD="$(vault read -field=master-priv-key-password secret/gpg-key-platform)" + ``` + + - import the signing key: + + ```sh + vault read -field=subkey-signing-priv-key secret/gpg-key-platform | \ + gpg --batch --pinentry-mode loopback --passphrase "$GPG_PASSWORD" --import + ``` + +3. Set the `GITHUB_TOKEN` environment variable: + + ```sh + export GITHUB_TOKEN= + ``` + +4. Run goreleaser + + ```sh + goreleaser release + ``` + +5. Review the draft release on GitHub.