diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9efb9a02..1424ec8f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,10 +1,19 @@ -name: goreleaser - +# This GitHub action can publish assets for release when a tag is created. +# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0). +# +# This uses an action (paultyng/ghaction-import-gpg) that assumes you set your +# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE` +# secret. If you would rather own your own GPG handling, please fork this action +# or use an alternative one for key handling. +# +# You will need to pass the `--batch` flag to `gpg` in your signing step +# in `goreleaser` to indicate this is being used in a non-interactive mode. +# +name: release on: push: tags: - - '*' - + - 'v*' jobs: goreleaser: runs-on: ubuntu-latest @@ -17,14 +26,22 @@ jobs: run: git fetch --prune --unshallow - name: Set up Go - uses: actions/setup-go@v1 + uses: actions/setup-go@v2 with: - go-version: 1.14.x + go-version: 1.14 + - + name: Import GPG key + id: import_gpg + uses: paultyng/ghaction-import-gpg@v2.1.0 + env: + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + PASSPHRASE: ${{ secrets.PASSPHRASE }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v1 + uses: goreleaser/goreleaser-action@v2 with: version: latest - args: release --rm-dist + args: release --parallelism 2 --rm-dist env: + GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.goreleaser.yml b/.goreleaser.yml index 7741f35a..77d63556 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -1,23 +1,54 @@ +# Visit https://goreleaser.com for documentation on how to customize this +# behavior. before: hooks: - - go mod download + # this is just an example and not a requirement for provider building/publishing + - go mod tidy builds: - env: - - CGO_ENABLED=0 + # goreleaser does not work with CGO, it could also complicate + # usage by users in CI/CD systems like Terraform Cloud where + # they are unable to install libraries. + - CGO_ENABLED=0 + mod_timestamp: '{{ .CommitTimestamp }}' + flags: + - -trimpath + ldflags: + - '-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}' goos: + - freebsd + - windows - linux - darwin - - windows goarch: - - 386 - amd64 + - '386' + - arm + - arm64 + ignore: + - goos: darwin + goarch: '386' + binary: '{{ .ProjectName }}_v{{ .Version }}' +archives: +- format: zip + name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}' checksum: - name_template: 'checksums.txt' -snapshot: - name_template: "{{ .Tag }}-next" + name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS' + algorithm: sha256 +signs: + - artifacts: checksum + args: + # if you are using this in a GitHub action or some other automated pipeline, you + # need to pass the batch flag to indicate its not interactive. + - "--batch" + - "--local-user" + - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key + - "--output" + - "${signature}" + - "--detach-sign" + - "${artifact}" +release: + # If you want to manually examine the release before its live, uncomment this line: + # draft: true changelog: - sort: asc - filters: - exclude: - - '^docs:' - - '^test:' + skip: true