Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CI/CD pipelines and deb/rpm packaging options #41

Merged
merged 2 commits into from
Aug 6, 2020
Merged

Add CI/CD pipelines and deb/rpm packaging options #41

merged 2 commits into from
Aug 6, 2020

Conversation

ccremer
Copy link
Contributor

@ccremer ccremer commented May 4, 2020

What's included

  • Adds Github Actions workflows to compile, test and build helm-docs within PRs and all branches
  • Adds Goreleaser release automation that is only triggered upon push Git tags
  • Adds Deb/Rpm packages to the release artifacts, so that users can install it using dpkg -i and the rpm equivalent. No additional dependency besides goreleaser is necessary for local development. The packages will install the binary in /usr/local/bin by default (see https://goreleaser.com/customization/#NFPM)
  • Configures artifact checksum signing with GPG, so users can verify the downloads (instructions to set up below)
  • Adds an additional Makefile target dist

Why

  • GitHub Actions usage is free for public repositories
  • It's faster and better documented than Travis CI
  • Deb/Rpm packaging options gives better (un)installability and versioning for free (besides Docker)
  • CI/CD improves code quality, it gives confidence when merging PRs
  • Helm-docs is an awesome project :)

What you need to do before merging

Set up signing key

  1. Create a new passwordless GPG key, e.g. gpg --quick-generate-key helm-docs default default never (Do NOT use your personal private key!)
  2. Get the ID of the new key:
    gpg --list-keys, the id looks like E57761BCB035C49A7068EF97083880A377733DD7
  3. Export the private key of the new GPG key for signing, e.g.
    gpg --armor --export-secret-key E57761BCB035C49A7068EF97083880A377733DD7
  4. Save the content of the private key as a secret named SIGNING_KEY in https://github.com/norwoodj/helm-docs/settings/secrets (it begins with -----BEGIN PGP PRIVATE KEY BLOCK-----)
  5. Check in the public key (gpg --armor --export E57761BCB035C49A7068EF97083880A377733DD7 > signature.asc) somewhere in this Repo, e.g. .github/signature.asc or in the project root dir, file name/extension also doesn't matter, it's just a proposal. So that users can verify the downloads with the public key.
  6. Leave a comment in this PR with the GPG Id, so I can replace the placeholder in .goreleaser.yml:
signs:
- artifacts: checksum
  args: ["-u", "<thefingerprintid>", "--output", "${signature}", "--detach-sign", "${artifact}"]

(or you can do it directly in your own commit, I don't mind)

This only takes around 15min to do ;)

Set up CI/CD

  1. Add a new secret named DOCKER_HUB_USER in https://github.com/norwoodj/helm-docs/settings/secrets (it's probably jnorwood like your Docker Hub repo, but for good measure, should it change somehow)
  2. Create a new personal access token on Docker Hub (it's revocable in any case)
  3. Store the token as DOCKER_HUB_PASSWORD in the secrets

(Note: Secrets do NOT get passed to PR builds or printed in CI output, so your Docker Hub access isn't leaked.)

@norwoodj norwoodj merged commit a2c4222 into norwoodj:master Aug 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ccremer @norwoodj