diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000000..0ba3650a78 --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +CLIEVCodeSigningCertificate2.pfx \ No newline at end of file diff --git a/.gitignore b/.gitignore index ca7feeb8bd..259e752d24 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ +CLIEVCodeSigningCertificate2.pfx + /dist/ /docs/ /legal/ diff --git a/.goreleaser-windows.yml b/.goreleaser-windows.yml new file mode 100644 index 0000000000..4af3daaf40 --- /dev/null +++ b/.goreleaser-windows.yml @@ -0,0 +1,84 @@ +project_name: confluent + +dist: prebuilt + +builds: + - id: confluent-windows-amd64 + binary: confluent + main: cmd/confluent/main.go + ldflags: + - -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -buildmode=exe + gcflags: + - all=-trimpath={{.Env.HOME}}/git + asmflags: + - all=-trimpath={{.Env.HOME}}/git + env: + - CGO_ENABLED=1 + - CC=x86_64-w64-mingw32-gcc + - CXX=x86_64-w64-mingw32-g++ + - CGO_LDFLAGS=${CGO_LDFLAGS} -static + goos: + - windows + goarch: + - amd64 + hooks: + post: + - cmd: osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 /run/secrets/CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out /sign-temp/confluent.exe + - cmd: rm -f {{ .Path }} + - cmd: mv /sign-temp/confluent.exe {{ .Path }} + - id: confluent-windows-amd64-disableupdates + binary: confluent + main: cmd/confluent/main.go + ldflags: + - -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -X main.disableUpdates=true -buildmode=exe + gcflags: + - all=-trimpath={{.Env.HOME}}/git + asmflags: + - all=-trimpath={{.Env.HOME}}/git + env: + - CGO_ENABLED=1 + - CC=x86_64-w64-mingw32-gcc + - CXX=x86_64-w64-mingw32-g++ + - CGO_LDFLAGS=${CGO_LDFLAGS} -static + goos: + - windows + goarch: + - amd64 + hooks: + post: + - cmd: osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 /run/secrets/CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out /sign-temp-disableupdates/confluent.exe + - cmd: rm -f {{ .Path }} + - cmd: mv /sign-temp-disableupdates/confluent.exe {{ .Path }} + +release: + disable: true + +archives: + - id: archive-disableupdates + format: zip + builds: + - confluent-windows-amd64-disableupdates + name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}_disableupdates" + wrap_in_directory: "{{ .ProjectName }}" + files: + - LICENSE + - legal/**/* + +chocolateys: + - name: confluent + ids: + - archive-disableupdates + owners: confluentinc + title: Confluent CLI + authors: Confluent Inc. + project_url: https://docs.confluent.io/confluent-cli/current/overview.html + url_template: "https://s3-us-west-2.amazonaws.com/confluent.cloud/confluent-cli/archives/{{ .Version }}/{{ .ArtifactName }}" + copyright: 2023 Confluent Inc. + license_url: https://github.com/confluentinc/cli/blob/main/LICENSE + require_license_acceptance: false + project_source_url: https://github.com/confluentinc/cli + bug_tracker_url: https://github.com/confluentinc/cli/issues + summary: CLI for Confluent Cloud and Confluent Platform + description: CLI for Confluent Cloud and Confluent Platform + release_notes: https://docs.confluent.io/confluent-cli/current/release-notes.html + skip_publish: true diff --git a/.goreleaser.yml b/.goreleaser.yml index 88cb8097c1..bdb2a91f20 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -153,31 +153,15 @@ builds: prebuilt: path: "prebuilt/confluent-{{ .Os }}-{{ .Arch }}-disableupdates_{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/confluent" - id: confluent-windows-amd64 - binary: confluent - main: cmd/confluent/main.go - ldflags: - - -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -buildmode=exe - gcflags: - - all=-trimpath={{.Env.HOME}}/git - asmflags: - - all=-trimpath={{.Env.HOME}}/git - env: - - CGO_ENABLED=1 - - CC=x86_64-w64-mingw32-gcc - - CXX=x86_64-w64-mingw32-g++ - - CGO_LDFLAGS=${CGO_LDFLAGS} -static + builder: prebuilt goos: - windows goarch: - amd64 - hooks: - pre: - - cmd: az login - - cmd: az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEVCodeSigningCertificate2 --subscription cc-prod --vault-name CLICodeSigningKeyVault --encoding base64 - - cmd: xattr -dr com.apple.quarantine ./lib/osslsigncode - post: - - cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} - - cmd: rm CLIEVCodeSigningCertificate2.pfx + goamd64: + - v1 + prebuilt: + path: "prebuilt/confluent-{{ .Os }}-{{ .Arch }}_{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/confluent.exe" archives: - id: archive @@ -310,4 +294,4 @@ brews: homepage: https://docs.confluent.io/confluent-cli/current/overview.html description: CLI for Confluent Cloud and Confluent Platform skip_upload: "{{ .Env.DRY_RUN }}" - test: system "#{bin}/confluent version" \ No newline at end of file + test: system "#{bin}/confluent version" diff --git a/docker/Dockerfile_windows_amd64 b/docker/Dockerfile_windows_amd64 new file mode 100644 index 0000000000..b71037d441 --- /dev/null +++ b/docker/Dockerfile_windows_amd64 @@ -0,0 +1,13 @@ +FROM --platform=linux/amd64 050879227952.dkr.ecr.us-west-1.amazonaws.com/confluentinc/cli-ubuntu-base-windows-amd64:latest + +COPY . /cli/ + +RUN export GO_VERSION=$(cat /cli/.go-version) && \ + wget "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" && \ + sudo tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz" + +ENV PATH=${PATH}:/usr/local/go/bin:/root/go/bin + +RUN --mount=type=secret,id=CLIEVCodeSigningCertificate2.pfx \ + cd /cli && \ + make gorelease-windows-amd64 diff --git a/docker/Dockerfile_windows_amd64_base b/docker/Dockerfile_windows_amd64_base new file mode 100644 index 0000000000..ea965574a1 --- /dev/null +++ b/docker/Dockerfile_windows_amd64_base @@ -0,0 +1,30 @@ +FROM --platform=linux/amd64 ubuntu:jammy-20231211.1 + +RUN apt update + +RUN apt -y install make sudo + +RUN sudo apt -y install git wget build-essential curl mingw-w64 ca-certificates gnupg osslsigncode + +# The official choco linux image does not have a new enough mingw-w64 version to successfully cross compile the CLI +# So we build & install choco from source on Ubuntu Jammy (which is able to compile the CLI) +# mono is required to run choco & .NET is required to build it +# https://github.com/chocolatey/choco#other-platforms +RUN sudo gpg --homedir /tmp --no-default-keyring --keyring /usr/share/keyrings/mono-official-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \ + echo "deb [signed-by=/usr/share/keyrings/mono-official-archive-keyring.gpg] https://download.mono-project.com/repo/ubuntu stable-focal main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list && \ + sudo apt update && \ + sudo apt -y install mono-devel + +RUN sudo apt install -y dotnet-sdk-7.0 aspnetcore-runtime-7.0 + +RUN git clone https://github.com/chocolatey/choco.git && \ + cd /choco && \ + git checkout 2.2.2 && \ + ./build.sh && \ + cp -r ./code_drop/temp/_PublishedApps/choco /opt/chocolatey && \ + mkdir /opt/chocolatey/lib && \ + cp ./docker/choco_wrapper /usr/local/bin/choco + +ENV ChocolateyInstall=/opt/chocolatey + +RUN mkdir -p /cli /sign-temp /sign-temp-disableupdates diff --git a/lib/osslsigncode b/lib/osslsigncode deleted file mode 100755 index f81c3f36c1..0000000000 Binary files a/lib/osslsigncode and /dev/null differ diff --git a/mk-files/release.mk b/mk-files/release.mk index 6fb1c7a686..73668904b1 100644 --- a/mk-files/release.mk +++ b/mk-files/release.mk @@ -71,6 +71,11 @@ else GOEXPERIMENT=boringcrypto goreleaser release --clean --config .goreleaser-linux-arm64.yml endif +.PHONY: gorelease-windows-amd64 +gorelease-windows-amd64: + go install github.com/goreleaser/goreleaser@$(GORELEASER_VERSION) && \ + GOEXPERIMENT=boringcrypto goreleaser release --clean --config .goreleaser-windows.yml + # This builds the Darwin, Windows and Linux binaries using goreleaser on the host computer. Goreleaser takes care of uploading the resulting binaries/archives/checksums to S3. .PHONY: gorelease gorelease: diff --git a/scripts/build_windows.sh b/scripts/build_windows.sh new file mode 100755 index 0000000000..0393774c16 --- /dev/null +++ b/scripts/build_windows.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +function cleanup { + shred --force --remove --zero --iterations=10 CLIEVCodeSigningCertificate2.pfx + rm -rf vendor +} +trap cleanup EXIT + +trap "exit 1" ERR + +az login +az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEVCodeSigningCertificate2 --subscription cc-prod --vault-name CLICodeSigningKeyVault --encoding base64 + +go mod vendor + +# Build windows/amd64 +docker build . --file ./docker/Dockerfile_windows_amd64 --tag cli-windows-amd64-builder-image --secret id=CLIEVCodeSigningCertificate2.pfx,src=CLIEVCodeSigningCertificate2.pfx +docker container create --name cli-windows-amd64-builder cli-windows-amd64-builder-image +docker container cp cli-windows-amd64-builder:/cli/prebuilt/. ./prebuilt/ +docker container rm cli-windows-amd64-builder