-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Remove goreleaser config * Add release config + metadata * release: Add security scanner config * github: Add build workflow * docs: Add releasing notes
- Loading branch information
1 parent
c64df2c
commit 4943701
Showing
6 changed files
with
270 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,131 @@ | ||
name: build | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
|
||
env: | ||
PKG_NAME: "hc-install" | ||
|
||
jobs: | ||
get-go-version: | ||
name: "Determine Go toolchain version" | ||
runs-on: ubuntu-latest | ||
outputs: | ||
go-version: ${{ steps.get-go-version.outputs.go-version }} | ||
steps: | ||
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # https://github.com/actions/checkout/releases/tag/v3.2.0 | ||
- name: Determine Go version | ||
id: get-go-version | ||
run: | | ||
echo "Building with Go $(cat .go-version)" | ||
echo "go-version=$(cat .go-version)" >> $GITHUB_OUTPUT | ||
set-product-version: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
product-version: ${{ steps.set-product-version.outputs.product-version }} | ||
product-base-version: ${{ steps.set-product-version.outputs.base-product-version }} | ||
product-prerelease-version: ${{ steps.set-product-version.outputs.prerelease-product-version }} | ||
steps: | ||
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # https://github.com/actions/checkout/releases/tag/v3.2.0 | ||
- name: Set Product version | ||
id: set-product-version | ||
uses: hashicorp/actions-set-product-version@v1 | ||
|
||
generate-metadata-file: | ||
needs: set-product-version | ||
runs-on: ubuntu-latest | ||
outputs: | ||
filepath: ${{ steps.generate-metadata-file.outputs.filepath }} | ||
steps: | ||
- name: "Checkout directory" | ||
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # https://github.com/actions/checkout/releases/tag/v3.2.0 | ||
- name: Generate metadata file | ||
id: generate-metadata-file | ||
uses: hashicorp/actions-generate-metadata@v1 | ||
with: | ||
version: ${{ needs.set-product-version.outputs.product-version }} | ||
product: ${{ env.PKG_NAME }} | ||
repositoryOwner: "hashicorp" | ||
- uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # https://github.com/actions/upload-artifact/releases/tag/v3.1.1 | ||
with: | ||
name: metadata.json | ||
path: ${{ steps.generate-metadata-file.outputs.filepath }} | ||
|
||
build: | ||
needs: | ||
- get-go-version | ||
- set-product-version | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
include: | ||
- { goos: "linux", goarch: "386" } | ||
- { goos: "linux", goarch: "amd64" } | ||
- { goos: "linux", goarch: "arm" } | ||
- { goos: "linux", goarch: "arm64" } | ||
- { goos: "freebsd", goarch: "386" } | ||
- { goos: "freebsd", goarch: "amd64" } | ||
- { goos: "freebsd", goarch: "arm" } | ||
- { goos: "freebsd", goarch: "arm64" } | ||
- { goos: "openbsd", goarch: "386" } | ||
- { goos: "openbsd", goarch: "amd64" } | ||
- { goos: "solaris", goarch: "amd64" } | ||
- { goos: "darwin", goarch: "arm64" } | ||
- { goos: "darwin", goarch: "amd64" } | ||
- { goos: "windows", goarch: "386" } | ||
- { goos: "windows", goarch: "amd64" } | ||
- { goos: "windows", goarch: "arm64" } | ||
fail-fast: true | ||
name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build | ||
steps: | ||
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # https://github.com/actions/checkout/releases/tag/v3.2.0 | ||
- uses: hashicorp/actions-go-build@v0.1.7 | ||
env: | ||
BASE_VERSION: ${{ needs.set-product-version.outputs.product-base-version }} | ||
PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.product-prerelease-version}} | ||
METADATA_VERSION: ${{ env.METADATA }} | ||
with: | ||
product_name: ${{ env.PKG_NAME }} | ||
product_version: ${{ needs.set-product-version.outputs.product-version }} | ||
go_version: ${{ needs.get-go-version.outputs.go-version }} | ||
os: ${{ matrix.goos }} | ||
arch: ${{ matrix.goarch }} | ||
reproducible: report | ||
instructions: | | ||
go build -trimpath -ldflags "-s -w" -o "$BIN_PATH" ./cmd/hc-install | ||
- name: Package | ||
if: ${{ matrix.goos == 'linux' }} | ||
uses: hashicorp/actions-packaging-linux@v1 | ||
with: | ||
name: ${{ github.event.repository.name }} | ||
description: "hc-install CLI allows installing multiple versions of HashiCorp products in automation" | ||
arch: ${{ matrix.goarch }} | ||
version: ${{ needs.set-product-version.outputs.product-version }} | ||
maintainer: "HashiCorp" | ||
homepage: "https://github.com/hashicorp/hc-install" | ||
license: "MPL-2.0" | ||
binary: "dist/${{ env.PKG_NAME }}" | ||
deb_depends: "openssl" | ||
rpm_depends: "openssl" | ||
|
||
- name: Set Package Names | ||
if: ${{ matrix.goos == 'linux' }} | ||
run: | | ||
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV | ||
echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV | ||
- uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # https://github.com/actions/upload-artifact/releases/tag/v3.1.1 | ||
if: ${{ matrix.goos == 'linux' }} | ||
with: | ||
name: ${{ env.RPM_PACKAGE }} | ||
path: out/${{ env.RPM_PACKAGE }} | ||
|
||
- uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # https://github.com/actions/upload-artifact/releases/tag/v3.1.1 | ||
if: ${{ matrix.goos == 'linux' }} | ||
with: | ||
name: ${{ env.DEB_PACKAGE }} | ||
path: out/${{ env.DEB_PACKAGE }} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
schema = "1" | ||
|
||
project "hc-install" { | ||
// team is currently unused and has no meaning | ||
// but is required to be non-empty by CRT orchestrator | ||
team = "_UNUSED_" | ||
slack { | ||
notification_channel = "C01QDH3Q37W" // #feed-terraform-exec | ||
} | ||
github { | ||
organization = "hashicorp" | ||
repository = "hc-install" | ||
release_branches = ["main"] | ||
} | ||
} | ||
|
||
event "build" { | ||
action "build" { | ||
organization = "hashicorp" | ||
repository = "hc-install" | ||
workflow = "build" | ||
} | ||
} | ||
|
||
event "prepare" { | ||
depends = ["build"] | ||
|
||
action "prepare" { | ||
organization = "hashicorp" | ||
repository = "crt-workflows-common" | ||
workflow = "prepare" | ||
depends = ["build"] | ||
} | ||
|
||
notification { | ||
on = "fail" | ||
} | ||
} | ||
|
||
event "trigger-staging" { | ||
// This event is dispatched by the bob trigger-promotion command | ||
// and is required - do not delete. | ||
} | ||
|
||
event "promote-staging" { | ||
depends = ["trigger-staging"] | ||
action "promote-staging" { | ||
organization = "hashicorp" | ||
repository = "crt-workflows-common" | ||
workflow = "promote-staging" | ||
config = "release-metadata.hcl" | ||
} | ||
|
||
notification { | ||
on = "fail" | ||
} | ||
} | ||
|
||
event "trigger-production" { | ||
// This event is dispatched by the bob trigger-promotion command | ||
// and is required - do not delete. | ||
} | ||
|
||
event "promote-production" { | ||
depends = ["trigger-production"] | ||
action "promote-production" { | ||
organization = "hashicorp" | ||
repository = "crt-workflows-common" | ||
workflow = "promote-production" | ||
} | ||
|
||
notification { | ||
on = "always" | ||
} | ||
} | ||
|
||
// promote Linux packages to production repo | ||
event "promote-production-packaging" { | ||
depends = ["promote-production"] | ||
action "promote-production-packaging" { | ||
organization = "hashicorp" | ||
repository = "crt-workflows-common" | ||
workflow = "promote-production-packaging" | ||
} | ||
|
||
notification { | ||
on = "always" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
url_license = "https://github.com/hashicorp/hc-install/blob/main/LICENSE" | ||
url_source_repository = "https://github.com/hashicorp/hc-install" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
binary { | ||
go_modules = true # Scan the Go modules found in the binary | ||
osv = true # Use the Open Source Vulnerabilities (OSV) database | ||
oss_index = true # Use the Sonatype OSS Index vulnerability database | ||
nvd = true # Use the Nation Vulnerability Database | ||
|
||
secrets { # Scan for secrets in the binary | ||
all = true | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# Contributing Notes | ||
|
||
## Releasing | ||
|
||
Releases are made on a reasonably regular basis by the maintainers (HashiCorp staff), using our internal tooling. The following notes are only relevant to maintainers. | ||
|
||
Release process: | ||
|
||
1. Update [`version/VERSION`](https://github.com/hashicorp/hc-install/blob/main/version/VERSION) to remove `-dev` suffix and set it to the intended version to be released | ||
1. Wait for [`build` workflow](https://github.com/hashicorp/hc-install/actions/workflows/build.yml) to finish | ||
1. Ensure you have the appropriate GitHub PAT set in `BOB_GITHUB_TOKEN` variable | ||
1. Set `SHA` to the corresponding (long) last commit SHA (after updating `VERSION` file) & `VERSION` to the same version | ||
1. Use `bob` to promote artifacts to **staging** | ||
``` | ||
bob trigger-promotion \ | ||
--product-name=hc-install \ | ||
--environment=hc-install-oss \ | ||
--org=hashicorp \ | ||
--repo=hc-install \ | ||
--slack-channel=C01QDH3Q37W \ | ||
--product-version=$VERSION \ | ||
--sha=$SHA \ | ||
--branch=main \ | ||
staging | ||
``` | ||
1. Use `bob` to promote artifacts to **production** | ||
``` | ||
bob trigger-promotion \ | ||
--product-name=hc-install \ | ||
--environment=hc-install-oss \ | ||
--org=hashicorp \ | ||
--repo=hc-install \ | ||
--slack-channel=C01QDH3Q37W \ | ||
--product-version=$VERSION \ | ||
--sha=$SHA \ | ||
--branch=main \ | ||
production | ||
``` |