[CLI-2823] Add chocolatey to goreleaser config

.dockerignore

@@ -0,0 +1 @@
+CLIEVCodeSigningCertificate2.pfx

.gitignore

@@ -1,3 +1,5 @@
+CLIEVCodeSigningCertificate2.pfx
+
 /dist/
 /docs/
 /legal/

.goreleaser-windows.yml

@@ -0,0 +1,84 @@
+project_name: confluent
+
+dist: prebuilt
+
+builds:
+  - id: confluent-windows-amd64
+    binary: confluent
+    main: cmd/confluent/main.go
+    ldflags:
+      - -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -buildmode=exe
+    gcflags:
+      - all=-trimpath={{.Env.HOME}}/git
+    asmflags:
+      - all=-trimpath={{.Env.HOME}}/git
+    env:
+      - CGO_ENABLED=1
+      - CC=x86_64-w64-mingw32-gcc
+      - CXX=x86_64-w64-mingw32-g++
+      - CGO_LDFLAGS=${CGO_LDFLAGS} -static
+    goos:
+      - windows
+    goarch:
+      - amd64
+    hooks:
+      post:
+        - cmd: osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 /run/secrets/CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out /sign-temp/confluent.exe
+        - cmd: rm -f {{ .Path }}
+        - cmd: mv /sign-temp/confluent.exe {{ .Path }}
+  - id: confluent-windows-amd64-disableupdates
+    binary: confluent
+    main: cmd/confluent/main.go
+    ldflags:
+      - -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -X main.disableUpdates=true -buildmode=exe
+    gcflags:
+      - all=-trimpath={{.Env.HOME}}/git
+    asmflags:
+      - all=-trimpath={{.Env.HOME}}/git
+    env:
+      - CGO_ENABLED=1
+      - CC=x86_64-w64-mingw32-gcc
+      - CXX=x86_64-w64-mingw32-g++
+      - CGO_LDFLAGS=${CGO_LDFLAGS} -static
+    goos:
+      - windows
+    goarch:
+      - amd64
+    hooks:
+      post:
+        - cmd: osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 /run/secrets/CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out /sign-temp-disableupdates/confluent.exe
+        - cmd: rm -f {{ .Path }}
+        - cmd: mv /sign-temp-disableupdates/confluent.exe {{ .Path }}
+
+release:
+  disable: true
+
+archives:
+  - id: archive-disableupdates
+    format: zip
+    builds:
+      - confluent-windows-amd64-disableupdates
+    name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}_disableupdates"
+    wrap_in_directory: "{{ .ProjectName }}"
+    files:
+      - LICENSE
+      - legal/**/*
+
+chocolateys:
+  - name: confluent
+    ids:
+      - archive-disableupdates
+    owners: confluentinc
+    title: Confluent CLI
+    authors: Confluent Inc.
+    project_url: https://docs.confluent.io/confluent-cli/current/overview.html
+    url_template: "https://s3-us-west-2.amazonaws.com/confluent.cloud/confluent-cli/archives/{{ .Version }}/{{ .ArtifactName }}"
+    copyright: 2023 Confluent Inc.
+    license_url: https://github.com/confluentinc/cli/blob/main/LICENSE
+    require_license_acceptance: false
+    project_source_url: https://github.com/confluentinc/cli
+    bug_tracker_url: https://github.com/confluentinc/cli/issues
+    summary: CLI for Confluent Cloud and Confluent Platform
+    description: CLI for Confluent Cloud and Confluent Platform
+    release_notes: https://docs.confluent.io/confluent-cli/current/release-notes.html
+    skip_publish: true

.goreleaser.yml

@@ -153,31 +153,15 @@ builds:
     prebuilt:
       path: "prebuilt/confluent-{{ .Os }}-{{ .Arch }}-disableupdates_{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/confluent"
   - id: confluent-windows-amd64
-    binary: confluent
-    main: cmd/confluent/main.go
-    ldflags:
-      - -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -buildmode=exe  
-    gcflags:
-      - all=-trimpath={{.Env.HOME}}/git
-    asmflags:
-      - all=-trimpath={{.Env.HOME}}/git
-    env:
-      - CGO_ENABLED=1
-      - CC=x86_64-w64-mingw32-gcc
-      - CXX=x86_64-w64-mingw32-g++
-      - CGO_LDFLAGS=${CGO_LDFLAGS} -static
+    builder: prebuilt
     goos:
       - windows
     goarch:
       - amd64
-    hooks:
-      pre:
-        - cmd: az login
-        - cmd: az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEVCodeSigningCertificate2 --subscription cc-prod --vault-name CLICodeSigningKeyVault --encoding base64
-        - cmd: xattr -dr com.apple.quarantine ./lib/osslsigncode
-      post:
-        - cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }}
-        - cmd: rm CLIEVCodeSigningCertificate2.pfx
+    goamd64:
+      - v1
+    prebuilt:
+      path: "prebuilt/confluent-{{ .Os }}-{{ .Arch }}_{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/confluent.exe"
 
 archives:
   - id: archive
@@ -310,4 +294,4 @@ brews:
     homepage: https://docs.confluent.io/confluent-cli/current/overview.html
     description: CLI for Confluent Cloud and Confluent Platform
     skip_upload: "{{ .Env.DRY_RUN }}"
-    test: system "#{bin}/confluent version"
+    test: system "#{bin}/confluent version"

docker/Dockerfile_windows_amd64

@@ -0,0 +1,13 @@
+FROM --platform=linux/amd64 050879227952.dkr.ecr.us-west-1.amazonaws.com/confluentinc/cli-ubuntu-base-windows-amd64:latest
+
+COPY . /cli/
+
+RUN export GO_VERSION=$(cat /cli/.go-version) && \
+    wget "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" && \
+    sudo tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz"
+
+ENV PATH=${PATH}:/usr/local/go/bin:/root/go/bin
+
+RUN --mount=type=secret,id=CLIEVCodeSigningCertificate2.pfx \
+    cd /cli && \
+    make gorelease-windows-amd64

docker/Dockerfile_windows_amd64_base

@@ -0,0 +1,30 @@
+FROM --platform=linux/amd64 ubuntu:jammy-20231211.1
+
+RUN apt update 
+
+RUN apt -y install make sudo
+
+RUN sudo apt -y install git wget build-essential curl mingw-w64 ca-certificates gnupg osslsigncode
+
+# The official choco linux image does not have a new enough mingw-w64 version to successfully cross compile the CLI
+# So we build & install choco from source on Ubuntu Jammy (which is able to compile the CLI)
+# mono is required to run choco & .NET is required to build it
+# https://github.com/chocolatey/choco#other-platforms
+RUN sudo gpg --homedir /tmp --no-default-keyring --keyring /usr/share/keyrings/mono-official-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \
+    echo "deb [signed-by=/usr/share/keyrings/mono-official-archive-keyring.gpg] https://download.mono-project.com/repo/ubuntu stable-focal main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list && \
+    sudo apt update && \
+    sudo apt -y install mono-devel
+
+RUN sudo apt install -y dotnet-sdk-7.0 aspnetcore-runtime-7.0
+
+RUN git clone https://github.com/chocolatey/choco.git && \
+    cd /choco && \
+    git checkout 2.2.2 && \
+    ./build.sh && \
+    cp -r ./code_drop/temp/_PublishedApps/choco /opt/chocolatey && \
+    mkdir /opt/chocolatey/lib && \
+    cp ./docker/choco_wrapper /usr/local/bin/choco
+
+ENV ChocolateyInstall=/opt/chocolatey
+
+RUN mkdir -p /cli /sign-temp /sign-temp-disableupdates

mk-files/release.mk

@@ -71,6 +71,11 @@ else
 	GOEXPERIMENT=boringcrypto goreleaser release --clean --config .goreleaser-linux-arm64.yml
 endif
 
+.PHONY: gorelease-windows-amd64
+gorelease-windows-amd64:
+	go install github.com/goreleaser/goreleaser@$(GORELEASER_VERSION) && \
+	GOEXPERIMENT=boringcrypto goreleaser release --clean --config .goreleaser-windows.yml
+
 # This builds the Darwin, Windows and Linux binaries using goreleaser on the host computer. Goreleaser takes care of uploading the resulting binaries/archives/checksums to S3.
 .PHONY: gorelease
 gorelease:

scripts/build_windows.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+function cleanup {
+  shred --force --remove --zero --iterations=10 CLIEVCodeSigningCertificate2.pfx
+  rm -rf vendor
+}
+trap cleanup EXIT
+
+trap "exit 1" ERR
+
+az login
+az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEVCodeSigningCertificate2 --subscription cc-prod --vault-name CLICodeSigningKeyVault --encoding base64
+
+go mod vendor
+
+# Build windows/amd64
+docker build . --file ./docker/Dockerfile_windows_amd64 --tag cli-windows-amd64-builder-image --secret id=CLIEVCodeSigningCertificate2.pfx,src=CLIEVCodeSigningCertificate2.pfx
+docker container create --name cli-windows-amd64-builder cli-windows-amd64-builder-image
+docker container cp cli-windows-amd64-builder:/cli/prebuilt/. ./prebuilt/
+docker container rm cli-windows-amd64-builder