From ad4aef1a7837a25449e25018ed495a7e2c54a54e Mon Sep 17 00:00:00 2001 From: Jared Hall Date: Tue, 7 Apr 2026 01:53:40 +1000 Subject: [PATCH 01/10] attempted linux build --- .github/workflows/publish-github.yml | 81 ++++++++++++++++++++++++++++ .goreleaser.full.yaml | 66 +++++++++++++++++++++++ .goreleaser.yaml | 42 ++++----------- 3 files changed, 157 insertions(+), 32 deletions(-) create mode 100644 .goreleaser.full.yaml diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml index e118609..594b500 100644 --- a/.github/workflows/publish-github.yml +++ b/.github/workflows/publish-github.yml @@ -61,3 +61,84 @@ jobs: --team-id "$APPLE_TEAM_ID" \ --wait done + + apt: + name: Publish apt repository + runs-on: ubuntu-latest + needs: goreleaser + permissions: + contents: read + steps: + - name: Install dpkg-dev + run: sudo apt-get install -y dpkg-dev + + - name: Checkout apt repo + uses: actions/checkout@v4 + with: + repository: apialerts/apt + token: ${{ secrets.GORELEASER_TOKEN }} + path: apt-repo + + - name: Download .deb packages from release + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh release download ${{ github.event.release.tag_name }} \ + --pattern "*.deb" \ + --dir debs \ + --repo ${{ github.repository }} + + - name: Import GPG key + run: echo "${{ secrets.APT_GPG_PRIVATE_KEY }}" | base64 -d | gpg --batch --import + + - name: Update apt repository + env: + APT_GPG_PASSPHRASE: ${{ secrets.APT_GPG_PASSPHRASE }} + run: | + mkdir -p apt-repo/pool/main/a/apialerts + cp debs/*.deb apt-repo/pool/main/a/apialerts/ + + cd apt-repo + mkdir -p dists/stable/main/binary-amd64 + mkdir -p dists/stable/main/binary-arm64 + + dpkg-scanpackages --arch amd64 pool/ > dists/stable/main/binary-amd64/Packages + gzip -kf dists/stable/main/binary-amd64/Packages + + dpkg-scanpackages --arch arm64 pool/ > dists/stable/main/binary-arm64/Packages + gzip -kf dists/stable/main/binary-arm64/Packages + + gpg --armor --export > key.gpg + + { + echo "Origin: apialerts" + echo "Label: apialerts" + echo "Suite: stable" + echo "Codename: stable" + echo "Architectures: amd64 arm64" + echo "Components: main" + echo "Description: API Alerts apt repository" + echo "Date: $(date -Ru)" + echo "MD5Sum:" + for f in dists/stable/main/binary-*/Packages*; do + printf " %s %s %s\n" "$(md5sum "$f" | cut -d' ' -f1)" "$(wc -c < "$f")" "${f#dists/stable/}" + done + echo "SHA256:" + for f in dists/stable/main/binary-*/Packages*; do + printf " %s %s %s\n" "$(sha256sum "$f" | cut -d' ' -f1)" "$(wc -c < "$f")" "${f#dists/stable/}" + done + } > dists/stable/Release + + gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ + --clearsign -o dists/stable/InRelease dists/stable/Release + gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ + -abs -o dists/stable/Release.gpg dists/stable/Release + + - name: Push apt repo + run: | + cd apt-repo + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add . + git diff --staged --quiet || git commit -m "Release ${{ github.event.release.tag_name }}" + git push diff --git a/.goreleaser.full.yaml b/.goreleaser.full.yaml new file mode 100644 index 0000000..a9f7861 --- /dev/null +++ b/.goreleaser.full.yaml @@ -0,0 +1,66 @@ +version: 2 + +builds: + - binary: apialerts + env: + - CGO_ENABLED=0 + goos: + - linux + - darwin + - windows + goarch: + - amd64 + - arm64 + hooks: + post: + - cmd: >- + {{- if eq .Os "darwin" }} + codesign --force --options runtime --sign "Developer ID Application: Jared Hall ({{ .Env.APPLE_TEAM_ID }})" --timestamp "{{ .Path }}" + {{- else }} + true + {{- end }} + output: true + +archives: + - name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" + formats: + - tar.gz + format_overrides: + - goos: windows + formats: + - zip + +checksum: + name_template: "checksums.txt" + +nfpms: + - id: packages + package_name: apialerts + vendor: apialerts + homepage: https://apialerts.com + maintainer: API Alerts + description: API Alerts CLI — send events from your terminal + license: MIT + formats: + - deb + +homebrew_casks: + - name: apialerts + repository: + owner: apialerts + name: homebrew-tap + token: "{{ .Env.GORELEASER_TOKEN }}" + homepage: "https://apialerts.com" + description: "API Alerts CLI — send events from your terminal" + +scoops: + - name: apialerts + repository: + owner: apialerts + name: scoop-bucket + token: "{{ .Env.GORELEASER_TOKEN }}" + homepage: "https://apialerts.com" + description: "API Alerts CLI — send events from your terminal" + +changelog: + sort: asc diff --git a/.goreleaser.yaml b/.goreleaser.yaml index fab9c6a..dc866da 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -6,50 +6,28 @@ builds: - CGO_ENABLED=0 goos: - linux - - darwin - - windows goarch: - amd64 - arm64 - hooks: - post: - - cmd: >- - {{- if eq .Os "darwin" }} - codesign --force --options runtime --sign "Developer ID Application: Jared Hall ({{ .Env.APPLE_TEAM_ID }})" --timestamp "{{ .Path }}" - {{- else }} - true - {{- end }} - output: true archives: - name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" formats: - tar.gz - format_overrides: - - goos: windows - formats: - - zip checksum: name_template: "checksums.txt" -homebrew_casks: - - name: apialerts - repository: - owner: apialerts - name: homebrew-tap - token: "{{ .Env.GORELEASER_TOKEN }}" - homepage: "https://apialerts.com" - description: "API Alerts CLI — send events from your terminal" - -scoops: - - name: apialerts - repository: - owner: apialerts - name: scoop-bucket - token: "{{ .Env.GORELEASER_TOKEN }}" - homepage: "https://apialerts.com" - description: "API Alerts CLI — send events from your terminal" +nfpms: + - id: packages + package_name: apialerts + vendor: apialerts + homepage: https://apialerts.com + maintainer: API Alerts + description: API Alerts CLI — send events from your terminal + license: MIT + formats: + - deb changelog: sort: asc From b56340f89c3748e547ff5c18b71b74374eebc943 Mon Sep 17 00:00:00 2001 From: Jared Hall Date: Tue, 7 Apr 2026 01:56:29 +1000 Subject: [PATCH 02/10] comment out mac os notorize --- .github/workflows/publish-github.yml | 32 ++++++++++++++-------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml index 594b500..52294d1 100644 --- a/.github/workflows/publish-github.yml +++ b/.github/workflows/publish-github.yml @@ -38,7 +38,7 @@ jobs: security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH security list-keychain -d user -s $KEYCHAIN_PATH - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v6 + uses: goreleaser/goreleaser-action@v7 with: version: "~> v2" args: release --clean @@ -46,21 +46,21 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GORELEASER_TOKEN: ${{ secrets.GORELEASER_TOKEN }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - - name: Notarize macOS binaries - env: - APPLE_ID: ${{ secrets.APPLE_ID }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - run: | - for bin in dist/cli_darwin_*/apialerts; do - ZIP_PATH="${bin}.zip" - ditto -c -k "$bin" "$ZIP_PATH" - xcrun notarytool submit "$ZIP_PATH" \ - --apple-id "$APPLE_ID" \ - --password "$APPLE_ID_PASSWORD" \ - --team-id "$APPLE_TEAM_ID" \ - --wait - done + # - name: Notarize macOS binaries + # env: + # APPLE_ID: ${{ secrets.APPLE_ID }} + # APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + # APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + # run: | + # for bin in dist/cli_darwin_*/apialerts; do + # ZIP_PATH="${bin}.zip" + # ditto -c -k "$bin" "$ZIP_PATH" + # xcrun notarytool submit "$ZIP_PATH" \ + # --apple-id "$APPLE_ID" \ + # --password "$APPLE_ID_PASSWORD" \ + # --team-id "$APPLE_TEAM_ID" \ + # --wait + # done apt: name: Publish apt repository From 3c4ce4e9ec95e82fa6d86b8551dbfdf519e31aea Mon Sep 17 00:00:00 2001 From: Jared Hall Date: Tue, 7 Apr 2026 02:06:45 +1000 Subject: [PATCH 03/10] add back in all deploys --- .github/workflows/publish-github.yml | 32 +++++++------- .goreleaser.full.yaml | 66 ---------------------------- .goreleaser.yaml | 33 ++++++++++++++ 3 files changed, 49 insertions(+), 82 deletions(-) delete mode 100644 .goreleaser.full.yaml diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml index 52294d1..af60304 100644 --- a/.github/workflows/publish-github.yml +++ b/.github/workflows/publish-github.yml @@ -46,21 +46,21 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GORELEASER_TOKEN: ${{ secrets.GORELEASER_TOKEN }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - # - name: Notarize macOS binaries - # env: - # APPLE_ID: ${{ secrets.APPLE_ID }} - # APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - # APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - # run: | - # for bin in dist/cli_darwin_*/apialerts; do - # ZIP_PATH="${bin}.zip" - # ditto -c -k "$bin" "$ZIP_PATH" - # xcrun notarytool submit "$ZIP_PATH" \ - # --apple-id "$APPLE_ID" \ - # --password "$APPLE_ID_PASSWORD" \ - # --team-id "$APPLE_TEAM_ID" \ - # --wait - # done + - name: Notarize macOS binaries + env: + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + run: | + for bin in dist/cli_darwin_*/apialerts; do + ZIP_PATH="${bin}.zip" + ditto -c -k "$bin" "$ZIP_PATH" + xcrun notarytool submit "$ZIP_PATH" \ + --apple-id "$APPLE_ID" \ + --password "$APPLE_ID_PASSWORD" \ + --team-id "$APPLE_TEAM_ID" \ + --wait + done apt: name: Publish apt repository @@ -73,7 +73,7 @@ jobs: run: sudo apt-get install -y dpkg-dev - name: Checkout apt repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: apialerts/apt token: ${{ secrets.GORELEASER_TOKEN }} diff --git a/.goreleaser.full.yaml b/.goreleaser.full.yaml deleted file mode 100644 index a9f7861..0000000 --- a/.goreleaser.full.yaml +++ /dev/null @@ -1,66 +0,0 @@ -version: 2 - -builds: - - binary: apialerts - env: - - CGO_ENABLED=0 - goos: - - linux - - darwin - - windows - goarch: - - amd64 - - arm64 - hooks: - post: - - cmd: >- - {{- if eq .Os "darwin" }} - codesign --force --options runtime --sign "Developer ID Application: Jared Hall ({{ .Env.APPLE_TEAM_ID }})" --timestamp "{{ .Path }}" - {{- else }} - true - {{- end }} - output: true - -archives: - - name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" - formats: - - tar.gz - format_overrides: - - goos: windows - formats: - - zip - -checksum: - name_template: "checksums.txt" - -nfpms: - - id: packages - package_name: apialerts - vendor: apialerts - homepage: https://apialerts.com - maintainer: API Alerts - description: API Alerts CLI — send events from your terminal - license: MIT - formats: - - deb - -homebrew_casks: - - name: apialerts - repository: - owner: apialerts - name: homebrew-tap - token: "{{ .Env.GORELEASER_TOKEN }}" - homepage: "https://apialerts.com" - description: "API Alerts CLI — send events from your terminal" - -scoops: - - name: apialerts - repository: - owner: apialerts - name: scoop-bucket - token: "{{ .Env.GORELEASER_TOKEN }}" - homepage: "https://apialerts.com" - description: "API Alerts CLI — send events from your terminal" - -changelog: - sort: asc diff --git a/.goreleaser.yaml b/.goreleaser.yaml index dc866da..a9f7861 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -6,14 +6,29 @@ builds: - CGO_ENABLED=0 goos: - linux + - darwin + - windows goarch: - amd64 - arm64 + hooks: + post: + - cmd: >- + {{- if eq .Os "darwin" }} + codesign --force --options runtime --sign "Developer ID Application: Jared Hall ({{ .Env.APPLE_TEAM_ID }})" --timestamp "{{ .Path }}" + {{- else }} + true + {{- end }} + output: true archives: - name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" formats: - tar.gz + format_overrides: + - goos: windows + formats: + - zip checksum: name_template: "checksums.txt" @@ -29,5 +44,23 @@ nfpms: formats: - deb +homebrew_casks: + - name: apialerts + repository: + owner: apialerts + name: homebrew-tap + token: "{{ .Env.GORELEASER_TOKEN }}" + homepage: "https://apialerts.com" + description: "API Alerts CLI — send events from your terminal" + +scoops: + - name: apialerts + repository: + owner: apialerts + name: scoop-bucket + token: "{{ .Env.GORELEASER_TOKEN }}" + homepage: "https://apialerts.com" + description: "API Alerts CLI — send events from your terminal" + changelog: sort: asc From 207347dddddb230e1e63c6cedf3024c0ca29b13d Mon Sep 17 00:00:00 2001 From: Jared Hall Date: Tue, 7 Apr 2026 02:21:19 +1000 Subject: [PATCH 04/10] rpm setup --- .github/workflows/publish-github.yml | 52 ++++++++++++++++++++++++++++ .goreleaser.yaml | 1 + README.md | 23 ++++++++++++ 3 files changed, 76 insertions(+) diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml index af60304..78ed924 100644 --- a/.github/workflows/publish-github.yml +++ b/.github/workflows/publish-github.yml @@ -142,3 +142,55 @@ jobs: git add . git diff --staged --quiet || git commit -m "Release ${{ github.event.release.tag_name }}" git push + + rpm: + name: Publish rpm repository + runs-on: ubuntu-latest + needs: goreleaser + permissions: + contents: read + steps: + - name: Install createrepo + run: sudo apt-get install -y createrepo-c + + - name: Checkout rpm repo + uses: actions/checkout@v6 + with: + repository: apialerts/rpm + token: ${{ secrets.GORELEASER_TOKEN }} + path: rpm-repo + + - name: Download .rpm packages from release + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh release download ${{ github.event.release.tag_name }} \ + --pattern "*.rpm" \ + --dir rpms \ + --repo ${{ github.repository }} + + - name: Import GPG key + run: echo "${{ secrets.APT_GPG_PRIVATE_KEY }}" | base64 -d | gpg --batch --import + + - name: Update rpm repository + env: + APT_GPG_PASSPHRASE: ${{ secrets.APT_GPG_PASSPHRASE }} + run: | + mkdir -p rpm-repo/packages + cp rpms/*.rpm rpm-repo/packages/ + + gpg --armor --export > rpm-repo/key.gpg + + createrepo_c rpm-repo/ + + gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ + --detach-sign --armor rpm-repo/repodata/repomd.xml + + - name: Push rpm repo + run: | + cd rpm-repo + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add . + git diff --staged --quiet || git commit -m "Release ${{ github.event.release.tag_name }}" + git push diff --git a/.goreleaser.yaml b/.goreleaser.yaml index a9f7861..f299f5e 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -43,6 +43,7 @@ nfpms: license: MIT formats: - deb + - rpm homebrew_casks: - name: apialerts diff --git a/README.md b/README.md index a0e246e..d42be57 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,29 @@ brew tap apialerts/tap brew install --cask apialerts ``` +### apt (Debian / Ubuntu and derivatives) + +```bash +curl -fsSL https://apt.apialerts.com/key.gpg | sudo gpg --dearmor -o /usr/share/keyrings/apialerts.gpg +echo "deb [signed-by=/usr/share/keyrings/apialerts.gpg] https://apt.apialerts.com stable main" | sudo tee /etc/apt/sources.list.d/apialerts.list +sudo apt update && sudo apt install apialerts +``` + +### dnf (Fedora / RHEL / CentOS) + +```bash +sudo rpm --import https://rpm.apialerts.com/key.gpg +sudo tee /etc/yum.repos.d/apialerts.repo < Date: Tue, 7 Apr 2026 02:22:25 +1000 Subject: [PATCH 05/10] temp remove all deploys other than the rpm release --- .goreleaser.yaml | 34 ---------------------------------- 1 file changed, 34 deletions(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index f299f5e..feff300 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -6,29 +6,14 @@ builds: - CGO_ENABLED=0 goos: - linux - - darwin - - windows goarch: - amd64 - arm64 - hooks: - post: - - cmd: >- - {{- if eq .Os "darwin" }} - codesign --force --options runtime --sign "Developer ID Application: Jared Hall ({{ .Env.APPLE_TEAM_ID }})" --timestamp "{{ .Path }}" - {{- else }} - true - {{- end }} - output: true archives: - name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" formats: - tar.gz - format_overrides: - - goos: windows - formats: - - zip checksum: name_template: "checksums.txt" @@ -42,26 +27,7 @@ nfpms: description: API Alerts CLI — send events from your terminal license: MIT formats: - - deb - rpm -homebrew_casks: - - name: apialerts - repository: - owner: apialerts - name: homebrew-tap - token: "{{ .Env.GORELEASER_TOKEN }}" - homepage: "https://apialerts.com" - description: "API Alerts CLI — send events from your terminal" - -scoops: - - name: apialerts - repository: - owner: apialerts - name: scoop-bucket - token: "{{ .Env.GORELEASER_TOKEN }}" - homepage: "https://apialerts.com" - description: "API Alerts CLI — send events from your terminal" - changelog: sort: asc From 0d02e93860a0b6afc1d010ede7aa04a5aa4a0701 Mon Sep 17 00:00:00 2001 From: Jared Hall Date: Tue, 7 Apr 2026 02:23:04 +1000 Subject: [PATCH 06/10] temp remove github actions for non rpm builds --- .github/workflows/publish-github.yml | 232 +++++++++++++-------------- 1 file changed, 115 insertions(+), 117 deletions(-) diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml index 78ed924..c5688bb 100644 --- a/.github/workflows/publish-github.yml +++ b/.github/workflows/publish-github.yml @@ -7,7 +7,7 @@ on: jobs: goreleaser: name: Publish with GoReleaser - runs-on: macos-latest + runs-on: ubuntu-latest permissions: contents: write steps: @@ -19,24 +19,24 @@ jobs: uses: actions/setup-go@v6 with: go-version-file: 'go.mod' - - name: Import Apple certificate - env: - APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }} - APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} - run: | - CERT_PATH=$RUNNER_TEMP/certificate.p12 - KEYCHAIN_PATH=$RUNNER_TEMP/signing.keychain-db - KEYCHAIN_PASSWORD=$(openssl rand -base64 32) - - echo -n "$APPLE_CERTIFICATE_BASE64" | base64 --decode -o $CERT_PATH - - security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - - security import $CERT_PATH -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - security list-keychain -d user -s $KEYCHAIN_PATH + # - name: Import Apple certificate + # env: + # APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }} + # APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + # run: | + # CERT_PATH=$RUNNER_TEMP/certificate.p12 + # KEYCHAIN_PATH=$RUNNER_TEMP/signing.keychain-db + # KEYCHAIN_PASSWORD=$(openssl rand -base64 32) + # + # echo -n "$APPLE_CERTIFICATE_BASE64" | base64 --decode -o $CERT_PATH + # + # security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + # security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + # security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + # + # security import $CERT_PATH -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + # security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + # security list-keychain -d user -s $KEYCHAIN_PATH - name: Run GoReleaser uses: goreleaser/goreleaser-action@v7 with: @@ -44,104 +44,102 @@ jobs: args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GORELEASER_TOKEN: ${{ secrets.GORELEASER_TOKEN }} - APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - - name: Notarize macOS binaries - env: - APPLE_ID: ${{ secrets.APPLE_ID }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - run: | - for bin in dist/cli_darwin_*/apialerts; do - ZIP_PATH="${bin}.zip" - ditto -c -k "$bin" "$ZIP_PATH" - xcrun notarytool submit "$ZIP_PATH" \ - --apple-id "$APPLE_ID" \ - --password "$APPLE_ID_PASSWORD" \ - --team-id "$APPLE_TEAM_ID" \ - --wait - done - - apt: - name: Publish apt repository - runs-on: ubuntu-latest - needs: goreleaser - permissions: - contents: read - steps: - - name: Install dpkg-dev - run: sudo apt-get install -y dpkg-dev - - - name: Checkout apt repo - uses: actions/checkout@v6 - with: - repository: apialerts/apt - token: ${{ secrets.GORELEASER_TOKEN }} - path: apt-repo - - - name: Download .deb packages from release - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - gh release download ${{ github.event.release.tag_name }} \ - --pattern "*.deb" \ - --dir debs \ - --repo ${{ github.repository }} - - - name: Import GPG key - run: echo "${{ secrets.APT_GPG_PRIVATE_KEY }}" | base64 -d | gpg --batch --import - - - name: Update apt repository - env: - APT_GPG_PASSPHRASE: ${{ secrets.APT_GPG_PASSPHRASE }} - run: | - mkdir -p apt-repo/pool/main/a/apialerts - cp debs/*.deb apt-repo/pool/main/a/apialerts/ - - cd apt-repo - mkdir -p dists/stable/main/binary-amd64 - mkdir -p dists/stable/main/binary-arm64 - - dpkg-scanpackages --arch amd64 pool/ > dists/stable/main/binary-amd64/Packages - gzip -kf dists/stable/main/binary-amd64/Packages - - dpkg-scanpackages --arch arm64 pool/ > dists/stable/main/binary-arm64/Packages - gzip -kf dists/stable/main/binary-arm64/Packages - - gpg --armor --export > key.gpg - - { - echo "Origin: apialerts" - echo "Label: apialerts" - echo "Suite: stable" - echo "Codename: stable" - echo "Architectures: amd64 arm64" - echo "Components: main" - echo "Description: API Alerts apt repository" - echo "Date: $(date -Ru)" - echo "MD5Sum:" - for f in dists/stable/main/binary-*/Packages*; do - printf " %s %s %s\n" "$(md5sum "$f" | cut -d' ' -f1)" "$(wc -c < "$f")" "${f#dists/stable/}" - done - echo "SHA256:" - for f in dists/stable/main/binary-*/Packages*; do - printf " %s %s %s\n" "$(sha256sum "$f" | cut -d' ' -f1)" "$(wc -c < "$f")" "${f#dists/stable/}" - done - } > dists/stable/Release - - gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ - --clearsign -o dists/stable/InRelease dists/stable/Release - gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ - -abs -o dists/stable/Release.gpg dists/stable/Release - - - name: Push apt repo - run: | - cd apt-repo - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - git add . - git diff --staged --quiet || git commit -m "Release ${{ github.event.release.tag_name }}" - git push + # - name: Notarize macOS binaries + # env: + # APPLE_ID: ${{ secrets.APPLE_ID }} + # APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + # APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + # run: | + # for bin in dist/cli_darwin_*/apialerts; do + # ZIP_PATH="${bin}.zip" + # ditto -c -k "$bin" "$ZIP_PATH" + # xcrun notarytool submit "$ZIP_PATH" \ + # --apple-id "$APPLE_ID" \ + # --password "$APPLE_ID_PASSWORD" \ + # --team-id "$APPLE_TEAM_ID" \ + # --wait + # done + + # apt: + # name: Publish apt repository + # runs-on: ubuntu-latest + # needs: goreleaser + # permissions: + # contents: read + # steps: + # - name: Install dpkg-dev + # run: sudo apt-get install -y dpkg-dev + # + # - name: Checkout apt repo + # uses: actions/checkout@v6 + # with: + # repository: apialerts/apt + # token: ${{ secrets.GORELEASER_TOKEN }} + # path: apt-repo + # + # - name: Download .deb packages from release + # env: + # GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # run: | + # gh release download ${{ github.event.release.tag_name }} \ + # --pattern "*.deb" \ + # --dir debs \ + # --repo ${{ github.repository }} + # + # - name: Import GPG key + # run: echo "${{ secrets.APT_GPG_PRIVATE_KEY }}" | base64 -d | gpg --batch --import + # + # - name: Update apt repository + # env: + # APT_GPG_PASSPHRASE: ${{ secrets.APT_GPG_PASSPHRASE }} + # run: | + # mkdir -p apt-repo/pool/main/a/apialerts + # cp debs/*.deb apt-repo/pool/main/a/apialerts/ + # + # cd apt-repo + # mkdir -p dists/stable/main/binary-amd64 + # mkdir -p dists/stable/main/binary-arm64 + # + # dpkg-scanpackages --arch amd64 pool/ > dists/stable/main/binary-amd64/Packages + # gzip -kf dists/stable/main/binary-amd64/Packages + # + # dpkg-scanpackages --arch arm64 pool/ > dists/stable/main/binary-arm64/Packages + # gzip -kf dists/stable/main/binary-arm64/Packages + # + # gpg --armor --export > key.gpg + # + # { + # echo "Origin: apialerts" + # echo "Label: apialerts" + # echo "Suite: stable" + # echo "Codename: stable" + # echo "Architectures: amd64 arm64" + # echo "Components: main" + # echo "Description: API Alerts apt repository" + # echo "Date: $(date -Ru)" + # echo "MD5Sum:" + # for f in dists/stable/main/binary-*/Packages*; do + # printf " %s %s %s\n" "$(md5sum "$f" | cut -d' ' -f1)" "$(wc -c < "$f")" "${f#dists/stable/}" + # done + # echo "SHA256:" + # for f in dists/stable/main/binary-*/Packages*; do + # printf " %s %s %s\n" "$(sha256sum "$f" | cut -d' ' -f1)" "$(wc -c < "$f")" "${f#dists/stable/}" + # done + # } > dists/stable/Release + # + # gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ + # --clearsign -o dists/stable/InRelease dists/stable/Release + # gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ + # -abs -o dists/stable/Release.gpg dists/stable/Release + # + # - name: Push apt repo + # run: | + # cd apt-repo + # git config user.name "github-actions[bot]" + # git config user.email "github-actions[bot]@users.noreply.github.com" + # git add . + # git diff --staged --quiet || git commit -m "Release ${{ github.event.release.tag_name }}" + # git push rpm: name: Publish rpm repository From c0bb1c731a5a62442adc0503e6383578117c46af Mon Sep 17 00:00:00 2001 From: Jared Hall Date: Tue, 7 Apr 2026 02:28:27 +1000 Subject: [PATCH 07/10] restore all deploys --- .github/workflows/publish-github.yml | 232 ++++++++++++++------------- .goreleaser.yaml | 34 ++++ 2 files changed, 151 insertions(+), 115 deletions(-) diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml index c5688bb..78ed924 100644 --- a/.github/workflows/publish-github.yml +++ b/.github/workflows/publish-github.yml @@ -7,7 +7,7 @@ on: jobs: goreleaser: name: Publish with GoReleaser - runs-on: ubuntu-latest + runs-on: macos-latest permissions: contents: write steps: @@ -19,24 +19,24 @@ jobs: uses: actions/setup-go@v6 with: go-version-file: 'go.mod' - # - name: Import Apple certificate - # env: - # APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }} - # APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} - # run: | - # CERT_PATH=$RUNNER_TEMP/certificate.p12 - # KEYCHAIN_PATH=$RUNNER_TEMP/signing.keychain-db - # KEYCHAIN_PASSWORD=$(openssl rand -base64 32) - # - # echo -n "$APPLE_CERTIFICATE_BASE64" | base64 --decode -o $CERT_PATH - # - # security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - # security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - # security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - # - # security import $CERT_PATH -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - # security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - # security list-keychain -d user -s $KEYCHAIN_PATH + - name: Import Apple certificate + env: + APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }} + APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + run: | + CERT_PATH=$RUNNER_TEMP/certificate.p12 + KEYCHAIN_PATH=$RUNNER_TEMP/signing.keychain-db + KEYCHAIN_PASSWORD=$(openssl rand -base64 32) + + echo -n "$APPLE_CERTIFICATE_BASE64" | base64 --decode -o $CERT_PATH + + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + security import $CERT_PATH -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH - name: Run GoReleaser uses: goreleaser/goreleaser-action@v7 with: @@ -44,102 +44,104 @@ jobs: args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # - name: Notarize macOS binaries - # env: - # APPLE_ID: ${{ secrets.APPLE_ID }} - # APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - # APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - # run: | - # for bin in dist/cli_darwin_*/apialerts; do - # ZIP_PATH="${bin}.zip" - # ditto -c -k "$bin" "$ZIP_PATH" - # xcrun notarytool submit "$ZIP_PATH" \ - # --apple-id "$APPLE_ID" \ - # --password "$APPLE_ID_PASSWORD" \ - # --team-id "$APPLE_TEAM_ID" \ - # --wait - # done - - # apt: - # name: Publish apt repository - # runs-on: ubuntu-latest - # needs: goreleaser - # permissions: - # contents: read - # steps: - # - name: Install dpkg-dev - # run: sudo apt-get install -y dpkg-dev - # - # - name: Checkout apt repo - # uses: actions/checkout@v6 - # with: - # repository: apialerts/apt - # token: ${{ secrets.GORELEASER_TOKEN }} - # path: apt-repo - # - # - name: Download .deb packages from release - # env: - # GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # run: | - # gh release download ${{ github.event.release.tag_name }} \ - # --pattern "*.deb" \ - # --dir debs \ - # --repo ${{ github.repository }} - # - # - name: Import GPG key - # run: echo "${{ secrets.APT_GPG_PRIVATE_KEY }}" | base64 -d | gpg --batch --import - # - # - name: Update apt repository - # env: - # APT_GPG_PASSPHRASE: ${{ secrets.APT_GPG_PASSPHRASE }} - # run: | - # mkdir -p apt-repo/pool/main/a/apialerts - # cp debs/*.deb apt-repo/pool/main/a/apialerts/ - # - # cd apt-repo - # mkdir -p dists/stable/main/binary-amd64 - # mkdir -p dists/stable/main/binary-arm64 - # - # dpkg-scanpackages --arch amd64 pool/ > dists/stable/main/binary-amd64/Packages - # gzip -kf dists/stable/main/binary-amd64/Packages - # - # dpkg-scanpackages --arch arm64 pool/ > dists/stable/main/binary-arm64/Packages - # gzip -kf dists/stable/main/binary-arm64/Packages - # - # gpg --armor --export > key.gpg - # - # { - # echo "Origin: apialerts" - # echo "Label: apialerts" - # echo "Suite: stable" - # echo "Codename: stable" - # echo "Architectures: amd64 arm64" - # echo "Components: main" - # echo "Description: API Alerts apt repository" - # echo "Date: $(date -Ru)" - # echo "MD5Sum:" - # for f in dists/stable/main/binary-*/Packages*; do - # printf " %s %s %s\n" "$(md5sum "$f" | cut -d' ' -f1)" "$(wc -c < "$f")" "${f#dists/stable/}" - # done - # echo "SHA256:" - # for f in dists/stable/main/binary-*/Packages*; do - # printf " %s %s %s\n" "$(sha256sum "$f" | cut -d' ' -f1)" "$(wc -c < "$f")" "${f#dists/stable/}" - # done - # } > dists/stable/Release - # - # gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ - # --clearsign -o dists/stable/InRelease dists/stable/Release - # gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ - # -abs -o dists/stable/Release.gpg dists/stable/Release - # - # - name: Push apt repo - # run: | - # cd apt-repo - # git config user.name "github-actions[bot]" - # git config user.email "github-actions[bot]@users.noreply.github.com" - # git add . - # git diff --staged --quiet || git commit -m "Release ${{ github.event.release.tag_name }}" - # git push + GORELEASER_TOKEN: ${{ secrets.GORELEASER_TOKEN }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + - name: Notarize macOS binaries + env: + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + run: | + for bin in dist/cli_darwin_*/apialerts; do + ZIP_PATH="${bin}.zip" + ditto -c -k "$bin" "$ZIP_PATH" + xcrun notarytool submit "$ZIP_PATH" \ + --apple-id "$APPLE_ID" \ + --password "$APPLE_ID_PASSWORD" \ + --team-id "$APPLE_TEAM_ID" \ + --wait + done + + apt: + name: Publish apt repository + runs-on: ubuntu-latest + needs: goreleaser + permissions: + contents: read + steps: + - name: Install dpkg-dev + run: sudo apt-get install -y dpkg-dev + + - name: Checkout apt repo + uses: actions/checkout@v6 + with: + repository: apialerts/apt + token: ${{ secrets.GORELEASER_TOKEN }} + path: apt-repo + + - name: Download .deb packages from release + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh release download ${{ github.event.release.tag_name }} \ + --pattern "*.deb" \ + --dir debs \ + --repo ${{ github.repository }} + + - name: Import GPG key + run: echo "${{ secrets.APT_GPG_PRIVATE_KEY }}" | base64 -d | gpg --batch --import + + - name: Update apt repository + env: + APT_GPG_PASSPHRASE: ${{ secrets.APT_GPG_PASSPHRASE }} + run: | + mkdir -p apt-repo/pool/main/a/apialerts + cp debs/*.deb apt-repo/pool/main/a/apialerts/ + + cd apt-repo + mkdir -p dists/stable/main/binary-amd64 + mkdir -p dists/stable/main/binary-arm64 + + dpkg-scanpackages --arch amd64 pool/ > dists/stable/main/binary-amd64/Packages + gzip -kf dists/stable/main/binary-amd64/Packages + + dpkg-scanpackages --arch arm64 pool/ > dists/stable/main/binary-arm64/Packages + gzip -kf dists/stable/main/binary-arm64/Packages + + gpg --armor --export > key.gpg + + { + echo "Origin: apialerts" + echo "Label: apialerts" + echo "Suite: stable" + echo "Codename: stable" + echo "Architectures: amd64 arm64" + echo "Components: main" + echo "Description: API Alerts apt repository" + echo "Date: $(date -Ru)" + echo "MD5Sum:" + for f in dists/stable/main/binary-*/Packages*; do + printf " %s %s %s\n" "$(md5sum "$f" | cut -d' ' -f1)" "$(wc -c < "$f")" "${f#dists/stable/}" + done + echo "SHA256:" + for f in dists/stable/main/binary-*/Packages*; do + printf " %s %s %s\n" "$(sha256sum "$f" | cut -d' ' -f1)" "$(wc -c < "$f")" "${f#dists/stable/}" + done + } > dists/stable/Release + + gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ + --clearsign -o dists/stable/InRelease dists/stable/Release + gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ + -abs -o dists/stable/Release.gpg dists/stable/Release + + - name: Push apt repo + run: | + cd apt-repo + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add . + git diff --staged --quiet || git commit -m "Release ${{ github.event.release.tag_name }}" + git push rpm: name: Publish rpm repository diff --git a/.goreleaser.yaml b/.goreleaser.yaml index feff300..f299f5e 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -6,14 +6,29 @@ builds: - CGO_ENABLED=0 goos: - linux + - darwin + - windows goarch: - amd64 - arm64 + hooks: + post: + - cmd: >- + {{- if eq .Os "darwin" }} + codesign --force --options runtime --sign "Developer ID Application: Jared Hall ({{ .Env.APPLE_TEAM_ID }})" --timestamp "{{ .Path }}" + {{- else }} + true + {{- end }} + output: true archives: - name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" formats: - tar.gz + format_overrides: + - goos: windows + formats: + - zip checksum: name_template: "checksums.txt" @@ -27,7 +42,26 @@ nfpms: description: API Alerts CLI — send events from your terminal license: MIT formats: + - deb - rpm +homebrew_casks: + - name: apialerts + repository: + owner: apialerts + name: homebrew-tap + token: "{{ .Env.GORELEASER_TOKEN }}" + homepage: "https://apialerts.com" + description: "API Alerts CLI — send events from your terminal" + +scoops: + - name: apialerts + repository: + owner: apialerts + name: scoop-bucket + token: "{{ .Env.GORELEASER_TOKEN }}" + homepage: "https://apialerts.com" + description: "API Alerts CLI — send events from your terminal" + changelog: sort: asc From beb234a6bff02b81ddb6a474fb8b3b0954c30fd8 Mon Sep 17 00:00:00 2001 From: Jared Hall Date: Tue, 7 Apr 2026 02:32:33 +1000 Subject: [PATCH 08/10] sign rpm - temp disable other builds --- .github/workflows/publish-github.yml | 132 +++------------------------ .goreleaser.yaml | 34 ------- 2 files changed, 14 insertions(+), 152 deletions(-) diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml index 78ed924..d24cc50 100644 --- a/.github/workflows/publish-github.yml +++ b/.github/workflows/publish-github.yml @@ -7,7 +7,7 @@ on: jobs: goreleaser: name: Publish with GoReleaser - runs-on: macos-latest + runs-on: ubuntu-latest permissions: contents: write steps: @@ -19,24 +19,6 @@ jobs: uses: actions/setup-go@v6 with: go-version-file: 'go.mod' - - name: Import Apple certificate - env: - APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }} - APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} - run: | - CERT_PATH=$RUNNER_TEMP/certificate.p12 - KEYCHAIN_PATH=$RUNNER_TEMP/signing.keychain-db - KEYCHAIN_PASSWORD=$(openssl rand -base64 32) - - echo -n "$APPLE_CERTIFICATE_BASE64" | base64 --decode -o $CERT_PATH - - security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - - security import $CERT_PATH -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - security list-keychain -d user -s $KEYCHAIN_PATH - name: Run GoReleaser uses: goreleaser/goreleaser-action@v7 with: @@ -44,104 +26,6 @@ jobs: args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GORELEASER_TOKEN: ${{ secrets.GORELEASER_TOKEN }} - APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - - name: Notarize macOS binaries - env: - APPLE_ID: ${{ secrets.APPLE_ID }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - run: | - for bin in dist/cli_darwin_*/apialerts; do - ZIP_PATH="${bin}.zip" - ditto -c -k "$bin" "$ZIP_PATH" - xcrun notarytool submit "$ZIP_PATH" \ - --apple-id "$APPLE_ID" \ - --password "$APPLE_ID_PASSWORD" \ - --team-id "$APPLE_TEAM_ID" \ - --wait - done - - apt: - name: Publish apt repository - runs-on: ubuntu-latest - needs: goreleaser - permissions: - contents: read - steps: - - name: Install dpkg-dev - run: sudo apt-get install -y dpkg-dev - - - name: Checkout apt repo - uses: actions/checkout@v6 - with: - repository: apialerts/apt - token: ${{ secrets.GORELEASER_TOKEN }} - path: apt-repo - - - name: Download .deb packages from release - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - gh release download ${{ github.event.release.tag_name }} \ - --pattern "*.deb" \ - --dir debs \ - --repo ${{ github.repository }} - - - name: Import GPG key - run: echo "${{ secrets.APT_GPG_PRIVATE_KEY }}" | base64 -d | gpg --batch --import - - - name: Update apt repository - env: - APT_GPG_PASSPHRASE: ${{ secrets.APT_GPG_PASSPHRASE }} - run: | - mkdir -p apt-repo/pool/main/a/apialerts - cp debs/*.deb apt-repo/pool/main/a/apialerts/ - - cd apt-repo - mkdir -p dists/stable/main/binary-amd64 - mkdir -p dists/stable/main/binary-arm64 - - dpkg-scanpackages --arch amd64 pool/ > dists/stable/main/binary-amd64/Packages - gzip -kf dists/stable/main/binary-amd64/Packages - - dpkg-scanpackages --arch arm64 pool/ > dists/stable/main/binary-arm64/Packages - gzip -kf dists/stable/main/binary-arm64/Packages - - gpg --armor --export > key.gpg - - { - echo "Origin: apialerts" - echo "Label: apialerts" - echo "Suite: stable" - echo "Codename: stable" - echo "Architectures: amd64 arm64" - echo "Components: main" - echo "Description: API Alerts apt repository" - echo "Date: $(date -Ru)" - echo "MD5Sum:" - for f in dists/stable/main/binary-*/Packages*; do - printf " %s %s %s\n" "$(md5sum "$f" | cut -d' ' -f1)" "$(wc -c < "$f")" "${f#dists/stable/}" - done - echo "SHA256:" - for f in dists/stable/main/binary-*/Packages*; do - printf " %s %s %s\n" "$(sha256sum "$f" | cut -d' ' -f1)" "$(wc -c < "$f")" "${f#dists/stable/}" - done - } > dists/stable/Release - - gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ - --clearsign -o dists/stable/InRelease dists/stable/Release - gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ - -abs -o dists/stable/Release.gpg dists/stable/Release - - - name: Push apt repo - run: | - cd apt-repo - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - git add . - git diff --staged --quiet || git commit -m "Release ${{ github.event.release.tag_name }}" - git push rpm: name: Publish rpm repository @@ -151,7 +35,7 @@ jobs: contents: read steps: - name: Install createrepo - run: sudo apt-get install -y createrepo-c + run: sudo apt-get install -y createrepo-c rpm - name: Checkout rpm repo uses: actions/checkout@v6 @@ -181,6 +65,18 @@ jobs: gpg --armor --export > rpm-repo/key.gpg + # Sign each .rpm package + echo "$APT_GPG_PASSPHRASE" > /tmp/gpg-passphrase + cat > ~/.rpmmacros < +%__gpg_sign_cmd %{__gpg} gpg --batch --no-verbose --no-armor --pinentry-mode loopback --passphrase-file /tmp/gpg-passphrase --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename} +EOF + for rpm_file in rpm-repo/packages/*.rpm; do + rpmsign --addsign "$rpm_file" + done + rm /tmp/gpg-passphrase + createrepo_c rpm-repo/ gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ diff --git a/.goreleaser.yaml b/.goreleaser.yaml index f299f5e..feff300 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -6,29 +6,14 @@ builds: - CGO_ENABLED=0 goos: - linux - - darwin - - windows goarch: - amd64 - arm64 - hooks: - post: - - cmd: >- - {{- if eq .Os "darwin" }} - codesign --force --options runtime --sign "Developer ID Application: Jared Hall ({{ .Env.APPLE_TEAM_ID }})" --timestamp "{{ .Path }}" - {{- else }} - true - {{- end }} - output: true archives: - name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" formats: - tar.gz - format_overrides: - - goos: windows - formats: - - zip checksum: name_template: "checksums.txt" @@ -42,26 +27,7 @@ nfpms: description: API Alerts CLI — send events from your terminal license: MIT formats: - - deb - rpm -homebrew_casks: - - name: apialerts - repository: - owner: apialerts - name: homebrew-tap - token: "{{ .Env.GORELEASER_TOKEN }}" - homepage: "https://apialerts.com" - description: "API Alerts CLI — send events from your terminal" - -scoops: - - name: apialerts - repository: - owner: apialerts - name: scoop-bucket - token: "{{ .Env.GORELEASER_TOKEN }}" - homepage: "https://apialerts.com" - description: "API Alerts CLI — send events from your terminal" - changelog: sort: asc From 0a7cd4539894dbe129d299d5a3d250b67d2d3c21 Mon Sep 17 00:00:00 2001 From: Jared Hall Date: Tue, 7 Apr 2026 02:37:00 +1000 Subject: [PATCH 09/10] fix yml --- .github/workflows/publish-github.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml index d24cc50..2acd6aa 100644 --- a/.github/workflows/publish-github.yml +++ b/.github/workflows/publish-github.yml @@ -67,11 +67,7 @@ jobs: # Sign each .rpm package echo "$APT_GPG_PASSPHRASE" > /tmp/gpg-passphrase - cat > ~/.rpmmacros < -%__gpg_sign_cmd %{__gpg} gpg --batch --no-verbose --no-armor --pinentry-mode loopback --passphrase-file /tmp/gpg-passphrase --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename} -EOF + printf '%%_signature gpg\n%%_gpg_name API Alerts \n%%__gpg_sign_cmd %%{__gpg} gpg --batch --no-verbose --no-armor --pinentry-mode loopback --passphrase-file /tmp/gpg-passphrase --no-secmem-warning -u "%%{_gpg_name}" -sbo %%{__signature_filename} %%{__plaintext_filename}\n' > ~/.rpmmacros for rpm_file in rpm-repo/packages/*.rpm; do rpmsign --addsign "$rpm_file" done From d7b87a68b97bb255256c0a3333be6fc1574036fa Mon Sep 17 00:00:00 2001 From: Jared Hall Date: Tue, 7 Apr 2026 02:50:19 +1000 Subject: [PATCH 10/10] v1.2.3 - revert to keep all builds: go, apt, rpm, windows, mac --- .github/workflows/publish-github.yml | 119 ++++++++++++++++++++++++++- .goreleaser.yaml | 34 ++++++++ cmd/constants.go | 2 +- 3 files changed, 152 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml index 2acd6aa..faaebdd 100644 --- a/.github/workflows/publish-github.yml +++ b/.github/workflows/publish-github.yml @@ -7,7 +7,7 @@ on: jobs: goreleaser: name: Publish with GoReleaser - runs-on: ubuntu-latest + runs-on: macos-latest permissions: contents: write steps: @@ -19,6 +19,24 @@ jobs: uses: actions/setup-go@v6 with: go-version-file: 'go.mod' + - name: Import Apple certificate + env: + APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }} + APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + run: | + CERT_PATH=$RUNNER_TEMP/certificate.p12 + KEYCHAIN_PATH=$RUNNER_TEMP/signing.keychain-db + KEYCHAIN_PASSWORD=$(openssl rand -base64 32) + + echo -n "$APPLE_CERTIFICATE_BASE64" | base64 --decode -o $CERT_PATH + + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + security import $CERT_PATH -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH - name: Run GoReleaser uses: goreleaser/goreleaser-action@v7 with: @@ -26,6 +44,104 @@ jobs: args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GORELEASER_TOKEN: ${{ secrets.GORELEASER_TOKEN }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + - name: Notarize macOS binaries + env: + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + run: | + for bin in dist/cli_darwin_*/apialerts; do + ZIP_PATH="${bin}.zip" + ditto -c -k "$bin" "$ZIP_PATH" + xcrun notarytool submit "$ZIP_PATH" \ + --apple-id "$APPLE_ID" \ + --password "$APPLE_ID_PASSWORD" \ + --team-id "$APPLE_TEAM_ID" \ + --wait + done + + apt: + name: Publish apt repository + runs-on: ubuntu-latest + needs: goreleaser + permissions: + contents: read + steps: + - name: Install dpkg-dev + run: sudo apt-get install -y dpkg-dev + + - name: Checkout apt repo + uses: actions/checkout@v6 + with: + repository: apialerts/apt + token: ${{ secrets.GORELEASER_TOKEN }} + path: apt-repo + + - name: Download .deb packages from release + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh release download ${{ github.event.release.tag_name }} \ + --pattern "*.deb" \ + --dir debs \ + --repo ${{ github.repository }} + + - name: Import GPG key + run: echo "${{ secrets.APT_GPG_PRIVATE_KEY }}" | base64 -d | gpg --batch --import + + - name: Update apt repository + env: + APT_GPG_PASSPHRASE: ${{ secrets.APT_GPG_PASSPHRASE }} + run: | + mkdir -p apt-repo/pool/main/a/apialerts + cp debs/*.deb apt-repo/pool/main/a/apialerts/ + + cd apt-repo + mkdir -p dists/stable/main/binary-amd64 + mkdir -p dists/stable/main/binary-arm64 + + dpkg-scanpackages --arch amd64 pool/ > dists/stable/main/binary-amd64/Packages + gzip -kf dists/stable/main/binary-amd64/Packages + + dpkg-scanpackages --arch arm64 pool/ > dists/stable/main/binary-arm64/Packages + gzip -kf dists/stable/main/binary-arm64/Packages + + gpg --armor --export > key.gpg + + { + echo "Origin: apialerts" + echo "Label: apialerts" + echo "Suite: stable" + echo "Codename: stable" + echo "Architectures: amd64 arm64" + echo "Components: main" + echo "Description: API Alerts apt repository" + echo "Date: $(date -Ru)" + echo "MD5Sum:" + for f in dists/stable/main/binary-*/Packages*; do + printf " %s %s %s\n" "$(md5sum "$f" | cut -d' ' -f1)" "$(wc -c < "$f")" "${f#dists/stable/}" + done + echo "SHA256:" + for f in dists/stable/main/binary-*/Packages*; do + printf " %s %s %s\n" "$(sha256sum "$f" | cut -d' ' -f1)" "$(wc -c < "$f")" "${f#dists/stable/}" + done + } > dists/stable/Release + + gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ + --clearsign -o dists/stable/InRelease dists/stable/Release + gpg --batch --yes --pinentry-mode loopback --passphrase "$APT_GPG_PASSPHRASE" \ + -abs -o dists/stable/Release.gpg dists/stable/Release + + - name: Push apt repo + run: | + cd apt-repo + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add . + git diff --staged --quiet || git commit -m "Release ${{ github.event.release.tag_name }}" + git push rpm: name: Publish rpm repository @@ -65,7 +181,6 @@ jobs: gpg --armor --export > rpm-repo/key.gpg - # Sign each .rpm package echo "$APT_GPG_PASSPHRASE" > /tmp/gpg-passphrase printf '%%_signature gpg\n%%_gpg_name API Alerts \n%%__gpg_sign_cmd %%{__gpg} gpg --batch --no-verbose --no-armor --pinentry-mode loopback --passphrase-file /tmp/gpg-passphrase --no-secmem-warning -u "%%{_gpg_name}" -sbo %%{__signature_filename} %%{__plaintext_filename}\n' > ~/.rpmmacros for rpm_file in rpm-repo/packages/*.rpm; do diff --git a/.goreleaser.yaml b/.goreleaser.yaml index feff300..f299f5e 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -6,14 +6,29 @@ builds: - CGO_ENABLED=0 goos: - linux + - darwin + - windows goarch: - amd64 - arm64 + hooks: + post: + - cmd: >- + {{- if eq .Os "darwin" }} + codesign --force --options runtime --sign "Developer ID Application: Jared Hall ({{ .Env.APPLE_TEAM_ID }})" --timestamp "{{ .Path }}" + {{- else }} + true + {{- end }} + output: true archives: - name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" formats: - tar.gz + format_overrides: + - goos: windows + formats: + - zip checksum: name_template: "checksums.txt" @@ -27,7 +42,26 @@ nfpms: description: API Alerts CLI — send events from your terminal license: MIT formats: + - deb - rpm +homebrew_casks: + - name: apialerts + repository: + owner: apialerts + name: homebrew-tap + token: "{{ .Env.GORELEASER_TOKEN }}" + homepage: "https://apialerts.com" + description: "API Alerts CLI — send events from your terminal" + +scoops: + - name: apialerts + repository: + owner: apialerts + name: scoop-bucket + token: "{{ .Env.GORELEASER_TOKEN }}" + homepage: "https://apialerts.com" + description: "API Alerts CLI — send events from your terminal" + changelog: sort: asc diff --git a/cmd/constants.go b/cmd/constants.go index b207bb2..71a44f4 100644 --- a/cmd/constants.go +++ b/cmd/constants.go @@ -2,5 +2,5 @@ package cmd const ( IntegrationName = "apialerts-cli" - Version = "1.2.1" + Version = "1.2.3" )