adds signing to packages

add ruby to so we can have packagecloud uploads break up builds so we only publish amd64 artifacts to packagecloud, maybe fix packagecloud uploads archives needs separate ids
2022-11-07 11:53:28 -06:00 · 2022-11-07 11:53:28 -06:00 · ee707a3149
parent c8555c3a22
commit ee707a3149
5 changed files with 225 additions and 16 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -23,6 +23,8 @@ jobs:
        with:
          fetch-depth: 0
      - run: git fetch --force --tags
      - name: Install RPM tooling
        run: sudo apt-get install -y rpm
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      - name: Set up Docker Buildx
@ -34,12 +36,26 @@ jobs:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Import GPG key
        id: import_gpg
        uses: crazy-max/ghaction-import-gpg@v5
        with:
          gpg_private_key: ${{ secrets.PACKAGECLOUD_SIGNING_GPG }}
      - name: "Setup Ruby for packagecloud uploads"
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: '2.7'
          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
      - name: "Install packagecloud gem"
        run: gem install package_cloud
      - uses: actions/setup-go@v3
        with:
          go-version: '>=1.19.3'
          cache: true
      # More assembly might be required: Docker logins, GPG, etc. It all depends
      # on your needs.
      - name: "make key file"
        run: "echo '${{ secrets.PACKAGECLOUD_SIGNING_GPG }}' > /tmp/key.gpg"
      - uses: goreleaser/goreleaser-action@v2
        with:
          # either 'goreleaser' (default) or 'goreleaser-pro':
@ -53,4 +69,6 @@ jobs:
          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
          DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
          DOCKER_IMAGE_NAME: ${{ env.DOCKER_IMAGE_NAME }}
-
+          PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
          PACKAGECLOUD_SIGNING_GPG: /tmp/key.gpg
          PACKAGECLOUD_SIGNING_KEY_ID: ${{ steps.import_gpg.outputs.keyid }}
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,6 @@
 # Change this line.
 /unifi-poller
 /unpoller
 /init/macos/*.app/Contents/MacOS/*
 # The rest is probably fine.
 /rsrc*.syso
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@ -1,20 +1,20 @@
 # .goreleaser.yaml
 before:
  hooks:
    - make man
    - make readme
    - make rsrc
 builds:
-  - env:
+  - id: unpoller
-    - CGO_ENABLED=0
+    env:
      - CGO_ENABLED=0
    binary: unpoller
    goarm:
      - 6
      - 7
    goos:
      - linux
      - darwin
      - windows
      - freebsd
    goarch:
      - amd64
      - arm64
      - arm
    ignore:
      - goos: darwin
        goarch: 386
@ -23,8 +23,82 @@ builds:
      - goamd64: v4
      - goos: freebsd
        goarch: 386
  - id: unpoller-mac
    env:
      - CGO_ENABLED=0
    binary: unpoller
    goos:
      - darwin
    goarch:
      - amd64
      - arm64
    ignore:
      - goos: darwin
        goarch: 386
  - id: unpoller-linux-arm
    env:
      - CGO_ENABLED=0
    binary: unpoller
    goarm:
      - 6
      - 7
    goos:
      - linux
    goarch:
      - arm64
      - arm
  - id: unpoller-windows
    env:
      - CGO_ENABLED=0
    binary: unpoller
    goos:
      - windows
    goarch:
      - amd64
 archives:
  - id: unpoller
    builds:
      - unpoller
    files:
      - LICENSE
      - README.md
      - examples/up.*.example
  - id: unpoller-linux-arm
    builds:
      - unpoller-linux-arm
    files:
      - LICENSE
      - README.html
      - unpoller_manual.html
      - examples/up.*.example
  - id: unpoller-mac
    builds:
      - unpoller-mac
    files:
      - LICENSE
      - README.html
      - unpoller_manual.html
      - examples/up.*.example
  - id: unpoller-windows
    format_overrides:
      - goos: windows
        format: zip
    builds:
      - unpoller-windows
    files:
      - LICENSE
      - README.html
      - unpoller_manual.html
      - rsrc_windows_*.syso
      - examples/up.*.example
 dockers:
-  - # amd64
+  - id: docker-linux-amd64
    ids:
      - unpoller
    goos: linux
    goarch: amd64
    image_templates:
      - "{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:latest-amd64"
      - "{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:{{ .Tag }}-amd64"
@ -49,7 +123,13 @@ dockers:
      - "examples/up.conf.example"
      - "examples/up.json.example"
      - "examples/up.yaml.example"
-  - # arm64
+      - "README.html"
      - "unpoller_manual.html"
  - id: docker-linux-arm64
    ids:
      - unpoller-linux-arm
    goos: linux
    goarch: arm64
    image_templates:
      - "{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:latest-arm64v8"
      - "{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:{{ .Tag }}-arm64v8"
@ -74,7 +154,14 @@ dockers:
      - "examples/up.conf.example"
      - "examples/up.json.example"
      - "examples/up.yaml.example"
-  - # armv7
+      - "README.html"
      - "unpoller_manual.html"
  - id: docker-linux-armv7
    ids:
      - unpoller-linux-arm
    goos: linux
    goarch: arm
    goarm: "7"
    image_templates:
      - "{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:latest-armv7"
      - "{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:{{ .Tag }}-armv7"
@ -99,6 +186,9 @@ dockers:
      - "examples/up.conf.example"
      - "examples/up.json.example"
      - "examples/up.yaml.example"
      - "README.html"
      - "unpoller_manual.html"
 docker_manifests:
  - name_template: '{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:latest'
    create_flags:
@ -129,7 +219,9 @@ docker_manifests:
      - "{{ .Env.DOCKER_REGISTRY }}/{{ .Env.DOCKER_IMAGE_NAME }}:v{{ .Major }}-armv7"
 nfpms:
-  -
+  - id: unpoller-packages
    builds:
      - unpoller
    replacements:
      amd64: 64-bit
      386: 32-bit
@ -142,7 +234,6 @@ nfpms:
    description: Telemetry and Observability for your UniFi Network
    license: MIT
    formats:
      - apk
      - deb
      - rpm
      - termux.deb # Since GoReleaser v1.11.
@ -150,6 +241,8 @@ nfpms:
    version_metadata: git
    section: default
    priority: extra
    provides:
      - unifi-poller
    # Contents to add to the package.
    # GoReleaser will automatically add the binaries.
@ -169,5 +262,34 @@ nfpms:
      - src: examples/up.yaml.example
        dst: /etc/unpoller/up.yaml.example
        type: config
      - src: "README.html"
        dst: /etc/unpoller/readme.html
        type: config
      - src: "unpoller_manual.html"
        dst: /etc/unpoller/manual.html
        type: config
    # signing
    scripts:
      postinstall: "scripts/after-install.sh"
      preremove: "scripts/before-remove.sh"
 signs:
  - id: default
    artifacts: all
    ids:
      - unpoller
      - unpoller-linux-arm
      - unpoller-windows
      - unpoller-mac
 universal_binaries:
  - replace: true
    ids:
      - unpoller-mac
 publishers:
  - name: "packagecloud-publisher"
    ids:
      - unpoller-packages
    cmd: "scripts/packagecloud_push.sh '{{ .Tag }}' '{{ .Env.PACKAGECLOUD_TOKEN }}' 'unpoller' '{{ .ArtifactPath }}' '{{ .Os }}'"
--- a/2
+++ b/2
@ -126,7 +126,7 @@ rsrc: rsrc.syso
 rsrc.syso: init/windows/application.ico init/windows/manifest.xml $(shell go env GOPATH)/bin/rsrc
 	$(shell go env GOPATH)/bin/rsrc -ico init/windows/application.ico -manifest init/windows/manifest.xml
 $(shell go env GOPATH)/bin/rsrc:
-	cd /tmp ; go get $(RSRC_BIN) ; go install $(RSRC_BIN)
+	cd /tmp ; go get $(RSRC_BIN) ; go install $(RSRC_BIN)@latest
 ####################
 ##### Binaries #####
--- a/scripts/packagecloud_push.sh
+++ b/scripts/packagecloud_push.sh
@ -0,0 +1,68 @@
 #!/bin/bash
 set -exo pipefail
 export GITTAG=$1
 export PACKAGECLOUD_TOKEN=$2
 export PACKAGE_NAME=$3
 export ARTIFACT_PATH=$4
 export ARTIFACT_OS=$5
 if [ ! -n "${GITTAG}" ]; then
  echo "GITTAG must be set"
  exit 1
 fi
 if [ ! -n "${PACKAGECLOUD_TOKEN}" ]; then
  echo "PACKAGECLOUD_TOKEN must be set"
  exit 1
 fi
 if [ ! -n "${PACKAGE_NAME}" ]; then
  echo "PACKAGE_NAME must be set"
  exit 1
 fi
 export PACKAGE_VERSION=${GITTAG}
 export PACKAGE_DIR="./dist/${PACKAGE_NAME}_linux_amd64"
 # NOTE: compatibility with goreleaser 1.8.3 and later
 # See more: https://github.com/goreleaser/goreleaser/commit/63436392db6ac0557513535fc3ee4223a44810ed
 if [[ -d "${PACKAGE_DIR}_v1" ]]; then
  export PACKAGE_DIR="${PACKAGE_DIR}_v1"
 fi
 if [[ ! -d "${PACKAGE_DIR}" ]]; then
  export PACKAGE_DIR="./dist/unpoller_linux_amd64"
  if [[ ! -d ${PACKAGE_DIR} ]]; then
    export PACKAGE_DIR="${PACKAGE_DIR}_v1"
  fi
 fi
 export PACKAGE_CLOUD_REPO="golift/pkgs"
 if [[ ${PACKAGE_VERSION} =~ .+-rc ]]; then
  export PACKAGE_CLOUD_REPO="golift/unstable"
 fi
 export SUPPORTED_UBUNTU_VERSIONS="focal"
 export SUPPORTED_REDHAT_VERSIONS="7"
 if [[ $ARTIFACT_PATH == *termux* ]]; then
  # skip termux builds
  exit 0
 fi
 for ubuntu_version in ${SUPPORTED_UBUNTU_VERSIONS}
 do
  if [[ $ARTIFACT_PATH == *.deb ]]; then
    package_cloud push ${PACKAGE_CLOUD_REPO}/ubuntu/${ubuntu_version} $ARTIFACT_PATH
  fi
 done
 for redhat_version in ${SUPPORTED_REDHAT_VERSIONS}
 do
  if [[ $ARTIFACT_PATH == *.rpm ]]; then
    package_cloud push ${PACKAGE_CLOUD_REPO}/el/${redhat_version} $ARTIFACT_PATH
  fi
 done