From 6edc586e945f0a98ab23c1c570dceed52aeebbb9 Mon Sep 17 00:00:00 2001
From: Harrison Affel <harrisonaffel@gmail.com>
Date: Fri, 17 May 2024 13:25:49 -0400
Subject: [PATCH] migrating to gha

---
 .drone.yml                         | 73 ------------------------------
 .github/workflows/pre-release.yaml | 50 ++++++++++++++++++++
 .github/workflows/release.yaml     | 50 ++++++++++++++++++++
 GNUmakefile                        | 15 +-----
 4 files changed, 102 insertions(+), 86 deletions(-)
 delete mode 100644 .drone.yml
 create mode 100644 .github/workflows/pre-release.yaml
 create mode 100644 .github/workflows/release.yaml

diff --git a/.drone.yml b/.drone.yml
deleted file mode 100644
index 76e928e8..00000000
--- a/.drone.yml
+++ /dev/null
@@ -1,73 +0,0 @@
----
-kind: pipeline
-name: default
-
-steps:
-- name: build
-  image: rancher/dapper:1.11.2
-  commands:
-  - dapper ci
-  privileged: true
-  volumes:
-  - name: socket
-    path: /var/run/docker.sock
-
-- name: build-all-binaries
-  image: golang:1.19.7
-  environment:
-    CROSS: 1
-    VERSION: ${DRONE_TAG}
-  commands:
-  - apt-get update
-  - apt-get install -y xz-utils zip rsync jq curl ca-certificates
-  - mkdir -p /go/src/github.com/rancher
-  - ln -s /drone/src /go/src/github.com/rancher/terraform-provider-rke
-  - cd /go/src/github.com/rancher/terraform-provider-rke
-  - make build
-  - make package
-  when:
-    event: tag
-
-- name: gpg_sign_release
-  image: plugins/gpgsign
-  settings:
-    key:
-      from_secret: gpg_key
-    passphrase:
-      from_secret: gpg_passphrase
-    files:
-      - dist/artifacts/${DRONE_TAG}/terraform-provider-rke_*_SHA256SUMS
-    detach_sign: true
-    armor: false
-  when:
-    event: tag
-
-- name: github_binary_prerelease
-  image: plugins/github-release
-  settings:
-    prerelease: true
-    files:
-    - dist/artifacts/${DRONE_TAG}/terraform-provider-rke_*
-    api_key:
-      from_secret: github_token
-  when:
-    event: tag
-    ref:
-      include: [ refs/tags/*rc* ]
-
-- name: github_binary_release
-  image: plugins/github-release
-  settings:
-    files:
-    - dist/artifacts/${DRONE_TAG}/terraform-provider-rke_*
-    api_key:
-      from_secret: github_token
-  when:
-    event: tag
-    ref:
-      exclude: [ refs/tags/*rc* ]
-
-volumes:
-- name: socket
-  host:
-    path: /var/run/docker.sock
diff --git a/.github/workflows/pre-release.yaml b/.github/workflows/pre-release.yaml
new file mode 100644
index 00000000..e9214a59
--- /dev/null
+++ b/.github/workflows/pre-release.yaml
@@ -0,0 +1,50 @@
+name: Prerelease
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: build binaries
+        env:
+          CROSS: 1
+          VERSION: ${{ github.ref_name }}
+        run: |
+          make build
+
+      - name: package
+        run: |
+          make package
+
+      - name: retrieve GPG Credentials
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/${{ github.repository }}/key/app-credentials passphrase | GPG_PASSPHRASE ;
+            secret/data/github/repo/${{ github.repository }}/key/app-credentials privateKey | GPG_KEY
+
+      - name: sign SHASUM
+        env:
+          GPG_KEY: ${{ env.GPG_KEY }}
+          GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
+        run: |
+          echo "Importing gpg key"
+          echo -n "${{ env.GPG_KEY }}" | base64 --decode | gpg --import --batch >/dev/null          
+          echo "signing SHASUM file"
+          VERSION_NO_V=$(echo ${{ github.ref_name }} | sed "s/^[v|V]//")
+          SHASUM_FILE=dist/artifacts/${{ github.ref_name }}/terraform-provider-rke_"$VERSION_NO_V"_SHA256SUMS
+          echo ${{ env.GPG_PASSPHRASE }} | gpg --detach-sig --pinentry-mode loopback --passphrase-fd 0 --output "$SHASUM_FILE".sig --sign "$SHASUM_FILE"
+
+      - name: GH release
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh release create ${{ github.ref_name }} --prerelease --verify-tag --generate-notes ./dist/artifacts/${{ github.ref_name }}/*
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 00000000..fcacb333
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,50 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: build binaries
+        env:
+          CROSS: 1
+          VERSION: ${{ github.ref_name }}
+        run: | 
+          make build
+
+      - name: package
+        run: |
+          make package
+
+      - name: retrieve GPG Credentials
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/${{ github.repository }}/key/app-credentials passphrase | GPG_PASSPHRASE ;
+            secret/data/github/repo/${{ github.repository }}/key/app-credentials privateKey | GPG_KEY
+
+      - name: sign SHASUM
+        env:
+          GPG_KEY: ${{ env.GPG_KEY }}
+          GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
+        run: |
+          echo "Importing gpg key"
+          echo -n "${{ env.GPG_KEY }}" | base64 --decode | gpg --import --batch >/dev/null          
+          echo "signing SHASUM file"
+          VERSION_NO_V=$(echo ${{ github.ref_name }} | sed "s/^[v|V]//")
+          SHASUM_FILE=dist/artifacts/${{ github.ref_name }}/terraform-provider-rke_"$VERSION_NO_V"_SHA256SUMS
+          echo ${{ env.GPG_PASSPHRASE }} | gpg --detach-sig --pinentry-mode loopback --passphrase-fd 0 --output "$SHASUM_FILE".sig --sign "$SHASUM_FILE"
+
+      - name: GH release
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh release create ${{ github.ref_name }} --verify-tag --generate-notes ./dist/artifacts/${{ github.ref_name }}/*
diff --git a/GNUmakefile b/GNUmakefile
index 9bad2e8d..fab921f7 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -1,5 +1,4 @@
 GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor)
-GO111MODULE=off
 WEBSITE_REPO=github.com/hashicorp/terraform-website
 PKG_NAME=rke
 TEST?="./${PKG_NAME}"
@@ -19,7 +18,7 @@ dapper-testacc: .dapper
 build: validate
 	@sh -c "'$(CURDIR)/scripts/gobuild.sh'"
 
-validate: vet lint fmtcheck
+validate: vet fmtcheck
 
 package:
 	@sh -c "'$(CURDIR)/scripts/gopackage.sh'"
@@ -41,23 +40,13 @@ testacc:
 
 vet:
 	@echo "==> Checking that code complies with go vet requirements..."
-	@go vet $$(go list ./... | grep -v vendor/) ; if [ $$? -gt 0 ]; then \
+	@go vet ./... ; if [ $$? -gt 0 ]; then \
 		echo ""; \
 		echo "Vet found suspicious constructs. Please check the reported constructs"; \
 		echo "and fix them if necessary before submitting the code for review."; \
 		exit 1; \
 	fi
 
-lint:
-	@echo "==> Checking that code complies with golint requirements..."
-	@GO111MODULE=off go get -u golang.org/x/lint/golint
-	@if [ -n "$$(golint $$(go list ./...) | grep -v 'should have comment.*or be unexported' | tee /dev/stderr)" ]; then \
-		echo ""; \
-		echo "golint found style issues. Please check the reported issues"; \
-		echo "and fix them if necessary before submitting the code for review."; \
-    	exit 1; \
-	fi
-
 bin:
 	go build -o $(PROVIDER_NAME)