fix: move release please to release branches

.aliases

@@ -1,17 +1,9 @@
 #!/bin/env sh
 alias gs='git status'
 alias gd='git diff'
+alias gc='git checkout'
 alias tf='terraform'
-alias tfa='if [ -f ssh_key ]; then chmod 600 ssh_key && ssh-add ssh_key; fi; terraform init; terraform apply --auto-approve'
+alias tfa='terraform apply --auto-approve'
 alias tfd='terraform destroy --auto-approve'
-alias tfp='terraform init || terraform providers && terraform validate && terraform plan'
-alias tfr='terraform destroy --auto-approve;if [ -f ssh_key ]; then chmod 600 ssh_key && ssh-add ssh_key; fi; terraform init; terraform apply --auto-approve'
-alias tfl='terraform state list'
 alias k='kubectl'
-alias tt='run_tests'
-# expects AGE_ variables to be set, see .variables and .rcs
-alias es='encrypt_secrets' # looks in the secret file list and converts the files into encrypted ones, see .functions
-alias ds='decrypt_secrets' # looks in the secret file list and converts all the encrtypted files in to unencrypted ones, see .functions
-alias ef='encrypt_file' # see .functions
-alias cl='clear_local' # clears all of the temporary files from the directory, see .functions
 alias sc='shell_check' # runs shellcheck -x on all files with a shbang

.github/CODEOWNERS

@@ -1 +1 @@
-* @rancher/k3s
+* @rancher/terraform-maintainers

.github/pull_request_template.md

@@ -1,16 +1,30 @@
+## Backport
+
+Is this a cherry-picked backport from the default branch?
+If so, please delete all other sections and complete the sentence below:
+
+Cherry-pick #1236 (main PR) to release/v1 (release branch)
+Addresses #1235 (backport issue) for #1234 (main issue)
+
+
 ## Related Issue
 
-Fixes # <!-- INSERT ISSUE NUMBER -->
+If this PR will target main,
+please complete the below sentence and add labels for each version this should be released to.
+
+Addresses #1234 (main issue)
+This should be backported to release/v0, release/v1 (comma separated list of target release branches)
 
 ## Description
 
-In plain English, describe your approach to addressing the issue linked above. For example, if you made a particular design decision, let us know why you chose this path instead of another solution.
+Describe your approach to addressing the issue linked above.
+For example, if you made a particular design decision, let us know why you chose this path.
 
-<!-- heimdall_github_prtemplate:grc-pci_dss-2024-01-05 -->
-## Rollback Plan
+## Testing
 
-- [ ] If a change needs to be reverted, we will roll out an update to the code within 7 days.
+Please describe how you verified this change or why testing isn't relevant.
 
-## Changes to Security Controls
+## Breaking
 
-Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.
+Does this change alter an interface that users of the provider will need to adjust to?
+Will there be any existing configurations broken by this change?

.github/workflows/release.yml

@@ -3,7 +3,8 @@ name: release
 on:
   push:
     branches:
-    - main
+    - release/v0
+    - release/v1
 
 permissions: write-all
 
@@ -76,6 +77,44 @@ jobs:
               repo: "${{ github.event.repository.name }}",
               body: "Tests Failed!"
             })
+      - name: retrieve GPG Credentials
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/rancher/${{ github.repository }}/signing/gpg passphrase | GPG_PASSPHRASE ;
+            secret/data/github/repo/rancher/${{ github.repository }}/signing/gpg privateKeyId | GPG_KEY_ID;
+            secret/data/github/repo/rancher/${{ github.repository }}/signing/gpg privateKey | GPG_KEY;
+      - name: import_gpg_key
+        if: steps.release-please.outputs.pr && (steps.run-unit-tests.conclusion == 'success') && (steps.run-acc-tests.conclusion == 'success')
+        env:
+          GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
+          GPG_KEY_ID: ${{ env.GPG_KEY_ID }}
+          GPG_KEY: ${{ env.GPG_KEY }}
+        run: |
+          cleanup() {
+            # clear history just in case
+            history -c
+          }
+          trap cleanup EXIT TERM
+
+          # sanitize variables
+          if [ -z "${GPG_PASSPHRASE}" ]; then echo "gpg passphrase empty"; exit 1; fi
+          if [ -z "${GPG_KEY_ID}" ]; then echo "key id empty"; exit 1; fi
+          if [ -z "${GPG_KEY}" ]; then echo "key contents empty"; exit 1; fi
+
+          echo "Importing gpg key"
+          echo "${GPG_KEY}" | gpg --import --batch > /dev/null || { echo "Failed to import GPG key"; exit 1; }
+      - name: Run GoReleaser
+        if: steps.release-please.outputs.pr && (steps.run-unit-tests.conclusion == 'success') && (steps.run-acc-tests.conclusion == 'success')
+        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 https://github.com/goreleaser/goreleaser-action
+        with:
+          args: release --snapshot --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_KEY_ID: ${{ env.GPG_KEY_ID }}
+          GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
+
+
       # These run after release-please generates a release, so when the release PR is merged
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         if: steps.release-please.outputs.version
@@ -95,7 +134,6 @@ jobs:
             secret/data/github/repo/rancher/${{ github.repository }}/signing/gpg privateKey | GPG_KEY;
       - name: import_gpg_key
         if: steps.release-please.outputs.version
-        id: import_gpg_key
         env:
           GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
           GPG_KEY_ID: ${{ env.GPG_KEY_ID }}
@@ -106,10 +144,12 @@ jobs:
             history -c
           }
           trap cleanup EXIT TERM
+
           # sanitize variables
           if [ -z "${GPG_PASSPHRASE}" ]; then echo "gpg passphrase empty"; exit 1; fi
           if [ -z "${GPG_KEY_ID}" ]; then echo "key id empty"; exit 1; fi
           if [ -z "${GPG_KEY}" ]; then echo "key contents empty"; exit 1; fi
+
           echo "Importing gpg key"
           echo "${GPG_KEY}" | gpg --import --batch > /dev/null || { echo "Failed to import GPG key"; exit 1; }
       - name: Run GoReleaser

.goreleaser.yml

@@ -1,11 +1,10 @@
 # Copyright (c) HashiCorp, Inc.
 
-# Visit https://goreleaser.com for documentation on how to customize this
-# behavior.
+# https://goreleaser.com for documentation
+
 version: 2
 before:
   hooks:
-    # this is just an example and not a requirement for provider building/publishing
     - go mod tidy
 builds:
 - env:
@@ -25,12 +24,8 @@ builds:
     - darwin
   goarch:
     - amd64
-    - '386'
     - arm
     - arm64
-  ignore:
-    - goos: darwin
-      goarch: '386'
   binary: '{{ .ProjectName }}_v{{ .Version }}'
 archives:
   - formats: [ 'zip' ]
@@ -55,6 +50,10 @@ signs:
       - "${signature}"
       - "--sign"
       - "${artifact}"
+snapshot:
+  # "snapshot" is the type of release we use for release candidates
+  #  that are generated when a release branch gets a new merge
+  name_template: "{{ .ProjectName }}_{{ .ShortCommit }}"
 release:
   extra_files:
     - glob: 'terraform-registry-manifest.json'