mirror of
https://github.com/outbackdingo/certificates.git
synced 2026-01-27 02:18:27 +00:00
Configure GitHub Actions to publish RPMs and Debs to packages.smallstep.com.
This commit is contained in:
Joe Doss
3
.github/workflows/release.yml
vendored
3
.github/workflows/release.yml
vendored
@@ -61,6 +61,9 @@ jobs:
|
||||
contents: write
|
||||
packages: write
|
||||
uses: smallstep/workflows/.github/workflows/goreleaser.yml@main
|
||||
with:
|
||||
enable-packages-upload: true
|
||||
is-prerelease: ${{ needs.create_release.outputs.is_prerelease == 'true' }}
|
||||
secrets: inherit
|
||||
|
||||
build_upload_docker:
|
||||
|
||||
5
.gitignore
vendored
5
.gitignore
vendored
@@ -22,5 +22,10 @@ go.work.sum
|
||||
coverage.txt
|
||||
output
|
||||
vendor
|
||||
dist/
|
||||
.idea
|
||||
.envrc
|
||||
|
||||
# Packages files
|
||||
0x889B19391F774443-Certify.key
|
||||
gha-creds-*.json
|
||||
|
||||
@@ -1,12 +1,23 @@
|
||||
# Documentation: https://goreleaser.com/customization/
|
||||
# yaml-language-server: $schema=https://goreleaser.com/static/schema-pro.json
|
||||
project_name: step-ca
|
||||
version: 2
|
||||
|
||||
variables:
|
||||
packageName: step-ca
|
||||
packageRelease: 1 # Manually update release: in the nfpm section to match this value if you change this
|
||||
|
||||
before:
|
||||
hooks:
|
||||
# You may remove this if you don't use go modules.
|
||||
- go mod download
|
||||
|
||||
after:
|
||||
hooks:
|
||||
# This script depends on IS_PRERELEASE env being set. This is set by CI in the Is Pre-release step.
|
||||
- cmd: bash scripts/package-repo-import.sh {{ .Var.packageName }} {{ .Version }}
|
||||
output: true
|
||||
|
||||
builds:
|
||||
-
|
||||
id: step-ca
|
||||
@@ -61,10 +72,16 @@ nfpms:
|
||||
# Package metadata: dpkg --info dist/step_....deb
|
||||
#
|
||||
- &NFPM
|
||||
id: packages
|
||||
builds:
|
||||
- step-ca
|
||||
package_name: step-ca
|
||||
file_name_template: "{{ .PackageName }}_{{ .Version }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
|
||||
package_name: "{{ .Var.packageName }}"
|
||||
release: "1"
|
||||
file_name_template: >-
|
||||
{{- trimsuffix .ConventionalFileName .ConventionalExtension -}}
|
||||
{{- if and (eq .Arm "6") (eq .ConventionalExtension ".deb") }}6{{ end -}}
|
||||
{{- if not (eq .Amd64 "v1")}}{{ .Amd64 }}{{ end -}}
|
||||
{{- .ConventionalExtension -}}
|
||||
vendor: Smallstep Labs
|
||||
homepage: https://github.com/smallstep/certificates
|
||||
maintainer: Smallstep <techadmin@smallstep.com>
|
||||
@@ -80,6 +97,13 @@ nfpms:
|
||||
contents:
|
||||
- src: debian/copyright
|
||||
dst: /usr/share/doc/step-ca/copyright
|
||||
rpm:
|
||||
signature:
|
||||
key_file: "{{ .Env.GPG_PRIVATE_KEY_FILE }}"
|
||||
deb:
|
||||
signature:
|
||||
key_file: "{{ .Env.GPG_PRIVATE_KEY_FILE }}"
|
||||
type: origin
|
||||
-
|
||||
<< : *NFPM
|
||||
id: unversioned
|
||||
@@ -101,6 +125,12 @@ signs:
|
||||
args: ["sign-blob", "--oidc-issuer=https://token.actions.githubusercontent.com", "--output-certificate=${certificate}", "--output-signature=${signature}", "${artifact}", "--yes"]
|
||||
artifacts: all
|
||||
|
||||
publishers:
|
||||
- name: Google Cloud Artifact Registry
|
||||
ids:
|
||||
- packages
|
||||
cmd: ./scripts/package-upload.sh {{ abs .ArtifactPath }} {{ .Var.packageName }} {{ .Version }} {{ .Var.packageRelease }}
|
||||
|
||||
snapshot:
|
||||
name_template: "{{ .Tag }}-next"
|
||||
|
||||
@@ -140,7 +170,10 @@ release:
|
||||
#### Linux
|
||||
|
||||
- 📦 [step-ca_linux_{{ .Version }}_amd64.tar.gz](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_linux_{{ .Version }}_amd64.tar.gz)
|
||||
- 📦 [step-ca_{{ .Version }}_amd64.deb](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_{{ .Version }}_amd64.deb)
|
||||
- 📦 [step-ca_{{ replace .Version "-" "." }}-{{ .Var.packageRelease }}_amd64.deb](https://dl.smallstep.com/gh-release/cli/gh-release-header/{{ .Tag }}/step-ca_{{ replace .Version "-" "." }}-{{ .Var.packageRelease }}_amd64.deb)
|
||||
- 📦 [step-ca-{{ replace .Version "-" "." }}-{{ .Var.packageRelease }}.x86_64.rpm](https://dl.smallstep.com/gh-release/cli/gh-release-header/{{ .Tag }}/step-ca-{{ replace .Version "-" "." }}-{{ .Var.packageRelease }}.x86_64.rpm)
|
||||
- 📦 [step-ca_{{ replace .Version "-" "." }}-{{ .Var.packageRelease }}_arm64.deb](https://dl.smallstep.com/gh-release/cli/gh-release-header/{{ .Tag }}/step-ca_{{ replace .Version "-" "." }}-{{ .Var.packageRelease }}_arm64.deb)
|
||||
- 📦 [step-ca-{{ replace .Version "-" "." }}-{{ .Var.packageRelease }}.aarch64.rpm](https://dl.smallstep.com/gh-release/cli/gh-release-header/{{ .Tag }}/step-ca-{{ replace .Version "-" "." }}-{{ .Var.packageRelease }}.aarch64.rpm)
|
||||
|
||||
#### OSX Darwin
|
||||
|
||||
@@ -198,7 +231,7 @@ release:
|
||||
# - glob: ./glob/foo/to/bar/file/foobar/override_from_previous
|
||||
|
||||
winget:
|
||||
-
|
||||
-
|
||||
# IDs of the archives to use.
|
||||
# Empty means all IDs.
|
||||
ids: [ default ]
|
||||
|
||||
56
scripts/package-repo-import.sh
Normal file
56
scripts/package-repo-import.sh
Normal file
@@ -0,0 +1,56 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
|
||||
: ${GCLOUD_LOCATION:=us-central1}
|
||||
: ${GCLOUD_RPM_REPO:=rpms}
|
||||
: ${GCLOUD_DEB_REPO:=debs}
|
||||
|
||||
PACKAGE="${1}"
|
||||
VERSION="${2}"
|
||||
RELEASE="1"
|
||||
EPOCH="0"
|
||||
GORELEASER_PHASE=${GORELEASER_PHASE:-release}
|
||||
|
||||
echo "Package: ${PACKAGE}"
|
||||
echo "Version: ${VERSION}"
|
||||
|
||||
check_package() {
|
||||
local EXITCODE=0
|
||||
local REPO="${1}"
|
||||
local VER="${2}"
|
||||
if [ ! -f /tmp/version-deleted.stamp ]; then
|
||||
gcloud artifacts versions list \
|
||||
--repository "${REPO}" \
|
||||
--location "${GCLOUD_LOCATION}" \
|
||||
--package "${PACKAGE}" \
|
||||
--filter "VERSION:${VER}" \
|
||||
--format json 2> /dev/null \
|
||||
| jq -re '.[].name?' >/dev/null 2>&1 \
|
||||
|| EXITCODE=$?
|
||||
if [[ "${EXITCODE}" -eq 0 ]]; then
|
||||
echo "Package version already exists. Removing it..."
|
||||
gcloud artifacts versions delete \
|
||||
--quiet "${VER}" \
|
||||
--package "${PACKAGE}" \
|
||||
--repository "${REPO}" \
|
||||
--location "${GCLOUD_LOCATION}"
|
||||
touch /tmp/version-deleted.stamp
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [[ ${IS_PRERELEASE} == "true" ]]; then
|
||||
echo "Skipping artifact import; IS_PRERELEASE is 'true'"
|
||||
exit 0;
|
||||
fi
|
||||
|
||||
check_package "${GCLOUD_RPM_REPO}" "${EPOCH}:${VERSION}-${RELEASE}"
|
||||
gcloud artifacts yum import "${GCLOUD_RPM_REPO}" \
|
||||
--location "${GCLOUD_LOCATION}" \
|
||||
--gcs-source "gs://artifacts-outgoing/${PACKAGE}/rpm/${VERSION}/*"
|
||||
|
||||
check_package ${GCLOUD_DEB_REPO} "${VERSION}-${RELEASE}"}
|
||||
gcloud artifacts apt import "${GCLOUD_DEB_REPO}" \
|
||||
--location "${GCLOUD_LOCATION}" \
|
||||
--gcs-source "gs://artifacts-outgoing/${PACKAGE}/deb/${VERSION}/*"
|
||||
24
scripts/package-upload.sh
Normal file
24
scripts/package-upload.sh
Normal file
@@ -0,0 +1,24 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
set -x
|
||||
|
||||
FILE="${1}"
|
||||
PACKAGE="${2}"
|
||||
VERSION="${3}"
|
||||
|
||||
echo "Package File: ${FILE}"
|
||||
echo "Package: ${PACKAGE}"
|
||||
echo "Version: ${VERSION}"
|
||||
echo "Release: ${RELEASE}"
|
||||
echo "Location: ${GCLOUD_LOCATION}"
|
||||
|
||||
if [ "${FILE: -4}" == ".deb" ]; then
|
||||
if [[ "${FILE}" =~ "armhf6" ]]; then
|
||||
echo "Skipping ${FILE} due to GCP Artifact Registry armhf conflict!"
|
||||
else
|
||||
gcloud storage cp ${FILE} gs://artifacts-outgoing/${PACKAGE}/deb/${VERSION}/
|
||||
fi
|
||||
else
|
||||
gcloud storage cp ${FILE} gs://artifacts-outgoing/${PACKAGE}/rpm/${VERSION}/
|
||||
fi
|
||||
Reference in New Issue
Block a user