Skip to content

Commit

Permalink
release: chore - add new release process using magefiles
Browse files Browse the repository at this point in the history 
Signed-off-by: Ian Cardoso <ian.cardoso@zup.com.br>
  • Loading branch information
@iancardosozup
iancardosozup committed Nov 19, 2021
1 parent 4fc016d commit 42e6b8c
Show file tree
Hide file tree
Showing 9 changed files with 461 additions and 217 deletions.
202 changes: 27 additions & 175 deletions .github/workflows/alpha.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,12 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: Alpha

name: alpha
on:
push:
branches:
- main
permissions: read-all

jobs:
Alpha:
permissions:
Expand All @@ -28,212 +25,67 @@ jobs:
runs-on: ubuntu-latest
env:
COSIGN_KEY_LOCATION: /tmp/cosign.key
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}


steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0

- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.17

- name: Set up QEMU
uses: docker/setup-qemu-action@v1

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1

- name: Docker Login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Cosign Installer
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.2.0'

- name: Install cosign private key
run: 'echo "$COSIGN_KEY" > $COSIGN_KEY_LOCATION'
shell: bash
env:
COSIGN_KEY: ${{secrets.COSIGN_KEY}}
- name: Install Mage
run: go install github.com/magefile/mage@v1.11

- name: Build and push
uses: docker/build-push-action@v2
- name: Get current date
id: date
run: mage -v getCurrentDate

- name: Git config
run: mage -v defaultGitConfig

- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v4
with:
push: true
context: .
file: ./deployments/Dockerfile
tags: horuszup/horusec-cli:alpha
platforms: linux/amd64,linux/arm64
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true

- name: Sign image
run: |
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-cli:alpha
- name: Install cosign private key
run: mage -v writeCosignKeyToFile
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
COSIGN_KEY: ${{secrets.COSIGN_KEY}}

- name: Get current date
id: date
run: echo "::set-output name=date::$(date "+%a %b %d %H:%M:%S %Y")"
- name: Create local tag
run: mage -v createAlphaTag

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
distribution: goreleaser
version: latest
args: release --snapshot --skip-publish
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
GORELEASER_CURRENT_TAG: v0.0.0-alpha
CURRENT_DATE: ${{ steps.date.outputs.date }}
CLI_VERSION: alpha

- name: Build stand alone cli
run: |
CGO_ENABLED=0 GOOS=linux GOARCH=386 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_linux_x86_stand_alone ./cmd/app/main.go
cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_linux_x86_stand_alone.sig ./tmp/horusec_linux_x86_stand_alone
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_linux_amd64_stand_alone ./cmd/app/main.go
cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_linux_amd64_stand_alone.sig ./tmp/horusec_linux_amd64_stand_alone
CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_linux_arm64_stand_alone ./cmd/app/main.go
cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_linux_arm64_stand_alone.sig ./tmp/horusec_linux_arm64_stand_alone
CGO_ENABLED=0 GOOS=windows GOARCH=386 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_win_x86_stand_alone.exe ./cmd/app/main.go
cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_win_x86_stand_alone.exe.sig ./tmp/horusec_win_x86_stand_alone.exe
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_win_amd64_stand_alone.exe ./cmd/app/main.go
cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_win_amd64_stand_alone.exe.sig ./tmp/horusec_win_amd64_stand_alone.exe
CGO_ENABLED=0 GOOS=windows GOARCH=arm64 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_win_arm64_stand_alone.exe ./cmd/app/main.go
cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_win_arm64_stand_alone.exe.sig ./tmp/horusec_win_arm64_stand_alone.exe
CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_mac_amd64_stand_alone ./cmd/app/main.go
cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_mac_amd64_stand_alone.sig ./tmp/horusec_mac_amd64_stand_alone
CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_mac_arm64_stand_alone ./cmd/app/main.go
cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_mac_arm64_stand_alone.sig ./tmp/horusec_mac_arm64_stand_alone
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}

- name: Delete outdate release
uses: dev-drprasad/delete-tag-and-release@v0.2.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
delete_release: true
tag_name: alpha

- name: Update alpha release
uses: meeDamian/github-release@2.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
tag: alpha
name: alpha
draft: false
prerelease: true
commitish: ${{ github.sha }}
gzip: false
allow_override: true
files: |
checksums.txt:./dist/checksums.txt
checksums.txt.sig:./dist/checksums.txt.sig
cosign.pub:./deployments/cosign.pub
horusec_linux_amd64:./dist/horusec_linux_amd64/horusec
horusec_linux_amd64.sig:./dist/horusec_linux_amd64/horusec.sig
horusec_linux_x86:./dist/horusec_linux_386/horusec
horusec_linux_x86.sig:./dist/horusec_linux_386/horusec.sig
horusec_mac_amd64:./dist/horusec_darwin_amd64/horusec
horusec_mac_amd64.sig:./dist/horusec_darwin_amd64/horusec.sig
horusec_win_amd64.exe:./dist/horusec_windows_amd64/horusec.exe
horusec_win_amd64.exe.sig:./dist/horusec_windows_amd64/horusec.exe.sig
horusec_win_x86.exe:./dist/horusec_windows_386/horusec.exe
horusec_win_x86.exe.sig:./dist/horusec_windows_386/horusec.exe.sig
horusec_linux_arm64:./dist/horusec_linux_arm64/horusec
horusec_linux_arm64.sig:./dist/horusec_linux_arm64/horusec.sig
horusec_win_arm64.exe:./dist/horusec_windows_arm64/horusec.exe
horusec_win_arm64.exe.sig:./dist/horusec_windows_arm64/horusec.exe.sig
horusec_mac_arm64:./dist/horusec_darwin_arm64/horusec
horusec_mac_arm64.sig:./dist/horusec_darwin_arm64/horusec.sig
horusec_linux_x86_stand_alone:./tmp/horusec_linux_x86_stand_alone
horusec_linux_x86_stand_alone.sig:./tmp/horusec_linux_x86_stand_alone.sig
horusec_linux_amd64_stand_alone:./tmp/horusec_linux_amd64_stand_alone
horusec_linux_amd64_stand_alone.sig:./tmp/horusec_linux_amd64_stand_alone.sig
horusec_win_x86_stand_alone.exe:./tmp/horusec_win_x86_stand_alone.exe
horusec_win_x86_stand_alone.exe.sig:./tmp/horusec_win_x86_stand_alone.exe.sig
horusec_win_amd64_stand_alone.exe:./tmp/horusec_win_amd64_stand_alone.exe
horusec_win_amd64_stand_alone.exe.sig:./tmp/horusec_win_amd64_stand_alone.exe.sig
horusec_mac_amd64_stand_alone:./tmp/horusec_mac_amd64_stand_alone
horusec_mac_amd64_stand_alone.sig:./tmp/horusec_mac_amd64_stand_alone.sig
horusec_linux_arm64_stand_alone:./tmp/horusec_linux_arm64_stand_alone
horusec_linux_arm64_stand_alone.sig:./tmp/horusec_linux_arm64_stand_alone.sig
horusec_win_arm64_stand_alone.exe:./tmp/horusec_win_arm64_stand_alone.exe
horusec_win_arm64_stand_alone.exe.sig:./tmp/horusec_win_arm64_stand_alone.exe.sig
horusec_mac_arm64_stand_alone:./tmp/horusec_mac_arm64_stand_alone
horusec_mac_arm64_stand_alone.sig:./tmp/horusec_mac_arm64_stand_alone.sig
body: |
## Docker images
- `docker pull horuszup/horusec-cli:alpha`
- name: Push updates
run: mage -v gitPushAlpha
99 changes: 99 additions & 0 deletions .github/workflows/release-beta.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
# Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: release-beta
on:
workflow_dispatch:
inputs:
releaseType:
description: 'Release type: Major; Minor; Patch'
required: true
permissions: read-all
jobs:
Beta:
permissions:
contents: write
packages: write
runs-on: ubuntu-latest
env:
COSIGN_KEY_LOCATION: /tmp/cosign.key
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}

steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.17

- name: Docker Login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Cosign Installer
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.2.0'

- name: Install Mage
run: go install github.com/magefile/mage@v1.11

- name: Get current date
id: date
run: mage -v getCurrentDate

- name: Git config
run: mage -v defaultGitConfig

- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true

- name: Install cosign private key
run: mage -v writeCosignKeyToFile
env:
COSIGN_KEY: ${{secrets.COSIGN_KEY}}

- name: Version increment
id: updated-version
run: |
mage -v upVersions ${{ github.event.inputs.releaseType }}
env:
HORUSEC_REPOSITORY_ORG: ${{ github.repository_owner }}
HORUSEC_REPOSITORY_NAME: ${{ github.event.repository.name }}
- name: Create local tag
run: mage -v createLocalTag ${{ steps.updated-version.outputs.betaVersion }}

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
distribution: goreleaser
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.betaVersion }}
CURRENT_DATE: ${{ steps.date.outputs.date }}
CLI_VERSION: ${{ steps.updated-version.outputs.betaVersion }}

- name: Push updates
run: mage -v gitPushAll
Loading

0 comments on commit 42e6b8c

Please sign in to comment.