diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6d61b02b..1959f69f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,13 +1,12 @@ -name: Build CLI Developer Snapshot +name: Build on: - pull_request: push: - tags-ignore: - - 'v*.*.*' + branches: [main] + pull_request: jobs: - build-cli: + build: runs-on: macos-latest steps: - name: Checkout @@ -18,32 +17,11 @@ jobs: with: go-version: "1.21" - - name: Print Go Version - run: go version - - - name: Import GPG key - id: import_gpg - uses: crazy-max/ghaction-import-gpg@v6 - with: - gpg_private_key: ${{ secrets.GPG_KEY }} - - - name: Decrypt Secrets - env: - SECRETS_PASSWORD: ${{ secrets.SECRETS_PASSWORD }} - run: bash script/decrypt_secrets.sh - - - name: Install gon - run: | - wget https://github.com/mitchellh/gon/releases/download/v0.2.5/gon_macos.zip - unzip gon_macos.zip - mv gon /usr/local/bin/gon - chmod +x /usr/local/bin/gon - - name: Run GoReleaser uses: goreleaser/goreleaser-action@v5 with: version: latest - args: release --clean --snapshot --skip-sign --parallelism=2 + args: release --clean --snapshot --skip=sign --parallelism=2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 00c3149d..85f172ed 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,16 +1,12 @@ -name: Continuous Integration +name: CI on: push: - tags: - - v* - branches: - - main + branches: [main] pull_request: jobs: - build: - name: Build + lint: runs-on: ubuntu-latest steps: - name: Checkout @@ -21,27 +17,27 @@ jobs: with: go-version: "1.21" - - name: Run go fmt + - name: Run gofmt run: diff -u <(echo -n) <(gofmt -d -s .) - - name: Run tests - run: | - go test -v \ - -race \ - ./... - - lint: - name: Lint - runs-on: ubuntu-latest - steps: - - uses: actions/setup-go@v4 - with: - go-version: "1.21" - - uses: actions/checkout@v4 - - name: golangci-lint + - name: Run golangci-lint uses: golangci/golangci-lint-action@v3 with: # Required: the version of golangci-lint is required and must be specified with patch version version: v1.54.2 # In general linting is quite fast with warm caches, but a fresh run might take some time. - args: --timeout 5m \ No newline at end of file + args: --timeout 5m + + test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: "1.21" + + - name: Run tests + run: go test -v -race ./... diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index cac12c95..4bf47f76 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -1,8 +1,8 @@ +name: Release-please + on: push: - branches: - - main -name: release-please + branches: [main] jobs: release-please: diff --git a/.github/workflows/release_on_tag.yml b/.github/workflows/release.yml similarity index 71% rename from .github/workflows/release_on_tag.yml rename to .github/workflows/release.yml index db8ea38a..c211055c 100644 --- a/.github/workflows/release_on_tag.yml +++ b/.github/workflows/release.yml @@ -1,12 +1,12 @@ -name: Release CLI Version on tag +name: Release on: push: tags: - - 'v*.*.*' + - "v*.*.*" jobs: - release-cli: + release: runs-on: macos-latest steps: - name: Checkout @@ -17,8 +17,8 @@ jobs: with: go-version: "1.21" - - name: Print Go Version - run: go version + - name: Install gon + run: brew install mitchellh/gon/gon - name: Import GPG key id: import_gpg @@ -31,18 +31,11 @@ jobs: SECRETS_PASSWORD: ${{ secrets.SECRETS_PASSWORD }} run: bash script/decrypt_secrets.sh - - name: Install gon - run: | - wget https://github.com/mitchellh/gon/releases/download/v0.2.5/gon_macos.zip - unzip gon_macos.zip - mv gon /usr/local/bin/gon - chmod +x /usr/local/bin/gon - - name: Run GoReleaser uses: goreleaser/goreleaser-action@v5 with: version: latest - args: release --clean --skip-validate --parallelism=2 + args: release --clean --skip=validate --parallelism=2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} HC_APPLE_DEVELOPER_USER: ${{ secrets.HC_APPLE_DEVELOPER_USER }} diff --git a/.goreleaser.yml b/.goreleaser.yml index 6e77d582..9d09e407 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -37,9 +37,7 @@ builds: - arm64 hooks: post: - - env: - - GON_SOURCE={{ .Path }} - cmd: gon -log-level=debug gon.hcl + - cmd: bash script/gon.sh "{{ .Path }}" output: true checksum: @@ -53,12 +51,12 @@ signs: ids: - hcloud-build - hcloud-build-darwin - args: - - --batch - - --local-user=github-bot@hetzner-cloud.de - - --pinentry-mode=loopback - - --output=${signature} - - --detach-sign=${artifact} + args: + - --batch + - --local-user=github-bot@hetzner-cloud.de + - --pinentry-mode=loopback + - --output=${signature} + - --detach-sign=${artifact} archives: - id: hcloud-archive diff --git a/gon.hcl b/gon.hcl deleted file mode 100644 index 38c3bd73..00000000 --- a/gon.hcl +++ /dev/null @@ -1,11 +0,0 @@ -source = ["@env:GON_SOURCE"] -bundle_id = "cloud.hetzner.cli" - -apple_id { - username = "integrations@hetzner-cloud.de" - password = "@env:HC_APPLE_DEVELOPER_PASSWORD" -} - -sign { - application_identity = "Developer ID Application: Hetzner Cloud GmbH (4PM38G6W5R)" -} diff --git a/script/gon.sh b/script/gon.sh new file mode 100644 index 00000000..2e3194e8 --- /dev/null +++ b/script/gon.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +set -eu + +# Only sign on releasing +if [[ "${GITHUB_REF_TYPE:-}" != "tag" ]]; then + exit 0 +fi + +BINARY_PATH="$1" + +GON_CONFIG=$(mktemp gon_XXXX.json) +cleanup() { + rm -f "$GON_CONFIG" +} +trap cleanup EXIT + +printf '{ + "source": ["%s"], + "bundle_id": "cloud.hetzner.cli", + "apple_id": { + "username": "integrations@hetzner-cloud.de", + "password": "@env:HC_APPLE_DEVELOPER_PASSWORD" + }, + "sign": { + "application_identity": "Developer ID Application: Hetzner Cloud GmbH (4PM38G6W5R)" + } +}' "$BINARY_PATH" > "$GON_CONFIG" + +gon -log-level=debug "$GON_CONFIG"