Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

release: chore - add new release workflow using magefiles #789

Merged
merged 1 commit into from
Nov 30, 2021
Merged

release: chore - add new release workflow using magefiles #789

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
171 changes: 51 additions & 120 deletions .github/workflows/alpha.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,12 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: Alpha

name: alpha
on:
push:
branches:
- main
permissions: read-all

jobs:
Alpha:
permissions:
Expand All @@ -28,38 +25,55 @@ jobs:
runs-on: ubuntu-latest
env:
COSIGN_KEY_LOCATION: /tmp/cosign.key
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}


steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0

- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.17

- name: Set up QEMU
uses: docker/setup-qemu-action@v1

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1

- name: Docker Login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1

- name: Set up QEMU
uses: docker/setup-qemu-action@v1

- name: Cosign Installer
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.2.0'

- name: Install Mage
run: go install github.com/magefile/mage@v1.11

- name: Get current date
id: date
run: mage -v getCurrentDate

- name: Git config
run: mage -v defaultGitConfig

- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true

- name: Install cosign private key
run: 'echo "$COSIGN_KEY" > $COSIGN_KEY_LOCATION'
shell: bash
run: mage -v writeCosignKeyToFile
env:
COSIGN_KEY: ${{secrets.COSIGN_KEY}}

Expand All @@ -77,10 +91,8 @@ jobs:
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-cli:alpha
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}

- name: Get current date
id: date
run: echo "::set-output name=date::$(date "+%a %b %d %H:%M:%S %Y")"
- name: Create local tag
run: mage -v createAlphaTag

- name: Run GoReleaser
iancardosozup marked this conversation as resolved.
Show resolved Hide resolved
uses: goreleaser/goreleaser-action@v2
Expand All @@ -89,103 +101,18 @@ jobs:
version: latest
args: release --snapshot --skip-publish
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
GORELEASER_CURRENT_TAG: v0.0.0-alpha
iancardosozup marked this conversation as resolved.
Show resolved Hide resolved
CURRENT_DATE: ${{ steps.date.outputs.date }}
CLI_VERSION: alpha

- name: Build stand alone cli
run: |
CGO_ENABLED=0 GOOS=linux GOARCH=386 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_linux_x86_stand_alone ./cmd/app/main.go

cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_linux_x86_stand_alone.sig ./tmp/horusec_linux_x86_stand_alone

CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_linux_amd64_stand_alone ./cmd/app/main.go

cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_linux_amd64_stand_alone.sig ./tmp/horusec_linux_amd64_stand_alone

CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_linux_arm64_stand_alone ./cmd/app/main.go

cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_linux_arm64_stand_alone.sig ./tmp/horusec_linux_arm64_stand_alone

CGO_ENABLED=0 GOOS=windows GOARCH=386 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_win_x86_stand_alone.exe ./cmd/app/main.go

cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_win_x86_stand_alone.exe.sig ./tmp/horusec_win_x86_stand_alone.exe

CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_win_amd64_stand_alone.exe ./cmd/app/main.go

cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_win_amd64_stand_alone.exe.sig ./tmp/horusec_win_amd64_stand_alone.exe

CGO_ENABLED=0 GOOS=windows GOARCH=arm64 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_win_arm64_stand_alone.exe ./cmd/app/main.go

cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_win_arm64_stand_alone.exe.sig ./tmp/horusec_win_arm64_stand_alone.exe

CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_mac_amd64_stand_alone ./cmd/app/main.go

cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_mac_amd64_stand_alone.sig ./tmp/horusec_mac_amd64_stand_alone

CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -ldflags \
"-X 'github.com/ZupIT/horusec/config/dist.standAlone=true' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Version=alpha' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Commit=${{ github.sha }}' \
-X 'github.com/ZupIT/horusec/cmd/app/version.Date=${{ steps.date.outputs.date }}'" \
-o ./tmp/horusec_mac_arm64_stand_alone ./cmd/app/main.go

cosign sign-blob -key=$COSIGN_KEY_LOCATION \
-output=./tmp/horusec_mac_arm64_stand_alone.sig ./tmp/horusec_mac_arm64_stand_alone
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}

- name: Delete outdate release
uses: dev-drprasad/delete-tag-and-release@v0.2.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
delete_release: true
tag_name: alpha

- name: Update alpha release
uses: meeDamian/github-release@2.0
with:
Expand Down Expand Up @@ -217,23 +144,27 @@ jobs:
horusec_win_arm64.exe.sig:./dist/horusec_windows_arm64/horusec.exe.sig
horusec_mac_arm64:./dist/horusec_darwin_arm64/horusec
horusec_mac_arm64.sig:./dist/horusec_darwin_arm64/horusec.sig
horusec_linux_x86_stand_alone:./tmp/horusec_linux_x86_stand_alone
horusec_linux_x86_stand_alone.sig:./tmp/horusec_linux_x86_stand_alone.sig
horusec_linux_amd64_stand_alone:./tmp/horusec_linux_amd64_stand_alone
horusec_linux_amd64_stand_alone.sig:./tmp/horusec_linux_amd64_stand_alone.sig
horusec_win_x86_stand_alone.exe:./tmp/horusec_win_x86_stand_alone.exe
horusec_win_x86_stand_alone.exe.sig:./tmp/horusec_win_x86_stand_alone.exe.sig
horusec_win_amd64_stand_alone.exe:./tmp/horusec_win_amd64_stand_alone.exe
horusec_win_amd64_stand_alone.exe.sig:./tmp/horusec_win_amd64_stand_alone.exe.sig
horusec_mac_amd64_stand_alone:./tmp/horusec_mac_amd64_stand_alone
horusec_mac_amd64_stand_alone.sig:./tmp/horusec_mac_amd64_stand_alone.sig
horusec_linux_arm64_stand_alone:./tmp/horusec_linux_arm64_stand_alone
horusec_linux_arm64_stand_alone.sig:./tmp/horusec_linux_arm64_stand_alone.sig
horusec_win_arm64_stand_alone.exe:./tmp/horusec_win_arm64_stand_alone.exe
horusec_win_arm64_stand_alone.exe.sig:./tmp/horusec_win_arm64_stand_alone.exe.sig
horusec_mac_arm64_stand_alone:./tmp/horusec_mac_arm64_stand_alone
horusec_mac_arm64_stand_alone.sig:./tmp/horusec_mac_arm64_stand_alone.sig


horusec_linux_amd64_stand_alone:./dist/horusec-standalone_linux_amd64/horusec
horusec_linux_amd64_stand_alone.sig:./dist/horusec-standalone_linux_amd64/horusec.sig
horusec_linux_x86_stand_alone:./dist/horusec-standalone_linux_386/horusec
horusec_linux_x86_stand_alone.sig:./dist/horusec-standalone_linux_386/horusec.sig
horusec_mac_amd64_stand_alone:./dist/horusec-standalone_darwin_amd64/horusec
horusec_mac_amd64_stand_alone.sig:./dist/horusec-standalone_darwin_amd64/horusec.sig
horusec_win_amd64_stand_alone.exe:./dist/horusec-standalone_windows_amd64/horusec.exe
horusec_win_amd64_stand_alone.exe.sig:./dist/horusec-standalone_windows_amd64/horusec.exe.sig
horusec_win_x86.exe_stand_alone:./dist/horusec-standalone_windows_386/horusec.exe
horusec_win_x86.exe_stand_alone.sig:./dist/horusec-standalone_windows_386/horusec.exe.sig
horusec_linux_arm64_stand_alone:./dist/horusec-standalone_linux_arm64/horusec
horusec_linux_arm64_stand_alone.sig:./dist/horusec-standalone_linux_arm64/horusec.sig
horusec_win_arm64_stand_alone.exe:./dist/horusec-standalone_windows_arm64/horusec.exe
horusec_win_arm64_stand_alone.exe.sig:./dist/horusec-standalone_windows_arm64/horusec.exe.sig
horusec_mac_arm64_stand_alone:./dist/horusec-standalone_darwin_arm64/horusec
horusec_mac_arm64_stand_alone.sig:./dist/horusec-standalone_darwin_arm64/horusec.sig

body: |
## Docker images

- `docker pull horuszup/horusec-cli:alpha`
- name: Push updates
run: mage -v gitPushAlpha
102 changes: 102 additions & 0 deletions .github/workflows/release-beta.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
# Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: release-beta
iancardosozup marked this conversation as resolved.
Show resolved Hide resolved
on:
workflow_dispatch:
inputs:
releaseType:
description: 'Release type: Major; Minor; Patch'
required: true
permissions: read-all
jobs:
Beta:
permissions:
contents: write
packages: write
runs-on: ubuntu-latest
env:
COSIGN_KEY_LOCATION: /tmp/cosign.key
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}

steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.17

- name: Docker Login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Cosign Installer
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.2.0'

- name: Install Mage
run: go install github.com/magefile/mage@v1.11
matheusalcantarazup marked this conversation as resolved.
Show resolved Hide resolved

- name: Get current date
id: date
run: mage -v getCurrentDate

- name: Git config
run: mage -v defaultGitConfig

- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true

- name: Install cosign private key
run: mage -v writeCosignKeyToFile
env:
COSIGN_KEY: ${{secrets.COSIGN_KEY}}

- name: Version increment
id: updated-version
run: |
mage -v upVersions ${{ github.event.inputs.releaseType }}
env:
HORUSEC_REPOSITORY_ORG: ${{ github.repository_owner }}
HORUSEC_REPOSITORY_NAME: ${{ github.event.repository.name }}
- name: Checkout release branch
run: mage -v checkoutReleaseBranch ${{ steps.updated-version.outputs.nextReleaseBranchName }}

- name: Create local tag
run: mage -v createLocalTag ${{ steps.updated-version.outputs.nextBetaVersion }}

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
distribution: goreleaser
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.nextBetaVersion }}
CURRENT_DATE: ${{ steps.date.outputs.date }}
CLI_VERSION: ${{ steps.updated-version.outputs.nextBetaVersion }}

- name: Push updates
run: mage -v gitPushAll
matheusalcantarazup marked this conversation as resolved.
Show resolved Hide resolved
Loading