From b8faf55961ad17daf0a52cdce6f36839a56aefa2 Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Wed, 11 Oct 2023 18:24:57 -0700 Subject: [PATCH 01/18] Add Chocolatey to the goreleaser config file --- .goreleaser.yml | 64 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 62 insertions(+), 2 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index b8d327177b..c3443014eb 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -156,7 +156,7 @@ builds: binary: confluent main: cmd/confluent/main.go ldflags: - - -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -buildmode=exe + - -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -buildmode=exe gcflags: - all=-trimpath={{.Env.HOME}}/git asmflags: @@ -178,6 +178,33 @@ builds: post: - cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} - cmd: rm CLIEVCodeSigningCertificate2.pfx + - id: confluent-windows-amd64-chocolatey + binary: confluent + main: cmd/confluent/main.go + ldflags: + - -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -X main.disableUpdates=true -buildmode=exe + gcflags: + - all=-trimpath={{.Env.HOME}}/git + asmflags: + - all=-trimpath={{.Env.HOME}}/git + env: + - CGO_ENABLED=1 + - CC=x86_64-w64-mingw32-gcc + - CXX=x86_64-w64-mingw32-g++ + - CGO_LDFLAGS=${CGO_LDFLAGS} -static + goos: + - windows + goarch: + - amd64 + hooks: + # TODO: We might have to convert some of these to global before/after hooks since we'll now have multiple Windows binaries w/ different ldflags + pre: + - cmd: az login + - cmd: az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEVCodeSigningCertificate2 --subscription cc-prod --vault-name CLICodeSigningKeyVault --encoding base64 + - cmd: xattr -dr com.apple.quarantine ./lib/osslsigncode + post: + - cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} + - cmd: rm CLIEVCodeSigningCertificate2.pfx archives: - id: archive @@ -216,6 +243,16 @@ archives: files: - LICENSE - legal/**/* + - id: archive-chocolatey + # TODO: Check naming requirements for Chocolatey + format: zip + builds: + - confluent-windows-amd64-chocolatey + name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}_chocolatey" + wrap_in_directory: "{{ .ProjectName }}" + files: + - LICENSE + - legal/**/* - id: binary format: binary builds: @@ -308,4 +345,27 @@ brews: homepage: https://docs.confluent.io/confluent-cli/current/overview.html description: CLI for Confluent Cloud and Confluent Platform skip_upload: "{{ .Env.DRY_RUN }}" - test: system "#{bin}/confluent version" \ No newline at end of file + test: system "#{bin}/confluent version" + +chocolateys: + # TODO: Check naming requirements for Chocolatey + - name: cli + ids: + - archive-chocolatey + owners: Confluent Inc. + title: Confluent CLI + authors: Confluent Inc. + project_url: https://docs.confluent.io/confluent-cli/current/overview.html + url_template: "https://s3-us-west-2.amazonaws.com/confluent.cloud/confluent-cli/archives/{{ .Version }}/{{ .ArtifactName }}" + copyright: 2023 Confluent Inc. + license_url: https://github.com/confluentinc/cli/blob/main/LICENSE + require_license_acceptance: false + project_source_url: https://github.com/confluentinc/cli + bug_tracker_url: https://github.com/confluentinc/cli/issues + summary: CLI for Confluent Cloud and Confluent Platform + description: CLI for Confluent Cloud and Confluent Platform + release_notes: https://docs.confluent.io/confluent-cli/current/release-notes.html + # TODO: Store this in vault(?) + api_key: '{{ .Env.CHOCOLATEY_API_KEY }}' + source_repo: "https://push.chocolatey.org/" + skip_publish: "{{ .Env.DRY_RUN }}" \ No newline at end of file From f1f3959c96b19d5184bf437e68272fada0b2d7ad Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Thu, 19 Oct 2023 13:58:58 -0700 Subject: [PATCH 02/18] small changes --- .goreleaser.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index c3443014eb..6dd60f7c4d 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -349,10 +349,10 @@ brews: chocolateys: # TODO: Check naming requirements for Chocolatey - - name: cli + - name: confluent ids: - archive-chocolatey - owners: Confluent Inc. + owners: confluentinc title: Confluent CLI authors: Confluent Inc. project_url: https://docs.confluent.io/confluent-cli/current/overview.html From e1c3122d0e487c188b8b720bc0d2190e0adfd440 Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Thu, 19 Oct 2023 15:09:08 -0700 Subject: [PATCH 03/18] add missing entry --- .goreleaser.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.goreleaser.yml b/.goreleaser.yml index 6dd60f7c4d..a6dcde8658 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -321,6 +321,7 @@ blobs: - archive - archive-alpine - archive-homebrew + - archive-chocolatey provider: s3 bucket: confluent.cloud region: us-west-2 From a2d1eeb37d6176eb7c68d50c563dd0372548030a Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Thu, 19 Oct 2023 18:39:58 -0700 Subject: [PATCH 04/18] change comment --- .goreleaser.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index a6dcde8658..71e1982499 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -366,7 +366,7 @@ chocolateys: summary: CLI for Confluent Cloud and Confluent Platform description: CLI for Confluent Cloud and Confluent Platform release_notes: https://docs.confluent.io/confluent-cli/current/release-notes.html - # TODO: Store this in vault(?) + # TODO api_key: '{{ .Env.CHOCOLATEY_API_KEY }}' source_repo: "https://push.chocolatey.org/" skip_publish: "{{ .Env.DRY_RUN }}" \ No newline at end of file From ede4a2af2b066a486cf9d6393cbcd21caffb5f2e Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Thu, 19 Oct 2023 18:47:37 -0700 Subject: [PATCH 05/18] temporarily hardcode true for because goreleaser check reports an error on that line --- .goreleaser.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 71e1982499..ec2fa14574 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -367,6 +367,6 @@ chocolateys: description: CLI for Confluent Cloud and Confluent Platform release_notes: https://docs.confluent.io/confluent-cli/current/release-notes.html # TODO - api_key: '{{ .Env.CHOCOLATEY_API_KEY }}' + api_key: "{{ .Env.CHOCOLATEY_API_KEY }}" source_repo: "https://push.chocolatey.org/" - skip_publish: "{{ .Env.DRY_RUN }}" \ No newline at end of file + skip_publish: true \ No newline at end of file From f98f0c4fb7d36df78d395cb1cdf7cae1c4b206b9 Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Tue, 26 Dec 2023 12:18:46 -0800 Subject: [PATCH 06/18] Rearrange pre and post hooks --- .goreleaser.yml | 37 +++++++++++++++---------------------- 1 file changed, 15 insertions(+), 22 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index b1df8338e4..647a63b4c7 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -1,5 +1,15 @@ project_name: confluent +before: + hooks: + - cmd: az login + - cmd: az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEVCodeSigningCertificate2 --subscription cc-prod --vault-name CLICodeSigningKeyVault --encoding base64 + - cmd: xattr -dr com.apple.quarantine ./lib/osslsigncode + +after: + hooks: + - cmd: rm CLIEVCodeSigningCertificate2.pfx + builds: - id: confluent-alpine-amd64 binary: confluent @@ -171,14 +181,9 @@ builds: goarch: - amd64 hooks: - pre: - - cmd: az login - - cmd: az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEVCodeSigningCertificate2 --subscription cc-prod --vault-name CLICodeSigningKeyVault --encoding base64 - - cmd: xattr -dr com.apple.quarantine ./lib/osslsigncode post: - cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} - - cmd: rm CLIEVCodeSigningCertificate2.pfx - - id: confluent-windows-amd64-chocolatey + - id: confluent-windows-amd64-disableupdates binary: confluent main: cmd/confluent/main.go ldflags: @@ -197,14 +202,8 @@ builds: goarch: - amd64 hooks: - # TODO: We might have to convert some of these to global before/after hooks since we'll now have multiple Windows binaries w/ different ldflags - pre: - - cmd: az login - - cmd: az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEVCodeSigningCertificate2 --subscription cc-prod --vault-name CLICodeSigningKeyVault --encoding base64 - - cmd: xattr -dr com.apple.quarantine ./lib/osslsigncode post: - cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} - - cmd: rm CLIEVCodeSigningCertificate2.pfx archives: - id: archive @@ -238,17 +237,11 @@ archives: - confluent-darwin-amd64-disableupdates - confluent-darwin-arm64-disableupdates - confluent-linux-disableupdates + - confluent-windows-amd64-disableupdates name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}_disableupdates" - wrap_in_directory: "{{ .ProjectName }}" - files: - - LICENSE - - legal/**/* - - id: archive-chocolatey - # TODO: Check naming requirements for Chocolatey - format: zip - builds: - - confluent-windows-amd64-chocolatey - name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}_chocolatey" + format_overrides: + - goos: windows + format: zip wrap_in_directory: "{{ .ProjectName }}" files: - LICENSE From dc29d9486c250b2c83001a8b9cdfe6c666eb2421 Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Tue, 26 Dec 2023 12:30:33 -0800 Subject: [PATCH 07/18] some prep for building choco packages in docker --- .goreleaser-windows.yml | 19 +++++++++++++++++++ .goreleaser.yml | 23 ----------------------- mk-files/release.mk | 5 +++++ 3 files changed, 24 insertions(+), 23 deletions(-) create mode 100644 .goreleaser-windows.yml diff --git a/.goreleaser-windows.yml b/.goreleaser-windows.yml new file mode 100644 index 0000000000..b652e9fe8a --- /dev/null +++ b/.goreleaser-windows.yml @@ -0,0 +1,19 @@ +project_name: confluent + +builds: + - id: confluent-windows-amd64-disableupdates + builder: prebuilt + goos: + - windows + goarch: + - amd64 + goamd64: + - v1 + prebuilt: + path: "dist/confluent-{{ .Os }}-{{ .Arch }}-chocolatey{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/confluent.exe" + +release: + disable: true + +archives: + - format: binary \ No newline at end of file diff --git a/.goreleaser.yml b/.goreleaser.yml index 647a63b4c7..9dde0a174b 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -342,26 +342,3 @@ brews: description: CLI for Confluent Cloud and Confluent Platform skip_upload: "{{ .Env.DRY_RUN }}" test: system "#{bin}/confluent version" - -chocolateys: - # TODO: Check naming requirements for Chocolatey - - name: confluent - ids: - - archive-chocolatey - owners: confluentinc - title: Confluent CLI - authors: Confluent Inc. - project_url: https://docs.confluent.io/confluent-cli/current/overview.html - url_template: "https://s3-us-west-2.amazonaws.com/confluent.cloud/confluent-cli/archives/{{ .Version }}/{{ .ArtifactName }}" - copyright: 2023 Confluent Inc. - license_url: https://github.com/confluentinc/cli/blob/main/LICENSE - require_license_acceptance: false - project_source_url: https://github.com/confluentinc/cli - bug_tracker_url: https://github.com/confluentinc/cli/issues - summary: CLI for Confluent Cloud and Confluent Platform - description: CLI for Confluent Cloud and Confluent Platform - release_notes: https://docs.confluent.io/confluent-cli/current/release-notes.html - # TODO - api_key: "{{ .Env.CHOCOLATEY_API_KEY }}" - source_repo: "https://push.chocolatey.org/" - skip_publish: true \ No newline at end of file diff --git a/mk-files/release.mk b/mk-files/release.mk index 6fb1c7a686..2552704813 100644 --- a/mk-files/release.mk +++ b/mk-files/release.mk @@ -71,6 +71,11 @@ else GOEXPERIMENT=boringcrypto goreleaser release --clean --config .goreleaser-linux-arm64.yml endif +.PHONY: gorelease-windows +gorelease-windows: + go install github.com/goreleaser/goreleaser@$(GORELEASER_VERSION) && \ + GOEXPERIMENT=boringcrypto goreleaser release --clean --config .goreleaser-windows.yml + # This builds the Darwin, Windows and Linux binaries using goreleaser on the host computer. Goreleaser takes care of uploading the resulting binaries/archives/checksums to S3. .PHONY: gorelease gorelease: From f92d854341bac027d15208d0cd8cdd7db91a2caa Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Tue, 26 Dec 2023 17:48:46 -0800 Subject: [PATCH 08/18] move windows builds outside of the main goreleaser file --- .goreleaser-windows.yml | 46 +++++++++++++++++++++++++---- .goreleaser.yml | 52 +++++++-------------------------- docker/Dockerfile_windows_amd64 | 15 ++++++++++ mk-files/release.mk | 4 +-- scripts/build_windows.sh | 21 +++++++++++++ 5 files changed, 88 insertions(+), 50 deletions(-) create mode 100644 docker/Dockerfile_windows_amd64 create mode 100644 scripts/build_windows.sh diff --git a/.goreleaser-windows.yml b/.goreleaser-windows.yml index b652e9fe8a..bd9ff8a796 100644 --- a/.goreleaser-windows.yml +++ b/.goreleaser-windows.yml @@ -1,19 +1,53 @@ project_name: confluent +dist: prebuilt + builds: + - id: confluent-windows-amd64 + binary: confluent + main: cmd/confluent/main.go + ldflags: + - -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -buildmode=exe + gcflags: + - all=-trimpath={{.Env.HOME}}/git + asmflags: + - all=-trimpath={{.Env.HOME}}/git + env: + - CGO_ENABLED=1 + - CC=x86_64-w64-mingw32-gcc + - CXX=x86_64-w64-mingw32-g++ + - CGO_LDFLAGS=${CGO_LDFLAGS} -static + goos: + - windows + goarch: + - amd64 + hooks: + post: + - cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} - id: confluent-windows-amd64-disableupdates - builder: prebuilt + binary: confluent + main: cmd/confluent/main.go + ldflags: + - -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -X main.disableUpdates=true -buildmode=exe + gcflags: + - all=-trimpath={{.Env.HOME}}/git + asmflags: + - all=-trimpath={{.Env.HOME}}/git + env: + - CGO_ENABLED=1 + - CC=x86_64-w64-mingw32-gcc + - CXX=x86_64-w64-mingw32-g++ + - CGO_LDFLAGS=${CGO_LDFLAGS} -static goos: - windows goarch: - amd64 - goamd64: - - v1 - prebuilt: - path: "dist/confluent-{{ .Os }}-{{ .Arch }}-chocolatey{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/confluent.exe" + hooks: + post: + - cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} release: disable: true archives: - - format: binary \ No newline at end of file + - format: binary diff --git a/.goreleaser.yml b/.goreleaser.yml index 9dde0a174b..002bb25958 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -1,15 +1,5 @@ project_name: confluent -before: - hooks: - - cmd: az login - - cmd: az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEVCodeSigningCertificate2 --subscription cc-prod --vault-name CLICodeSigningKeyVault --encoding base64 - - cmd: xattr -dr com.apple.quarantine ./lib/osslsigncode - -after: - hooks: - - cmd: rm CLIEVCodeSigningCertificate2.pfx - builds: - id: confluent-alpine-amd64 binary: confluent @@ -163,47 +153,25 @@ builds: prebuilt: path: "prebuilt/confluent-{{ .Os }}-{{ .Arch }}-disableupdates_{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/confluent" - id: confluent-windows-amd64 - binary: confluent - main: cmd/confluent/main.go - ldflags: - - -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -buildmode=exe - gcflags: - - all=-trimpath={{.Env.HOME}}/git - asmflags: - - all=-trimpath={{.Env.HOME}}/git - env: - - CGO_ENABLED=1 - - CC=x86_64-w64-mingw32-gcc - - CXX=x86_64-w64-mingw32-g++ - - CGO_LDFLAGS=${CGO_LDFLAGS} -static + builder: prebuilt goos: - windows goarch: - amd64 - hooks: - post: - - cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} + goamd64: + - v1 + prebuilt: + path: "prebuilt/confluent-{{ .Os }}-{{ .Arch }}_{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/confluent.exe" - id: confluent-windows-amd64-disableupdates - binary: confluent - main: cmd/confluent/main.go - ldflags: - - -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -X main.disableUpdates=true -buildmode=exe - gcflags: - - all=-trimpath={{.Env.HOME}}/git - asmflags: - - all=-trimpath={{.Env.HOME}}/git - env: - - CGO_ENABLED=1 - - CC=x86_64-w64-mingw32-gcc - - CXX=x86_64-w64-mingw32-g++ - - CGO_LDFLAGS=${CGO_LDFLAGS} -static + builder: prebuilt goos: - windows goarch: - amd64 - hooks: - post: - - cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} + goamd64: + - v1 + prebuilt: + path: "prebuilt/confluent-{{ .Os }}-{{ .Arch }}-disableupdates_{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/confluent.exe" archives: - id: archive diff --git a/docker/Dockerfile_windows_amd64 b/docker/Dockerfile_windows_amd64 new file mode 100644 index 0000000000..51fbbbe969 --- /dev/null +++ b/docker/Dockerfile_windows_amd64 @@ -0,0 +1,15 @@ +FROM --platform=linux/amd64 ubuntu:jammy-20231211.1 + +COPY . /cli/ + +RUN apt update && apt -y install make sudo + +RUN sudo apt -y install git wget build-essential mingw-w64 + +RUN export GO_VERSION=$(cat /cli/.go-version) && \ + wget "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" && \ + sudo tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz" + +ENV PATH=${PATH}:/usr/local/go/bin:/root/go/bin + +RUN cd /cli && make gorelease-windows-amd64 diff --git a/mk-files/release.mk b/mk-files/release.mk index 2552704813..73668904b1 100644 --- a/mk-files/release.mk +++ b/mk-files/release.mk @@ -71,8 +71,8 @@ else GOEXPERIMENT=boringcrypto goreleaser release --clean --config .goreleaser-linux-arm64.yml endif -.PHONY: gorelease-windows -gorelease-windows: +.PHONY: gorelease-windows-amd64 +gorelease-windows-amd64: go install github.com/goreleaser/goreleaser@$(GORELEASER_VERSION) && \ GOEXPERIMENT=boringcrypto goreleaser release --clean --config .goreleaser-windows.yml diff --git a/scripts/build_windows.sh b/scripts/build_windows.sh new file mode 100644 index 0000000000..3d4a8802cb --- /dev/null +++ b/scripts/build_windows.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +function cleanup { + shred --force --remove --zero --iterations=10 CLIEVCodeSigningCertificate2.pfx + rm -rf vendor +} +trap cleanup EXIT + +trap "exit 1" ERR + +az login +az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEVCodeSigningCertificate2 --subscription cc-prod --vault-name CLICodeSigningKeyVault --encoding base64 +xattr -dr com.apple.quarantine ./lib/osslsigncode + +go mod vendor + +# Build windows/amd64 +docker build . --file ./docker/Dockerfile_windows_amd64 --tag cli-windows-amd64-builder-image +docker container create --name cli-windows-amd64-builder cli-windows-amd64-builder-image +docker container cp cli-windows-amd64-builder:/cli/prebuilt/. ./prebuilt/ +docker container rm cli-windows-amd64-builder From 91ebd77a14cc9f823040698741ae8efd347603a2 Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Tue, 26 Dec 2023 17:54:51 -0800 Subject: [PATCH 09/18] forgot to remove archive-chocolatey --- .goreleaser.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 002bb25958..80f0d7dcd4 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -283,7 +283,6 @@ blobs: - ids: - archive - archive-alpine - - archive-chocolatey - archive-disableupdates provider: s3 bucket: confluent.cloud From e365ba3ac0c9f0465d11028e5733b1b8aaa27193 Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Wed, 27 Dec 2023 13:26:19 -0800 Subject: [PATCH 10/18] install choco in the windows builder docker image --- docker/Dockerfile_windows_amd64 | 6 +----- docker/Dockerfile_windows_amd64_base | 30 ++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 5 deletions(-) create mode 100644 docker/Dockerfile_windows_amd64_base diff --git a/docker/Dockerfile_windows_amd64 b/docker/Dockerfile_windows_amd64 index 51fbbbe969..a4b203e4c1 100644 --- a/docker/Dockerfile_windows_amd64 +++ b/docker/Dockerfile_windows_amd64 @@ -1,11 +1,7 @@ -FROM --platform=linux/amd64 ubuntu:jammy-20231211.1 +FROM --platform=linux/amd64 cli-ubuntu-base-windows-amd64:latest COPY . /cli/ -RUN apt update && apt -y install make sudo - -RUN sudo apt -y install git wget build-essential mingw-w64 - RUN export GO_VERSION=$(cat /cli/.go-version) && \ wget "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" && \ sudo tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz" diff --git a/docker/Dockerfile_windows_amd64_base b/docker/Dockerfile_windows_amd64_base new file mode 100644 index 0000000000..2ac78b6779 --- /dev/null +++ b/docker/Dockerfile_windows_amd64_base @@ -0,0 +1,30 @@ +FROM --platform=linux/amd64 ubuntu:jammy-20231211.1 + +RUN apt update + +RUN apt -y install make sudo + +RUN sudo apt -y install git wget build-essential curl mingw-w64 ca-certificates gnupg + +# The official choco linux image does not have a new enough mingw-w64 version to successfully cross compile the CLI +# So we build & install choco from source on Ubuntu Jammy (which is able to compile the CLI) +# mono is required to run choco & .NET is required to build it +# https://github.com/chocolatey/choco#other-platforms +RUN sudo gpg --homedir /tmp --no-default-keyring --keyring /usr/share/keyrings/mono-official-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \ + echo "deb [signed-by=/usr/share/keyrings/mono-official-archive-keyring.gpg] https://download.mono-project.com/repo/ubuntu stable-focal main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list && \ + sudo apt update && \ + sudo apt -y install mono-devel + +RUN sudo apt install -y dotnet-sdk-7.0 aspnetcore-runtime-7.0 + +RUN git clone https://github.com/chocolatey/choco.git && \ + cd /choco && \ + git checkout 2.2.2 && \ + ./build.sh && \ + cp -r ./code_drop/temp/_PublishedApps/choco /opt/chocolatey && \ + mkdir /opt/chocolatey/lib && \ + cp ./docker/choco_wrapper /usr/local/bin/choco + +ENV ChocolateyInstall=/opt/chocolatey + +RUN mkdir -p /cli From 4bc9aea573d051b5bd16fed9bf48ca70c65dfaf0 Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Wed, 27 Dec 2023 13:29:48 -0800 Subject: [PATCH 11/18] fix typo --- docker/Dockerfile_windows_amd64 | 2 +- scripts/build_windows.sh | 0 2 files changed, 1 insertion(+), 1 deletion(-) mode change 100644 => 100755 scripts/build_windows.sh diff --git a/docker/Dockerfile_windows_amd64 b/docker/Dockerfile_windows_amd64 index a4b203e4c1..a6546888d5 100644 --- a/docker/Dockerfile_windows_amd64 +++ b/docker/Dockerfile_windows_amd64 @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 cli-ubuntu-base-windows-amd64:latest +FROM --platform=linux/amd64 050879227952.dkr.ecr.us-west-1.amazonaws.com/confluentinc/cli-ubuntu-base-windows-amd64:latest COPY . /cli/ diff --git a/scripts/build_windows.sh b/scripts/build_windows.sh old mode 100644 new mode 100755 From d1be0cc14a6def496a4f58eff0302c4ffdce2860 Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Wed, 27 Dec 2023 13:34:09 -0800 Subject: [PATCH 12/18] Add signing certificate to .gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index ca7feeb8bd..259e752d24 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ +CLIEVCodeSigningCertificate2.pfx + /dist/ /docs/ /legal/ From cb3c9e0bb0058d970cb2159c8fb9e04d09125200 Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Wed, 27 Dec 2023 13:58:18 -0800 Subject: [PATCH 13/18] move osslsigncode into the windows builder base image --- .goreleaser-windows.yml | 4 ++-- docker/Dockerfile_windows_amd64_base | 2 +- lib/osslsigncode | Bin 70000 -> 0 bytes scripts/build_windows.sh | 1 - 4 files changed, 3 insertions(+), 4 deletions(-) delete mode 100755 lib/osslsigncode diff --git a/.goreleaser-windows.yml b/.goreleaser-windows.yml index bd9ff8a796..4305d8a23a 100644 --- a/.goreleaser-windows.yml +++ b/.goreleaser-windows.yml @@ -23,7 +23,7 @@ builds: - amd64 hooks: post: - - cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} + - cmd: osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} - id: confluent-windows-amd64-disableupdates binary: confluent main: cmd/confluent/main.go @@ -44,7 +44,7 @@ builds: - amd64 hooks: post: - - cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} + - cmd: osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} release: disable: true diff --git a/docker/Dockerfile_windows_amd64_base b/docker/Dockerfile_windows_amd64_base index 2ac78b6779..961a5c8632 100644 --- a/docker/Dockerfile_windows_amd64_base +++ b/docker/Dockerfile_windows_amd64_base @@ -4,7 +4,7 @@ RUN apt update RUN apt -y install make sudo -RUN sudo apt -y install git wget build-essential curl mingw-w64 ca-certificates gnupg +RUN sudo apt -y install git wget build-essential curl mingw-w64 ca-certificates gnupg osslsigncode # The official choco linux image does not have a new enough mingw-w64 version to successfully cross compile the CLI # So we build & install choco from source on Ubuntu Jammy (which is able to compile the CLI) diff --git a/lib/osslsigncode b/lib/osslsigncode deleted file mode 100755 index f81c3f36c1a5e6cd21dfd5932ee384667ec7a02a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 70000 zcmeFadwf*Yxdyxg1Okc^?^ti6f`SSrXcU2HA{iYtffR_v>kx7wk&xu%f?$niB;(0; zGZ?K{+S)d?w&hrBQ#BYph9+o9v{oavmeXT3T59*S)JBiTqNVaZ&%4&%vu6?#&hPtv z-(QW+TJK)#y|4RaZ(jfWuU||ujFj<)(LByDjN|ajKtjau12T+L@C)J>3KiyF6Sy(3 zY$;O{|56ekM|>im4G<6ttq81Kk%%JnJ&9?CeugSWDt?Ul7Ya3$ZD>%idQRk5dn}AW z#`*^o4xcB)(fQEqeGG-_8yZ*FyGhCVeekH_R}Kg9&v{l)hLNWEP1FgBU#Oz2sU}LeM4Pk^%{+k%x~foir;4}IQ;S1`5|@*3fvSRQw3eycP-pObacSrUapWfh_F zy5et=qf1~p-^>IsD9(R)iqV2+J?Ge`elHgifMHWJ}2}0x^PlK zC{$HE8owOSlV7VYOg?-0(cW+1=ll(?CyD+WcuDcwHbqhJdGvZxTHH|Va3Ai!iq{pt z=^BO4qy2?KtLx*fb~wK_&2NIC%NNYN`l&*XONjS#`HPoa7sy-e^icyTib0{q9Z+#? zu8Qe5FR!x=qgmN6nr6jRj$6MbYoR1p80nw ze$=Divb&DDap5`7|8!sT{eQjmbCyRse#R6OG=Aqh&rHMLOxR1h4nLpbf0Q#1KjzWK zw8`q{%7*-sx{b9BHFGlNTs~*s9OzQHTIrYJp-UY{V^ZQe1M7}CnGU+x5l{ZU^wDg`kCeTufKnJ;9nm2 zmk0jkfq!}6Ump0E2ma-Oe|aF;14TjekHJm*{lVze?>&vBfZ22)Xf_T7%_2K!6&(m# zfUPDQ>4QP@w@4bazlwEZaMMfvTVC{?X~gMIEcVh{ji7A;AJYCEY;3#8r7JI=<2$oO zR1x}U_6*S4^MP>7i{<=F%-^&>Js8bOarj$J2kdc*S^8n{X-|SaquBG~wvp{Q%aKQa zj9^d1rAyW~n*GP8V9#wpIE;R@rx!TlZ`w0gF&oXE#a?|zvFE?2&Fa z+w&{h^GzU(V$Xkg?OCmujb@Kqo@3Ovqg=fb>znJp!<5e-w>W+nZcl{vyaI$#>?!uz z^Ppljnmq~nj8Z-eT)h(Q2|Mx*W6y~$-EeyXwCD5asP>%Y@MnG71za@Z(dZ;m`WE zOfeg+z9r~0iar0hZ)AJIj=aOz^Bb3LxIF>d^E?nnvF9v@Kkd0kF&oXE#oqcdiai&& zdL@?6WH0>){dKBKH{70I(VjnJb8ZxS{=;j}Q@|agKRD9*c9UY|Pwo#A%69~NvRu01 z_DFsE(&+XSd+m82o1J6Wlc3KiNAQx|M~ADx1UN!-eK(7>e3CjXEtc(} z?Q#8g7<+!<(haxgj~%e*aUhIhPcLxX`CFZ0Hkv&N`ixROr@DG2_6P4d@(yFq|3(}? z47cY8wC8s~7{#8j!=L5zsA4vnJz=Lj$0(ocT)h(Q$@S8Y&>zfj>4w{r%KA2CbbDNX z(Vjh6ZXC8h2=5=7fNU%EJKtk8^=^qK2h9R3hPn&?ap+Lc(ou#zhc(xlx>j&5HzNy? zZBJ!lw6VkNv#VA9b;$pD5NjOsb7tg6BNc}Z9m+TR%*Z@4G@}_L{DOsT6*LFK@BJP5 z5ZSCAUrqh?)#h*<42XTILWtnzfsADl2t&JEM6WXp`jM z7g-5eL^LB80*dj7XeZB~fcq$Mqur~hl$CC0i$W)EW~vzpO6q)jww7E(3m?RT7JCMG zLTsH9yOcyCc05qb$V^g)yU7H2hA*PEyiK9|UGz6u)Lt#8gCuq%XoAs*XlC|7n`ub3 z$5FxAFu>T|lFB@Y?3SGO!6oz4=V+Jtier))$syGvlwb)AMsx>E|N3{C7*$V3a6tgY z9Zg4`FCyNzB76vjUt;yR}+P#7b(=~0E2NbCk|%B!I^Q;9|xz!!E^_-BEsHcu?@W=g0>-opXk~)4MMAUVsjka z;N~~DP^}A9xlo0Mz;czFc(V(waG^p#{OgP4yJo9S9PEgL zU2(7{4)({vfjGD~4i3gaI}WaT*L7Hh2JN%M=xTn6AQ;Vl1yiofm(Bj5xjSg?vMr?Q zhEO7PHM@rhJ!Wsvd@X3cV&4`=xJn^BlZdc5j&PPjcsvndri&2K2;T()YT6$jVU%Hi z_a3&iXMT_NV$Fx9zivjl894x>!cy;2z}L5BEh5x^RYf+Wq0Lr%0SUV=gpFjmpb`@wjD;ePc#yk7dyZ_G` z-hTO*E@6KVJ1a@Ue@j;2E-KLYe^=mB9PN)$ChUb`-#RMMMZ*+Gp#q=W^?&w2=A_=j}6yt57-$|DCofb%Ij7x(RBRSudp5XkCFv1*(^Iry@W8+~u zFqUqt2tBD+TlU=!om7?2H$mIJue!eR0RdAk(2BL`W6}4J{@;`7Idu{GUrtJtKdiB~ zkp7xD{gHO4{g=cIIgA53=zu_y0^f#O2@aS@1$N)zI^a$q97zdW<59pnq$V(b0%N>g z8E4LhXD{6V71Zn_HaS_HyGU_a62&-?W`?RlN2zM?M$Hp+fW?3E2#j&k<^w`#!$f8%H@OkR(Llmgkg5_DOmDK&}{kD z5Z1i08Z557?Rc1CYn!3iAvpa1s91C6=$^5*RwO9KCr7crL9sW+Cn`3qfxm^BfL$I} z>`063Pw1+gwse>x+W=i+*Ci(q%rQd{fGtz=&q}{I4ZjrQRl~#f@ zGjb;$Vh_X33Hq%8qP+qLx~kp?gd=G~zroIk!{{&$NrywQMS>6}8Nm_(F=t?U^THI& zbaIBJ`*to&v172kbyu(?N?KSJQA{0#MueRUncTJab!&SFfNlbircf23U@ow5@&JS!7g@^u+*yu zmhCjq$G(xkK=r&x@-Y4XI&E0#j=0i`9s4ny8t&%Gi~9H?c?i||PoB42g6QxyfCiG* z+A2%%U9zxLu&k)0eYX6JJi^^wu8?*lc!jiigh+dO1mmOqSe;wQ=XwylBmeNFznAUU zx>Kd$x=UGj7~Q{B^yL5n05v*Yp4l(Ua|8{G2D)BsDHQ}i5R?awRS2#JS{Ato0N{4b zVbEdOqAB(|36bTBMZcSHl}ecAB(z|wkDH$N!*|$-xsfNEaHh4D80a%5p_?=#8`!Vt zCHdda7q#154hO&i%LhxADIl35Bu67Z+|3Z#Sk;4yauz5#AK&N5As-NZx0Z4m*bhB0 z(=fUYp@m`<5$znp)`KN{>~7$o>KLHVDPLwvxSJ`IVn%Agz<0lv^%3SDu<71pSr?0} zD$1GxS=d~q5Y$)l!9FaX47(Uu+<;97Uv9t(j#?bqry?%~Qq;%ITDGs{c(E}1QAoAx zY%o;Fx?cDlyvR2(cY)GwA+>Y}VOE2vE9v%y>wp8lQ!mwJwZIDFdCV@LZ|6biZl!*^ zl_nnmygR}a7~4$>+aPtclQ~dakWaFFv);({ZSBeR?HCAu4mKdI0D>7UMd*v1Le5r% zT0!stqds{es>8Ucie#(EH{9)3s+I*DIigulbM|XVy1f>dNd}w)M%Yf=?J(P~Y+M<) zF`^4@oiIxM73@=$k)lvZ?x?2tn;||{g~shL`qNs0g;9L9h>daTi6al%r%K0CYg-%z zkcTR;R6nKZBxS5*<76V8szswS5#h+g&nFz62-n^Aw_%|kO|;s3IgPebPfAw%MHp&E z@+h(s%?&)Ls(n2e#BSuIAlyxVQ?{=~^XgH&UcnZLase^mg4=~x4tZ6QS2QbIFuMnl zZ~yOYNJ^|Wi<7*5k1Ci#8l%-O1PT~UQ;ehrEjv#biOGpZ%38rn&2$x`U?}zu_~QJC ziVaK$v95~OQKM+qHcYFK#M*@;BOuw=4p((5s*$&X{GR1%Mx+$95+?vUGu{3L(8s7R%am#v!|RKUNslA>^xe4sDa4-5f#Ur4zQ&&xGN=jDa`8=a{30EA9&j-a;)B91(SUdv;wwHHWo=} z(GxW$VEfsRUpk0&&(K4cRa3|-9z?>delIDUF_=UvGh=Pw zTlHj-`rbW^JO*x&itsiKZ1zJGB&oo&x^B4^iQ#TqL3MmB^WA5Pa68j2N=8$%jPpgt zUdlMlk5PMD8I-`8@OH#IYrsJoKE_EY?rs&yX%zc_TY;s71CwPwAZFgr2UYSH0(56S zIZBBG;Uq(Uu!bf1DwX*9naq>2^X&|t5&n#feUX#N(M>*6C#&URG<%BT+b(=F?3;yM zKiLJrF4hFkcw7{jg=ei^4!JuMvkx(EMmgM&tlmW7_Y(OXI3updj^IK^r5%OYz3-<@ zek1;TMeqCR-sdZO-=8-54KvE)QDCv&Tk;U@ZHEr#%Q#@Xe8^QLqEvaUnc_TE;;ZHK zR1Z~I7gt4bLI<5PzzSa&FpM1E*4;V29bbf{Et%05K;l-0pyFPe%>8uX-bL;{aF1OH z&6MM$E;)0PS&BR}nfx8p1{__IeBkuN`s%bYX9?ie*GP-V@WUVD0r^^3=g{f@12brJ z6J1ER&n^LsITx#7xSJ7hP$_itc~ekRAHCc06^YP4EERP+s7@}_0XJ29JITTRuhqhI zJG03yUX6W`cP2RVOe>Y!2dvmq|5J<9(_Zx?TMlU3^5k%5w_|?|+|^9g5{1##F+CXG z4c2hdV-RasQ-x?&<(4=uk$gLrra@VPdA=RjOwR2cOv{_hq25WFf~54sq@$2D4N2kN zX%rC60ktJz_&vHSxAo<`)~R1av3((_y|FZJ#s{8^bZ^FMo{VYUj2+0(E;S?VH0Qg; zaXYl9sW5ClT5NuVNOu4UHaC)5Im2-iabbG8$IfGin||DI(~mzQ(F?e|esH z`d9I=JGBns1efPSolCytg4dra-CKFC`Ag{h?N2eGP+M2ig|-E> z<>787vk4cme~o56U^x<1$E|m)d^;ARdP@(lQ&7wE(o$4e_l=M>PL=scS>sjN_nF;N z;Ux_BNfYp<{7E%|&(H*T+t`x4-oK@VJsE%SWTbmDe(A}W=FNB-8QP8Zqqn-o>W&~P zmA|BOCEGyCM>x0_@0+jT@&$ce3kqyI(sfpZt}Dm&f^t(p++hNhI_ftCjy>`P*f?F7 z*L%T~e$44)vQ@HGgw1*bLOM5qGw!umTM5|XL|OyD*coX~Z-;V1H#%9K3n37XhHvv3 z2vL07s%Ty6b$2l0)w4sW9N1nUTUC6{u;bg2pFYh=>*NS$e(c-PkbX+<2WgW(DmPy* zH@iQ8fxc&>jKZHCg=+20zw&`jJz`&>@Mj~$$UX`wUIb(ru}lQeYp&AkY1t~6=X-W5 zDd2$~FoKphh?Z3}^g7HMq;Ge0lL1!^lTpg;eQ!dr~PjSll~209g%_0q<>RTkHE%f(!V9BV&;&PlA4qsUfD;ENZD^6 zxw79ma%I08S9ZUY2~|d#;k)-5gjR&l<0H&7c_nOtG&*-um3EsH*r~FG;3=^Fo7rqi zSzzp`)!d!^x-%E@>lWaPsJXi<)|ue^84Dd$ge)-g>Baw>)!s))cEeaKnVE1ErkWe!|;m#oAy?D;p* zuuCZJ+~aj8p{$chsJ_ZHx-~PYQs;DrTm1-!Su>676RlwqtYPF@laHHZ@Dz+9M@u+b z!qGkx0~t2^kQ-a$qrV+z`tHS}*K=yg>z#sH5q89>D}jfbjpGrc@B9L5Xqg0LzMR{| z;V94SgHwr_8}1=)9`+2W4R#c$D_-?9JJYD{YtWNP=GF-a^UYVV3k|?N{ziJ%nV}HX z5)8Wy9lA4)QIs0Tfa;kW=Bq=j{FK)$r$Y|+E+jJ8AN+5yzZP7ecz}vyoWgQ6w~Mh- zoK*}nfC*5ZRC(h?`M3>3V4-ZV0f`MvGPmwSC^ifNu$OvUMJG`$!LVPwK5hf0j&1`y z#B#`2!*Ic@H}bHogCTEIMi{J~6CSUzsDWoj_97!_9teIT`1db@v)(c>8t}qxxZAmQ z>)V2*C(51Ar1iDH9jwp1Cz1JS7r!WjmQ%8o2=*LR$fqDryV;TqE?=m^7e&Y@5fQ=h zqAJ>)(&Sa-kG#LYK`9nH8e0P&!GfJ9Q9hcbTJkWm|AKVvB&F##hvqj^gJz^3e0?o5 zNn~{^qE6;w7bjh!=mBb8P8O!H0J+1-7x@tg<7cGmgcFSXAT=W|(WVbTX+;TM-s_8E zVM;;Fw`AgF?^T@lvSV{KP)`XO?4xgnYtSO*p9;3(o#AJ!yt%LE7~QnUK8lR`WXBd% z+-HcJqdTMZrPMO@Bb=b{#_vy{BG&XQfp4I@K- zYb=kE%6*s%kr7|OVhxUTUxc4F@|?MD{+L94kpcJu5V{Y}`OMx!FK>#CGb0_KF{4kA z@}4YYYlE2_=~4TD%Ft+Ps0NHsslcc&;?&L96o*KmVMkvJ^0i=p2Dg2e36(*EtZo%` z5=Yfi`#t7IvkPuPWOdSRGqN4h(F3(3vX5E;!!ZmoS2JNcvbQ1Pp-Pm1eJ1eC$U^`{ z5qncyE=C5J3>Iif=a5r0>y5j>RrS)MlYJx5vAQDp849I68RarT*$foudoM=ecsVsw zgW~0`rrORZ(}QOB28mu5WeMALKt&zt&}!lQ52^00$L+4R*P$%oHR8d1rrWtE%I+L4 zrbqhWMdUKFAID)b25n$ui=kWegmS@ZD7ED%l)H2%cA9d_Dsohq&S2>WChF&xs~Kh3 zQ^lXP&@1*C$gzGD8ZB-C#9@yR9XLfo3CS#Z1N~Vr1*3;Nn~^FS`x%Z|plxCeAik~v z?=oL;z>Xs+ZoxzbK3;f$7LziAWqwz&@5{DqZ0fro?&=9oh-s zFra@l|R!+obf_(+> zW}^&IwPb16&5#tn%}W%T>K*0$K=oblT@FNWH&&!z)hds>?M$eFgC;!b4(Sm76yw;V z096B2{h<94kdH{RA9}iyGqmJw%3}4n+kO@$gm;b(D;f3|f{hrauBvJ+=7LWQb2K`H z81@4!>x6e_D4&Gjk&(wj<^{ zd5ADrw=+#9KY41lns0rZ!(pEJ-{yqrdFG1gY39w-({1}WQCmhT|5Cuw>`s*Ja~yra zjlyzg^-v_6n+?TnR7dAPt@uUw}@7+Rx--4TcN%gnLw=?Cb{a^ z|C^72WhEUK&CUab8Z|Lo(m#Vr9O0mO%`|&6kRe__`_X9&h(oMC`R1N|0}-NGdpE@K zth@c7<%X4m8^oI?s{x&eF`c|D zslB1DRAKQY*=XGEfTZ5TExVu72@U>t#5#G4( z=<;T+=ACcJ*^NEpq+}60l!%+Ph-o6?6N;E1A{tx~Efg`r8tXyD;Y*ssTd*B(u93qo z%%Y%8P%3+;RL2#r0?w%OZAJdynDNrauM7Epl5Y}nwYJ0Sf8gRQtHk3fNuQcC*M1rv z9%%@ihhgOTzr}~Z)axJ%2MhF%u6?t_e_4e}nI)pkJXP1RxpYt%+f?d9tZCvyp@?0G zT$$pd^1r2MU^Thtm+Z=)wL3l@s!TJo51h<_Z~XnUT=V5zt{3_Nn_K6B#Cu@%pGv8m z^-v#85;HgU1ahBie1ym|Sif3(Tc@55lwrBOcAAUu&&ClE(p`k#kBl(QMd${??$l=y zBKjGkal2E0tfC(cIZ(4y#WP>`T~(^+2tIh z^yjsv-iAykz4x;;yf{pYb6c6WG$AiNA@7oeylDw}r%0Y!lw%m6@hM7`gP4koDtW38 z%T=4qdE=w>RIU;p5aDkCb!03Y9wlII9|bc#0rT!rFsCJ8UJp#|U^DUpEx7U;7GD=Y z&qkE4P%NQwaGNiJvD%?i8&UQt$79;?4wB<5BwyrZJWD}#WdJgFdCJpny&5dAGN^N1 zCG8En3(7}>ETBMZFHRGF0vtUBaI(?ba>E`JYa|qS#e-5g5(?bmLAeGfPTj^@jsCa@ zYMPNJ06NuKrV;N4sD1X&u~UGtyMqzl?L~`((gcY_Fx<_JB}w!J4xn?pNt(xYvVQnD z_7cp;=@IZ_zvA-a$Zw;xgNfWmc|?F{8=0QM8i*}Iz<5VWGI$$B^6F8x&~2Ne5zeEC zfc@`c63w&gXq9JjsqT5|xnuyIh@DOIP&2f7?iFJu*iREfZ1qeo9Ud9PNb&HPmdt|* zc8!O}%w!BE*r~uctO^+_Gd-D-3HERDgwiP+S9vDb=_<2JJIB|8(xE4rV7~{pxZX~0 zMYDcW#EjIhuVTbAo9iUE8M*eZba^)n4EYDFN?=)07B4TZEC>vl(K~^t-j%l^gz>68 zUxdF2@5=uk1rYz<1HX6n_SNVIfdCzA*I}RChTy( zFXw!i4j*#};-hr-av%rIfE^4s*)R_+`B;Q%RLA!oE^)FgpvcGSJp97@JAlj47{Z_n zKXEr?e;q>gH0mPB&dM(ojW>iCQQIMCI}>QZzQ6&Xz>znDLkuY>$EF^3*}kYIZd@tE z3lfO`!lH4BSCTl5#8#jO#=tWC!Y@%femy5{e?}(q`8mBt8{~t?2TjwExf=@o3TS5F z?QqlEO!h^mGE>WlEyDx*s^`%ljV^Y1@SdG#1>O#tujBI)17>f&RWM-RBZ}>YLU2f6 zFnD?6pf8fZN$WZ2>bdEqj9XsR<&(n_H5)%Mi-ydC{dp*tzQ8^Rqau45TY-HG0=93H zdJjEtz$)0U4%Q0xnXmYE9F1dqBsT8n!NP#mxKEu3rsyN45wgbVW3v&m#;cREf;WX{ zqM-bA9Gj0olPZ$r?6GOjh;$Q2q?_cS8}L0_um@L-;ALL~a|;|#1_rX}b6;d3LX<;a zFxrUY*Mb99U_b6^;|wLRPh$5y?Sg(Q@aAkfTV@2tRq&x1*o(v&laQz@C}zWk>}y*E zZ-(Dv#;pGFfj7;-n?M{7o`HQa^9#1rz+P1U9M-00V5#;L-cK04eF~c->Xiw{7ujaP zK9t;GzFDxhFYqR@S;tUPm~CE#Q%~PYc`m~98+cyfyFp)K0#ZEjMtzehA@L@4ov8pt zJAjTJwf1xxChYf(FBrrDbl@?&=1Qs)fP}R^J(l|1 zlT@FFXSwxxc$QP2pFwFR3sUuYIE}YHKQ$s9>+^6rZ+-4SeSRvbK6ebS&)ZR-hn#v0 zza-V??N;EKczw=LMcjqN!_?+Ls+zZhiNQQ-v4CSWjOzspwSv3mC2Uqddc;j9>9mc__7Cymh;W4&A zX&P=C0xt+$Lzc^*ND$~S%}MJcl3_mwDkX9;J^>NW)w$DP}$_tTbtMJk` zdlHk+(nA17Y+S6AqbARHE&{Z>I2M#P@{k~a!w z4HTsGqC4!ty&Kdl`{!g}2DS_FI0%WE=-r_V3l;ZI5ZOPbUD2#7z%z3XklSDoe)H@! znBjCdkquzyYq<$zeSyt6h``boOR=L*QAdlYK6?;UR+LFNuiBzIy3Os7YBgIEpm}v#j6=75|4gP7ASE|V&y3paSDq9FZ^kP2`5kfR%%Yd$&S|qB z6};@*(ZJNr0PN6NMet1kzIi2o*2{}i`t#vQ>=9Do?~`8nrp?|B+E@kL0pCDZ_~ruo zCIsI+M_)-!E3pdy@P745^Y^aPyzb8%oKpTzvu zOAP3Gtzxli7PJT1tFXuEah@!+dHzrjP=uZ)#%5+>?uE*CCoD1h>~0z)Oh`jUcFSc+ zNz!{j3_d2~wA558O*R*aL$dyP4gB<5@zV=d(+l=1;1S=5F#{by?g*9?y0lKR{W(hb*ueqTv{hF1J@wYgTB? zwv;>2vC`E@0qy^=?E}EsH2LO{Rrn?LWBf#3;`gW33@O~SU+VI`*dKtXz>sf8TKKa} zJovU8jS%AxLL-J6qO*f3;rE*HGyRu%*Gu{M-!KQluC#)BrSG zpH2HSIBVl-z%1H_S-dk}!=SYwu+JAQ1=GxzGkbDP8ao6(V_?J5!Mfxv^rU-rkCp3t zs5iIyy_A4&$IJGw&tpG1pr=^Ah}RY+q^t(Y+dS(5uYTw# z2KoZ8f)9p?S4GEiz|t8g4Fj)2Gir!|4x=-sb|YyyTeR#CH}#X%VYPf!Yx!zyOR|=j z3Xkx8@j|YV9G_y2H%Rt?mp?)>&!>zGXUdqFE(O1t03vgx#)!zfmGRZ(j>ZC?r)K_5OqXTO`^` z7<`|>g$!mh$U!i2eQ@f6{ZqKwu?!1l6fTrS?f@rBRuPH^tLJ;?Dz8f|l2Soc<{($p zgIDc<(qnIhD3I^fb)#h(oCU4PZZA*5Zh#y!@Ivf4R9L3l3z48p<|K`4pN2Hl&I5SH z*Loxs3OO4GGA|q9`-J$ue@0g`uu(Yp?1mIvUtkCcC}W!u-G>Tc7D1hYLHk*BYSdL- zCyxd`RPNnv{|*^?0l>Knx+tsQlW^}!z?b*y3vD{>MwJ$sh`78j@F803vw;uCW7i0) z4lZMcdSmG+{WG|wC`opzbcN{sB5=XTC@y(I`Q~2FFEFNK0I&knFt<<7kDk6J*D(H* z)i>YD>L@Ub0_)OzZl0LkJzN%>on45`t=P12w8A`xeUqJymGN}GexDE$Hb1sRjNr>BTH zigp9*Dpo50PC^FW1c-D14Bm+v!WcpStht3rX(**3v!WQ z)!~9KB%%rgr$bPhW(@mseeG~YrE zC#T8e6y2)!KBbxhdjl}Qm$I!WTLn%jIwXpcg?$MnDKz`>*{--Cu28@aaJAODU9|o! z8jb*+ZIpPb(p~Z_NrLXnFvDOKB{_;Q-(}GXl6?GIBlun_iQl2L67;j(%z%!P+5_)N zbHEGwFXlG?PfBj{A5!q5{)=WLANq#78KUIS9#9ccWZUq}{s8VexQJ2eGz@3hAX>rs zr*dALD(LPLH9}Ch+iBNW2towDJe%;K%?WBOKu)^pg`VO;HJa zC;*Y8KXc)Iq zQy=ZIUG_650o65b?N#XaMMwm<+;tU=nOZArffLWg)AkgUErw)aj=>oXMoLhz#%chB zb|K4DS#9SDth;QdUzQj>3^!~>%)*U?-v6OL7D7|7>XAt1YBTkm4WxIc;eM@P;FbD? zcd`_^r2H403uo2mGMc(sq7&~y6z(P(_#5IhzKe7T`~#oedZ9NL(xs42A*Pl36`Ufm zpZ+WO##@KG6`{~%s31*h2+z1QrwO4vq*?L|*OCG+ zakJdgfQKVBO&?l%${!lO0Y`z`6V2q3yIVfMKMUS{8_71YNZ|o0Pya`n>-F`q&% zBYFb2emvQqA}Q|i0U|`RZ-Jh`vw`P&ToFZ?29N)Wg7Cc^JmFRwLi@{DD$$+}*VMPdIr-#dh zn{sc(N%h5Gio@X+%5%=g1_8?U2}e=Xl6>pL+rYNKIxgSDzlvsdb1M=fl$u0s<)&fK zjB-N{-8i56P|mQ+iVC8$|0a8I!Z10feNOTsJY+8ov;!kn9YfXFM__DY@H1CY3!%2 z#3Y;fxUjekUPcKd%X$~Os?YH_#M}{-F;Vf#Ny9k!+<1(X0aO!DFlez8#+7I6z+*(rj|TCWg_@Lp2*z_LmQX z&z<`ir+cWs6l&iLb7Ch$RjKZ-D)gi4OQoGkf6`h3nT+OPLGuvxJnu-_NG7Npoai%$I}C;okS9f4A?Bhh5{{wXED zq%S`O2OI$#hd>9e@$Hz9f|&vOu1OGuQ+06Bdy94qJIL6luzLqnf+hXf3mV!zVG93| z5kIz+lKPW2svVWhH}oFr-{;W>V|gYv0pZLcKT*_irTq&$;7e*bAj6i8d~xMf#S^$ zmVj}qouU{&iCnpnO6|-*i*16^)gioV0vIZ`P<@bZ>gA>E3hzpzoFbeCH{&#TLEvrQ zrhh{U?yy`CKq8J23Oa(a$DZQ5cM@{?0v!mksL0B8HSVxahb%MjM7Ze*WE#HvrANhZ zqr4u?I+nO4MNil(s8qod;|rcK@xL7X#Wt~)pmZ>a#RfJ0HOrI9P0sO99a+3Q63ubO z4<7UCowoRu7@Q;y(s1mVIX5bB2#@C?JgXZOlhk(;%>HsS@J0)6{pZxY89NgRtt;&}Z?9KWJDzRBI}wlipKpPetUy1rqbhlf;_C-$=~T+(>9 z;GJ;qcs%1MULDz)1DSjN-nciV7b{zM*Z0$2p3Rgr_1M3KZ{z2LT~@(f^L6_{B%%b` zP>nn67f;s@R%5@tE&f2?s{Ke@kTzeIS2o!j+08Ca5pl3LoAPlmyz6EvgssT;CaCvF zgC!qfRA;}$ua>DEN*@4TF*1jCmjh{2KE|yP)ZI_e?3jZCaqMirKOvAZkTFEx-^r2W89S_%Fl>HbRxLxsY zN1!WZpKn)^J32I~mS^tb7c`DNK_wI+VGj~k9D5=(O$$sOC=Zw~;FX z$-_SGmc`hR;ZR-BjEznR;5?*HPObp};&C}4HGJZ7Af8zTuuB}>B$Jasvu{TbOH;;$ z$LfkF569^WClAN#?;zEJfkF;KZ^=5*OLUT#=wwaAV`N-l)w-zBXn_p+zD@iXHGO8u zVe@#w(s$O;m3LX{i2kRzeN-~kdh}c`TKsv$BNM-^4oPm{4G#@1p5 zVM%ozwa6QQJ7!@kq%n$FA&pVMNwrS(P;B$)ru&2D)^w<2zdlW-FM3KK`=XLw3@=-q zbc*wxb;6+RKp&7s%CEW@zMnSYQe9xs%s`0V;w27O3FB8GTZfg(b4GP&p1kJ4Th`#o zCXS)nw`mAcG9QB&lcy)p3p| zG25l)Z(<`ELTZzQ3{uEq5u#{&@xDkRw*{(GYMG}PJtIc|YUs1JDovu44(`V#aetfK z{{n6LBJ4H50MIlI;lt>ona*2u{u zD2XcacqZ>~`F0%W{nG^Bj!xoC{vxM!NTJ{75K(+<-qa4OljLD8u<=hB5Vks*=QKLP zv6Tq8+X-h^0JK9=1UNPBOv58m8QC8(6`vf2weX!GIV!?_851@2S-``l5K`|Qcvlx9XK7{e=8k0FVbD%f9X1{eJ;p~5+ zj^jNk(eldR0xT9HJhf2Yc(MdWx5ZuxtH3(YB&@eK?az_>@@lE&o^kVL<$8b6y33DI z>2K6Dn!SLtI(4c)h`7i84fo)zCX}9iK2dmNA8y)99kF|dP#vwxEpE)Gd2CuRfB^?T zfl==OQRlWlJ+er>aF@eq4)=~uJ1nx&8Qv}RSoq|A7-JsL6 za|y($xU1ozVy=gZ{e#+}13*Wfjva5`j>a$0p09%Cy90+X^FIKE55X|}Gos%6=bQGY z+uskf{-{?T`gmpDu!rtumEmnIxnPFUa&ND`kxn65SKut>c}!(dLO>IT$5FZSWWP#8 zWa532ApV^`=U+Ha+#gWyf8q~SCMd|8?)tu_WAsB zzqb}du(v~Het`Zsi0{A4`4C^8IR<6&b5vPeLEdct?KnJe@V2j{O1S?7*7)(t=Ab=8 z)NIl>u*@D5|6@?X-Noju1Bf<@+RTE@xT4pb zhgZ5F3{yIeTj0alU5*C5^ElqdUgi&4cd#pcj78|oSDLnw%(EL!Am!RG@ zNcbf%!cCh&1w@W;z7}@MDC6#Pg%iDJKg$A)X1&QIwSIvN$@w;OR8s5`MYzX9c$Xsl zU^roEoDiG^L9@J8(Zq(+WFTkfd9=Y*LU~#m0Id1vRF5?>%C_{RQ1$L~nz0gvr(t-o z**@R-g>7ebPAI8tba z+>iz(hZj}$o^&2x1e(!PY=b0hYX!~DHp;vnGEsn%ic2g=!tI4yAd6kJyj~|?un=X; zrGB6i#QU%$PQ{%zl-QrJ@OeH1ZBcF9SlyiA*iVYWoor{YTp~S1e60l&N!+{F=z2n= zFfpZ{^;s|lmkiajCiw?QV*603><2i)MzcShj`Bx&viuE-`wZfKjwuse#{^#S?xP*J zP^uDSV8u?qK4i$5nUFz0b_=J!HH%fp(yE2YR_(=BeK4A2m5_CT?1-(3Yt)yU2BldB z!etM**h?t{HDQ*-vL@6GQ~hJp_Q#+h0{>}4I3P%S@ns2#WS`GA;-tvoBox!u97NVu zDV+o0;C!M4L#>>CpmsD%?ZB;#tpeere5?_XJ6YPdQ>a>KL1rzJULqHaEF6!p0T+y_ za*p?|j%>5no=4n;z{T}#TuY=D$YrBdDxu9TMtSW#)7vp^rOJ470>Y3#3;Ag7lzbtT zfd?j%>phMJxa_P~+}(xbk3+uRNkF&=2vV7~M4+uwEZ>5kb{?A`l9YI%LgnvZ{sl`Q zEPCR-6U6~kSzRB5N)OY|$_(tNQnR~|qPBvOUIASDK7}JIfoq{oxVsd|PziJITMz<| zGVM8%$DvB)(OE$&^>xfj(OXziQlX53kb<4#v&j{o2tP|0Fj2h%c&o_I!*k3;H=qhx zeW$_k$xmR2u2AsAJfQkozKNPX5^k7AN3$Q#U{m6VB@2F#Wq{1Sj=Ao_POPY4Qn>p7 zvc-(ZVnpHYxLKI=QSlX`cCK=Jp|LE~;enV|lxActtypZ!GEseF-g8kE7M5D_J|*n987 zwyW0UT4G_TDuI?8_XWb#{G5e+@)p_3lO4W!` zsjrKp@c9)s8K~9-LGV+TB*RbBprpN$cHk-s;W-{n+tE6m{>pJ378GBHTREpp?1E(z zg$vzT`m1GZeGb>XnD5!Qvv8woF&@qO%b75Z(@|7`AxK6)LJDlQQdRpHB0D*1gXU{e zgtGgCnnW7=hobq^{}N*rXX8UsaD~jH@ufIXwwsZC2j$}vEldh`Gg2&z5W#lAc?hH3y*!>vTy#(WFyAH;A2zb1ZCem|n@Eu|%T2JC|;s4hH%&W&1%J?q(?ZY+f$< za9N;qwQ~Fz>v1EAD5%kC67|{pmF4Pjw|x{IarFe5_-rgfd|sQ~7s1%K0djowFx=p` ze+&wws?8ZFxEH8)m9Sy4Cf4r1U^Vyr58}0(FZ+O0D$eM&`=!%qe(Fc!!+7ofuBe~& zJ4uEM4NAX5xs8Qm-|BJaF8V}|##+%Ak$r?U+pa~Wu>>KZ7RdH8C}^)mpbiLeb_*~3 z0nWhTtiBLnMn8ctXIqFc7C>C=U|Z-WP&)4;`FR-2l|B|bHg;?Vu}3fz^!*g?=IRaP zdjpUh&Q6={G!*KNDdz#q28kK4cVbM16Y!NDFn0P(dH#B6#y2H= zM8fY#*e>Ct5oq}c1ZY?gwII0L&7czpO^3j33p1^BjGLy*+ve{ z*ezkdgs({Ws)VmeI3VF33E!0PEeZEZ_&W*Tmhc@32PJ%8!hI5cAfYYcpC#Nc;fE3q zN%*mZpGf$rga;)2T*8AAej%ZOmV0Q%I0+|6I8nkh38zSSw1memvJFOl$43Fk>TU&4hFULj$QgjY$J zC*jo+1|_^!Lf#2DG-HW`g%U24aD{}|OSn?P8zsD1!doR=CE;obOC>CqutLJyB&?FK zTEbch>m+PIh}VGrh_ja5<%eec260;jTA&g809{K3Hx6QN6Jj%u?IBb^sGm?7p`C=9 z2t7mSTZDMyr{XC>?Sx(?^e~|h2yG^GkkCDZjzbR^+d$|-Le+#85#sE$;s!!D5@O#P zuM#?g(C-PIK0z zA#M}Io*;BQp+^awM`#Dme75K$_YJ1=w?ED2rVPDpHPsH z!O7eegia)M3873v=M!2=i1)KA))G32&=x|x#apqR&^SUpgbo}8^jkt768bZteS}gm zH;(;|&{>2A2whBQH=#m8FA%zo&{KrMgtilUn9z3!{e;j%g!%~GN9bKb&4fNBw4P8J z774K`LNf@hCbWpqNFV3cN*b7!Us=6Y@@kjXHr6k$F0bKJ zZUcx`H#U^5*jQVZTV1-ewxP17y1454;;P0nBe!ZzOEnZi=ri`f~v$9qQR#dJlTi#H-u69}3zcqr( zRaG^sjpRh5@Vdo7YS2o0vg>P&g0lL0FkZZ_7PdAd&>B}4S5}pk`WtHe^<@qIhO)YK zm9WHL?3h?T#e-4@@ild2W1|(9`fH2p>u;~AE1hCw&bfHbrE@apT!P=lnVECuBF@Yl zmYkV2XLzFE&K-t3m&`nh6_=L!YoyemZ++#OYNKpJLtSx6!)!jlEp=r^UD>*t^<|!f z^(gT2jmGTCYGZayV}mifzP7}eT~b!pP;bmG2Dr8ixwUIc>NDpehCN8GU#oz+vf@$& zmDH?ThwKVtHuzK+>q@hX`ikOA26H9Ix|Gqy^DbeOMP8N0Y>1%0=FgmS*__M^{f+gg z#`C94o>4D9V{&zkzp8Ten)-5o@p_bT@#?CwDaMpSu&ggbSyz|(S2wPKq}m$T%kr-+ zuBs}ouCK4D&RMe#6mwwMlqtsS+iH!fn%j+aWu=vk>x_!ZH5Eot_1fy1+pGOGQt{{e zA=FbCHMM2cZt?reQNNNg=sXWbUClZVTA{8u^ZiEMY7bi>D!gvd@^dohdeA)>wZ(O? zEg8i>^DA{V)oWaNS7Ot0QE|1ux~9P|JWQ(4x&A``y2knjKRi$i_5HWqT#VXLSuY-{Z>(hv zAzn=#QmSVc1}g&4#wf0)%UN+ zRmE%kt1D3t(FvV};;B*0@|G??95ank7&r_cQh@?OwbVq)iRi%+szU?SMg_00X{;-8%U1a{F0G`ot`5VG zl!|nd!oRq|&kh3BJ6?Ajn$nswRWmAz*P~@rZ;aC_C5x&>GI|u<2P3YmZ-8IonEuLY zzjS>5b?C#4<){yQ-Ye)SXEkm9-3-ZRgE;f zb?El%(6mr{YcPgGa(T^^ktLR5;eFRpidRaQF3-%x=%Q(J?fTKeT;cGPqj1foYO zEt}&nUX4}-S##!~3N^a^F0Msqgs~iW98}O|UH`Fz7y9J#o?=waEe+A*{@H%*EA2ZB zHM&Gluo%Zx4+P&dmXws0m6joCij#)g-B>oKv0D6LsHfuklFCY>qze7{;!>mDonFZV zM-$XlY2L6bxVrZl^H0*GMNpr1uG<@*qLY<==gzz$xFRa zDl;v24yK0)lBBRywi zZB;tetSzfHoY7fJab{Z>%L{9&DoZvR=rv2q40hR=$#H^GR?XqO-YDYiOd8LW$v64k zao&HYfA)I+EmN3CbpTGDJkzgcDE@_HMD4HebE4v3h(JApOifz+3stO=XMq~rIcY(L z9%QfZ-{ME2p4Rwp0nAZJAt^daB}xfIa?pv()j1XZuVT`3AtyZy=FZHzbQS^3co<>E z(Fq>mseQj9@2XV};#0~Lzn!Q2e$owPFCC^!pkW9^NhaoEqhD|QVF24CIJ%8eCObio7SQ;vm2=pQX zqYFzO|8>`cfuy9OtYmF{<2t|Jk7}PWZzX4BRV9s87*0z$tT_lO7t_lr25|lUg2l@V za#t)0o`pYS38oil7HZg%VRH`fRFA~|&KZ7WIPtRw7%|%!0(HB^h|jeePzzLdp%XBo z=yjbajT!GEZBQa1)s(jEH7N;&`L0nOn~Xwq1b$BVhf9lRQG)&>BUa@E|JAxooNSS` z-1U`I4^B(b`-rMjjGDCuyR))VV@cz>)tKU9?5A_lr2+#z{bZ6O{hS%4YzfO7Wwj;L zlP52(uWv-2JQ-8s96Zxghs`4NT1UbpA4?zQiFL&dB^8>rGvKgzOEHDT`X_m$!}M|Z zOyS}YmzEdLnQP3*n7a~H*_pDaCB*Or7*-E@h!IU#`yG<1nwqtZwN5Qrz0qHdvB-bk zjQaENmL`j`s;qhqCb{b>>$NF50ZpW_8a-Y$if?2@GI1Eof@F1>e@0cKfAz)&Ov0+T zs+qY4b80sY6O+YNRb^|ig0Cps;FrO4K6KdtU50xFOYtltW5kTitPzth&Vb=%8_*@n zioj{~@QFJ=V9}H~jTvs!6?%$M(a=yk->9!a%b$;VnrwT_<_^kyKPE01A*DWEHFW&REMr_sih=*}r}Q_B@pmjUQZ}Tgq#r#gtxa;6`~Uv$<{v8k z%XM6<<2!WRqT?+(-lpS6b^L^mcj&lB$FJ!4O&!0ZV_U}`>-eCKC;mw3k*?z}>3F)1 z=jeEzj<3>jzK*Zg@hTnPrsD=3-=*VL9Y3h!M|Au{9e3#Xc^$u`W%*)c`OC+PSL9naM9Tpcge@zpvm)bWivF4b|hjyLG|9vyGi@xwZ9*YV>zen!VT zb=obo{E0-_r4*j{mIVPjvi+j?*4j_8h0<({y~Ujx%&TU&nbm zUZUfbI$o{gDjl!aakGx^)A2(({*I2f>-Z@hzo6sYIv&vR?{vIR#~ybfxJAcXbi7T+kLvgd9q-U_kB(o_@tZn+ zN5{5~Ki2U<9Xmal=>R%T({W*^ve(IW@SLvD!MimHPxr+RnKAH^;**??JM!{3@rgt^ zE@2XITauilY{Su~E(y=k*O9mC7o+Qwo}`aswIr-I3!wJAT=D7(7Q_M&Ib=IsXXtdFe26lJ$A*FnEqWJ!9x|(-G?P zUs_Ijzp~HK!-*aL#KzF4P}3i-ylRe6pCK)$S=;C6;lz$U|EuxZwOprM9sdlDq0b#h zsL%KviGFeFbFw~@HQwRsbM4Ec*PjQDP@iLx^l|iXV#hz}W8gV{I(ZDdX`1mVW8nEU z-l=2Y&D40OkAat=@y<-bOD<>Q73J4S8sCXHH|Jmb7=BIe9}ZW(XN{pp;V(xo-ye^m zhtd|WBqp^pC*6si^1VRo)2`(v`(ox~ZGf2jB%B>*@&ynZEehu7_gco%XbUahX_axytavi;L zwB8ew=ri>5LG7=MqbE+eU}DOIlzT24mvUml(@6ubA3ONHpMB}QBo_a_JRW;?&Z-Ae z@@oCH)9{}^9xq$8>?)?|*ps6$mo0K)!9zad=1KnM@#LeqN!oa(#qr&|Ma|;{@yoFE z*ql)A@+Fy}+$A@JDjSS1*Bv;fy)~sxr(U&qMQHhoWs8?w!_4O9@$LN+-MoTAPgd&? zE@JX8PP=qzejs;=5VoG+P%X~Q@=&$yS44+W+J{`i#YNdnY*fMJukJ z=h3bUw+rQus;M(!dSN>sS7v2g9?D$--&|F+A`mLCD=Raa+y3Yw5RAae6@ewo7cW(A zXg>p#Jnj^iFZF0=G#_}+r9B}h6bfNCu4HYfq+)GoO=EFgsnNVw=ZlA#Us_gIS8ITy zJXBW4VI2JMp>$&vPOuvqSBF+tRs-8;PHU^naZ21%wz%|Qv>A0lH_I(rTsL7(p_Aj3 z%^F3qGC5syTIHncq7wIjPlcQAv0XV2xwTHNE(0xmLsGJq(VUW$&Xd`YrfGFESKLq- za8ldc)XIjkb)nL^l{9YKuvGY~hB@ttIgS%! zHL&EG#Y+MXGbRs6^0H+j6fJ@`F2!Gaos6oQ;?ht_-NxF68gKrflP?z+Luha{bx<9R z3%-`T>kC8bIA88%Fnwr*bXdcz1BqF@>cQmZ@zmPo#AHp-nwV2m3zvvL+nkJoywIW* zE1^1X0+HFaq#PV~kENJ7;AHZqBA)j;&pg0q!k{N%E-o)3$@V1iA|sN9JW0INh@=Bd zLYLz$`{oHw+Bzw=R`=O;S(}qoU0FI8w>Zgan>Ve#nn~?W5>Vy>m1*0(X$>2sI6Is) zJUe(@-ZU+uN74#0J}l3d%SNpB?jdh|2!|)qF8hgB7$^v_8M12%6{;(H*Wr37bQl z3j(2<>awcJYH376ZqD)*OPA>h2q+FDrE3$KCpwHA@3gupY@?NOfF5$1Xj?*Ny*g`m zbGJFU#c)PxX{LB2w0dJmH-L8LV{nzSN7d7#>2`1OWl{_YDGpwjo9b3`C##29?gVOi zUG_5&`o3u(uuZ8te3&H+({kMsqXxj_d>|y05fp1k9(DTY)<22 zRSoW|La5YcH1F!x~U%X^# zUO-J2TUBCRiIUruEi2HrcOfnOvT_(Rvgw` z!N87l@DaY{#*S2~5in|6M8SK4c<%tOX9jWy8MK{? zVBlPh_qxJ+^Z#k@+=Jw(sxaQ0M3UVESd2ta&t8Q zK>pxgw(9iu@0@dQci--wo|${UJIs3td8OSDt#DD}qKq%Xq`r4GZxi!gMP6+bqQ%{r z%td{7%e!K*Yv_;p0fT=a2K+QahR(7d;p zw+VTDdmvipqC6Ih+E~lGWQc5c@et&lH4M=`5yh{TA(@K`zL1mSxLfn?XWlu;t9K$= z+Kb6t6vtWKTFqO}yz`J(9fxQQ(E+ovO+z3id!{WLKp9$gPHVPwXf{CPXcx9-zivZ) zm?s5!OInflT*#}mX4i$hJ6p4P$m`R*mB=e(wUD^FwUAXTvyiO=mD+UYH?_(^p4o<- zx)3{6+8aAn;iASxc^}*PC2f*-E%O#3ueJ}O#qmt$qCVd8R%qT6%qt_WG6B&(E{gkN zQAO{DG}>F5_dfHMBCq%jM9WFAc z_XzWDL0)-(M5|oXxu_h7Nma_f8HiJL=W|)PfXgb>&4aRq z7mNQA@h{|Z-KAXC7jao!EdI-}ot?V6Iyyg%RR@*N=<2Stlv^qTt6P)?)LKhiZ>bEZ zv~>2h)LQzss}3%;)CX3#thQFc#g_W#ikP}f{`hd%3STDo74&=WR^#>_W$5Q6-eb(~ zqnY1+w8n8E3RjH3AM%gU_)*5?smjws{_)CZ8kbH|zSy|qWMzu(xxK0}x)p_cXK4Io z)Im4~4$%NLDzHSV6JasHAHc~Hq5LD`uCtVnG43;-V_ZF3w&LQ=1=u*g-)t{?^fpY zIpi+mU5vYpCmQz{7sx|#{%t%-uW=a9ajtO~C-FPuFkazi<1k)ewQ=aLf5$lVm$#y$ zi`xtR)uW60VLbG6axNHh=x>}E$}iXBJtvf3p^RHf@W#$5O`|@I!0*yKPKaN!uW$z zEuL9?fpOiqZ26(z|0av~S)5bNvi@GoEW+(`1~As2S%1)4i+5XmVv1hoA$C z`xC|$aDFT9Ps!pV1EZsj^^Ldus?~p}#W{01<3}0SKCjH_xmbS~H?+XwRf}^P1#Yhg zFMKS2yX9}UT=`*(cUk;d<01yQGJn10*B?~=(BeH7-v%A`tiRp1H3Bf%_q2F@ z8|4FxIp+%NKiu*=?fRQyanAX|_*~;oyugzeSbpd?zsBP27Qfdxv-7>m@;mK*dfnnR z%O5mE_rHt*!>pgPz;XY3S1OOTc+ukD5^hJP#t#p1yIxK(?zZch6G5mjcscPT_m6WN zk&ia+vG)0iamlWa^Nl&cn)yqNIcE*|X5*^0$D^UVwa04XcH7?Tp}e(6OPlUb-P!}X z0@=SFJKl-L-F7_P#+`P&7||~IMQe|r8)vrv^Nl;K{<3k!+T$i;&Y8sHxyQI{?ZF8w z-c(&tTI4(QB z-SG;?s~oR&yvgx!JSx-kJ<9Pxj*oE6+33^qr#U{`@j}NpIKIvCy^f!C{F>v9j$8G) zfnC(U?H!MGe4yhWI6lttDUOSdFLr!`;|G=TE?NJccD%;%2FC;SIU384a6HoS7{}us zAK>_4WqeA}zat$_bNo}s^BrI5c$woz9KYary>dLCn;Z|;_Z=}l!trS3*j}BECphL$ zC8M&Ke~9D598Xq`+ds+i>5hNpc(LQ9%5nQQI$q}ZF2@f#e$4UHj#oQg<9MBNJiZN% zKXkl>zK@If!yWJ7cvt0kyn8#|-|<0?zvpp#)O=Q`$Z8Kvic9&UsAuoCP7 z*l%GM!7hO>k*?u=`;5!|)L> z!^g(#A=tyPM_`Y_mcv%SR>B^GJr3)GJpp?X_7v=C*xzB#!2SVy7Pbnu8ulFQpRng) zFTnlZhbhrI!-!v>-8`Ab_{zy`zk-n|{R4U7|C z?f}~n_7&JyVI8oMu#G6Y3HCqOhp>-eJdym8WB_a+Yy(_x!u|_;3-&(j1K1G6T48Ol zp)h`@wY_c}&U zaAYF-k!8j__TtNIO$7|+6s>v2Au*UKj}A@M;clD~QR~C-R+-RHh71;D!kogM@)=DbrmjaM*&*^w5|SDnma#XByysg$YBl zFsh<}3BIK3zF!j*IOSM@{nkkCSG;kkcI=^9IFms^=He^Nor%d68ijR$UEoHVRfR#7 zQ>~y>DQBSnvCNo0WgLd8XoJq2GH2#Vn9vAEflhxZ5w~wXPLCCv5*z2Z79H=2b2@#- z*b^|PnT!mYQ{eP{Xcrvu^kZ@0@i=%X^gnfDF#{ULEH>GZv0=Be0=oAnNxwN-zA$&L zI((n*oa1JNm~v!ywsZ%n!cX_cEX5dO}*3#0^*))Pa&8B|#%G)4a8EB$4Bxi~R6O??{ z6k5hPSr%ubzFD0PLhezsg4h9|EJ{$;>w=~p6FWj9*fg>dJEf)X@1VdA~{FDQemcEYnL=RhI}nC(6qLXsfjwA+`h0D8O57= z@ha2rFyM1#;gL-@8CF){sIn$62$=*Lx36;kwp3s4hEvz(ZjzYQzy11IepT-LtCq;+QLVW%E#U!NCl znSS|fUq0&aOiJ{13W@ZJH-IE0J`Nc*XB1*J@}f)b6fN73+G)9*%FbM-s>3r^M@WJwAbzO5@NM3VKOK#BnAk*o*JQ3Pr& z1cJ&a0_8=8!#1NUYJ4nrf}(stBoaZ#p%)KT77%r)c1S{AG?X|~wNT=2$b_6Trw_7N zDhx7LLlKlX^g2?#QDavp@F~|2|5!dxD~G$wuPE@nI46AO%apFkovW+-;2$$_V>i4( z>XW$in$i^g^o=*-c~wtS<*+()V&NvTA9W>qpVT3{EK(soc3I_NrqUiQKyOadBkpEm z9!QH59fuMdgaQuAjuYjEsE~tXStJ`dkBXSZrMhKZrD|E%M6(>^9j5DOB9=*9dTTfI zG(jGdq+nmEi%C5}5Tib)gi&Ws0+YJfvid?VTg4d`p_aV0;z>8HQ{)NyeoU_is-QHI zmo@SGF6^SpRpc=NoeDIj{HY9lNS@kDWlBL$D&Kv`vn!_^&nu#YWRv=yM7N%5pd>@@ z?C=QSS%#`b&Ng3{^sLK&c{XE8et1Q)60|BRQi-}LuJAc0f++zgrT9Neqy#7}=8B4< u^4b5wf_&5OwBd` diff --git a/scripts/build_windows.sh b/scripts/build_windows.sh index 3d4a8802cb..047b8cb1c5 100755 --- a/scripts/build_windows.sh +++ b/scripts/build_windows.sh @@ -10,7 +10,6 @@ trap "exit 1" ERR az login az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEVCodeSigningCertificate2 --subscription cc-prod --vault-name CLICodeSigningKeyVault --encoding base64 -xattr -dr com.apple.quarantine ./lib/osslsigncode go mod vendor From 6f5ebd23a1b094698aa04dcc1a9ac19e53caea4e Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Wed, 27 Dec 2023 15:36:09 -0800 Subject: [PATCH 14/18] Can't sign in place with osslsigncode in Docker for some reason --- .goreleaser-windows.yml | 8 ++++++-- docker/Dockerfile_windows_amd64_base | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.goreleaser-windows.yml b/.goreleaser-windows.yml index 4305d8a23a..fa6e4a7005 100644 --- a/.goreleaser-windows.yml +++ b/.goreleaser-windows.yml @@ -23,7 +23,9 @@ builds: - amd64 hooks: post: - - cmd: osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} + - cmd: osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out /sign-temp/confluent.exe + - cmd: rm -f {{ .Path }} + - cmd: mv /sign-temp/confluent.exe {{ .Path }} - id: confluent-windows-amd64-disableupdates binary: confluent main: cmd/confluent/main.go @@ -44,7 +46,9 @@ builds: - amd64 hooks: post: - - cmd: osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} + - cmd: osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out /sign-temp-disableupdates/confluent.exe + - cmd: rm -f {{ .Path }} + - cmd: mv /sign-temp-disableupdates/confluent.exe {{ .Path }} release: disable: true diff --git a/docker/Dockerfile_windows_amd64_base b/docker/Dockerfile_windows_amd64_base index 961a5c8632..ea965574a1 100644 --- a/docker/Dockerfile_windows_amd64_base +++ b/docker/Dockerfile_windows_amd64_base @@ -27,4 +27,4 @@ RUN git clone https://github.com/chocolatey/choco.git && \ ENV ChocolateyInstall=/opt/chocolatey -RUN mkdir -p /cli +RUN mkdir -p /cli /sign-temp /sign-temp-disableupdates From c872a56b6314273441a1535daf1791f9f55bdd8a Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Wed, 27 Dec 2023 16:08:20 -0800 Subject: [PATCH 15/18] Hide windows signing certificate in Docker using secrets feature --- .goreleaser-windows.yml | 4 ++-- docker/Dockerfile_windows_amd64 | 4 +++- scripts/build_windows.sh | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.goreleaser-windows.yml b/.goreleaser-windows.yml index fa6e4a7005..9543026fdf 100644 --- a/.goreleaser-windows.yml +++ b/.goreleaser-windows.yml @@ -23,7 +23,7 @@ builds: - amd64 hooks: post: - - cmd: osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out /sign-temp/confluent.exe + - cmd: osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 /run/secrets/CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out /sign-temp/confluent.exe - cmd: rm -f {{ .Path }} - cmd: mv /sign-temp/confluent.exe {{ .Path }} - id: confluent-windows-amd64-disableupdates @@ -46,7 +46,7 @@ builds: - amd64 hooks: post: - - cmd: osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out /sign-temp-disableupdates/confluent.exe + - cmd: osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 /run/secrets/CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out /sign-temp-disableupdates/confluent.exe - cmd: rm -f {{ .Path }} - cmd: mv /sign-temp-disableupdates/confluent.exe {{ .Path }} diff --git a/docker/Dockerfile_windows_amd64 b/docker/Dockerfile_windows_amd64 index a6546888d5..b71037d441 100644 --- a/docker/Dockerfile_windows_amd64 +++ b/docker/Dockerfile_windows_amd64 @@ -8,4 +8,6 @@ RUN export GO_VERSION=$(cat /cli/.go-version) && \ ENV PATH=${PATH}:/usr/local/go/bin:/root/go/bin -RUN cd /cli && make gorelease-windows-amd64 +RUN --mount=type=secret,id=CLIEVCodeSigningCertificate2.pfx \ + cd /cli && \ + make gorelease-windows-amd64 diff --git a/scripts/build_windows.sh b/scripts/build_windows.sh index 047b8cb1c5..0393774c16 100755 --- a/scripts/build_windows.sh +++ b/scripts/build_windows.sh @@ -14,7 +14,7 @@ az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEV go mod vendor # Build windows/amd64 -docker build . --file ./docker/Dockerfile_windows_amd64 --tag cli-windows-amd64-builder-image +docker build . --file ./docker/Dockerfile_windows_amd64 --tag cli-windows-amd64-builder-image --secret id=CLIEVCodeSigningCertificate2.pfx,src=CLIEVCodeSigningCertificate2.pfx docker container create --name cli-windows-amd64-builder cli-windows-amd64-builder-image docker container cp cli-windows-amd64-builder:/cli/prebuilt/. ./prebuilt/ docker container rm cli-windows-amd64-builder From 8b640cd4dcd1ae76bae4784494d1cf67450c05e7 Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Wed, 27 Dec 2023 16:38:02 -0800 Subject: [PATCH 16/18] Add chocolateys block to goreleaser-windows --- .goreleaser-windows.yml | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/.goreleaser-windows.yml b/.goreleaser-windows.yml index 9543026fdf..cffcdc2045 100644 --- a/.goreleaser-windows.yml +++ b/.goreleaser-windows.yml @@ -54,4 +54,31 @@ release: disable: true archives: - - format: binary + - id: archive + format: zip + builds: + - confluent-windows-amd64-disableupdates + name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" + wrap_in_directory: "{{ .ProjectName }}" + files: + - LICENSE + - legal/**/* + +chocolateys: + - name: confluent + ids: + - archive + owners: confluentinc + title: Confluent CLI + authors: Confluent Inc. + project_url: https://docs.confluent.io/confluent-cli/current/overview.html + url_template: "https://s3-us-west-2.amazonaws.com/confluent.cloud/confluent-cli/archives/{{ .Version }}/{{ .ArtifactName }}" + copyright: 2023 Confluent Inc. + license_url: https://github.com/confluentinc/cli/blob/main/LICENSE + require_license_acceptance: false + project_source_url: https://github.com/confluentinc/cli + bug_tracker_url: https://github.com/confluentinc/cli/issues + summary: CLI for Confluent Cloud and Confluent Platform + description: CLI for Confluent Cloud and Confluent Platform + release_notes: https://docs.confluent.io/confluent-cli/current/release-notes.html + skip_publish: true From bb3affb6a2a9458aa070c4bd47fa67783bac5f70 Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Wed, 27 Dec 2023 16:56:42 -0800 Subject: [PATCH 17/18] typo fix and add .dockerignore --- .dockerignore | 1 + .goreleaser-windows.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000000..0ba3650a78 --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +CLIEVCodeSigningCertificate2.pfx \ No newline at end of file diff --git a/.goreleaser-windows.yml b/.goreleaser-windows.yml index cffcdc2045..af2363920e 100644 --- a/.goreleaser-windows.yml +++ b/.goreleaser-windows.yml @@ -58,7 +58,7 @@ archives: format: zip builds: - confluent-windows-amd64-disableupdates - name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" + name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}_disableupdates" wrap_in_directory: "{{ .ProjectName }}" files: - LICENSE From 6282f3b2649c55ef33530fba43dd8b4e49e057b8 Mon Sep 17 00:00:00 2001 From: Steven Gagniere Date: Wed, 27 Dec 2023 17:23:39 -0800 Subject: [PATCH 18/18] don't package the chocolatey version of windows twice --- .goreleaser-windows.yml | 4 ++-- .goreleaser.yml | 14 -------------- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/.goreleaser-windows.yml b/.goreleaser-windows.yml index af2363920e..4af3daaf40 100644 --- a/.goreleaser-windows.yml +++ b/.goreleaser-windows.yml @@ -54,7 +54,7 @@ release: disable: true archives: - - id: archive + - id: archive-disableupdates format: zip builds: - confluent-windows-amd64-disableupdates @@ -67,7 +67,7 @@ archives: chocolateys: - name: confluent ids: - - archive + - archive-disableupdates owners: confluentinc title: Confluent CLI authors: Confluent Inc. diff --git a/.goreleaser.yml b/.goreleaser.yml index 80f0d7dcd4..bdb2a91f20 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -162,16 +162,6 @@ builds: - v1 prebuilt: path: "prebuilt/confluent-{{ .Os }}-{{ .Arch }}_{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/confluent.exe" - - id: confluent-windows-amd64-disableupdates - builder: prebuilt - goos: - - windows - goarch: - - amd64 - goamd64: - - v1 - prebuilt: - path: "prebuilt/confluent-{{ .Os }}-{{ .Arch }}-disableupdates_{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/confluent.exe" archives: - id: archive @@ -205,11 +195,7 @@ archives: - confluent-darwin-amd64-disableupdates - confluent-darwin-arm64-disableupdates - confluent-linux-disableupdates - - confluent-windows-amd64-disableupdates name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}_disableupdates" - format_overrides: - - goos: windows - format: zip wrap_in_directory: "{{ .ProjectName }}" files: - LICENSE