Conversation
…to run, and does nothing without returning errors if the file was already deleted
MuweiHe
left a comment
MuweiHe
left a comment
There was a problem hiding this comment.
Thanks! We shouldve fixed those hardcoded paths long ago... There're also a lot of hardcoded paths in release targets too (like coping stuff from local to s3) that we can follow up as well.
.goreleaser.yml
Outdated
| post: | ||
| - cmd: make download-licenses | ||
| - cmd: gon gon_confluent_amd64.hcl | ||
| - cmd: ./gon_filepath_editor.sh {{ .Path }} gon_confluent_amd64.hcl |
There was a problem hiding this comment.
Can we put all of the gon files in a scripts/ directory? There's a lot of them now and I think that's the best place for them... https://github.com/golang-standards/project-layout#scripts
There was a problem hiding this comment.
Sure. I can also move the new sh file and the build_linux_glibc file in there too
There was a problem hiding this comment.
Also, I just realized... by removing the hardcoded path from the gon files, they're now identical. So I can replace them with one.
| echo "BUILDING FOR DARWIN, WINDOWS, AND ALPINE LINUX" && \ | ||
| GO111MODULE=off go get -u github.com/inconshreveable/mousetrap && \ | ||
| GOPRIVATE=github.com/confluentinc VERSION=$(VERSION) HOSTNAME="$(HOSTNAME)" GITHUB_TOKEN=$(token) S3FOLDER=$(S3_STAG_FOLDER_NAME)/confluent-cli goreleaser release --rm-dist --timeout 60m -f .goreleaser.yml; \ | ||
| rm -f CLIEVCodeSigningCertificate2.pfx && \ |
There was a problem hiding this comment.
Forgot to mention: this change is to add redundancy in the case where goreleaser errors out before it can run the post-hook to remove this file.
There was a problem hiding this comment.
Let's only remove this if it exists then?
There was a problem hiding this comment.
Alternatively, we could add the file to .gitignore and the make clean target, just in case it doesn't get cleaned up automatically.
There was a problem hiding this comment.
The -f flag removes it if it exists and does nothing w/o error if it doesn't.
I think this is enough. It should always be removed now unless the process is stopped with ctrl+c.
There was a problem hiding this comment.
cool, didn't know about -f!
3 participants
Checklist
N/A
What
Newer versions of goreleaser append a GOAMD64 microarchitecture value to the build directory name in
distfor amd64 builds. The default is_v1, which is the same microarchitecture as builds using older versions. This convention change causes Windows and Darwin signing/notarization to fail because the paths to the binaries are hardcoded into the.goreleaser.ymlandgon_confluent_amd64.hclfiles.This PR updates the signing lines to account for this.
{{ .Path }}, which is a goreleaser variable available to the hook storing the absolute path to the binary..hclfile. Since modifying the.hcldirectly results in a dirty repo, a post hook makes a copy inside thedistfolder (which is in.gitignore) and another post hook calls the newgon_filepath_editor.shscript which uses{{ .Path }}to update the copy.sedcommand to work directly in a post hook; that's why I made it into a scriptThe reason for using
{{ .Path }}instead of hardcoding the new convention (and for modifying the arm64 signing even though the folder name hasn't changed) is because the Goreleaser docs note that there is no guarantee that conventions will not change in future versions. So we remove all assumptions on what the naming convention is.Test & Review
release-to-stag.exeand.zip(and extracted from the zip) from S3 staging folder & github release and checked that they're all signed correctly with.osslsigncode verify path/to/binarycodesign -dv --verbose=4 path/to/binary