diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml index a2567f1e..bd6b07c9 100644 --- a/.github/workflows/container-build.yml +++ b/.github/workflows/container-build.yml @@ -17,6 +17,9 @@ on: description: Build a container image for this git tag required: true +permissions: + packages: write # ghcr access + env: # GitHub Container Registry hostname GHCR_HOSTNAME: ghcr.io @@ -26,11 +29,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout the latest SHA for this branch - uses: actions/checkout@v2 + uses: actions/checkout@v4 if: github.event_name != 'workflow_dispatch' - name: Checkout the specified tag - uses: actions/checkout@v2 + uses: actions/checkout@v4 if: github.event_name == 'workflow_dispatch' with: ref: ${{ github.event.inputs.tag }} @@ -43,38 +46,45 @@ jobs: git checkout origin/master -- Dockerfile fi - - name: Build and cache first build stage - # update the first stage cache only when pushing to or tagging main - if: github.event_name == 'push' - uses: docker/build-push-action@v1 - env: - # use BuildKit to speed up builds and improve caching - DOCKER_BUILDKIT: 1 + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Prepare + id: prep + run: | + VERSION="${{ github.event.inputs.tag }}" + if [[ $GITHUB_REF == refs/tags/* ]]; then + VERSION="${GITHUB_REF/refs\/tags\//}" + fi + if [[ -z "$VERSION" ]]; then + VERSION="ref-${GITHUB_SHA::8}" + fi + echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT + + - name: Generate images meta + id: meta + uses: docker/metadata-action@v5 with: - username: ${{ github.repository_owner }} - password: ${{ secrets.CR_PAT }} - registry: ${{ env.GHCR_HOSTNAME }} - repository: ${{ github.repository }} - target: build - tags: build - build_args: BUILDKIT_INLINE_CACHE=1 - cache_froms: ${{ env.GHCR_HOSTNAME }}/${{ github.repository }}:build + images: | + ${{ env.GHCR_HOSTNAME }}/${{ github.repository }} + tags: | + type=raw,value=${{ steps.prep.outputs.VERSION }} - name: Build the container image - uses: docker/build-push-action@v1 - env: - # use BuildKit to speed up builds and improve caching - DOCKER_BUILDKIT: 1 + uses: docker/build-push-action@v5 with: - username: ${{ github.repository_owner }} - password: ${{ secrets.CR_PAT }} - registry: ${{ env.GHCR_HOSTNAME }} - repository: ${{ github.repository }} - # auto create the tag if we're in a push/pull_request - tag_with_ref: ${{ github.event_name != 'workflow_dispatch' }} - # this will add the proper tag if we're in workflow_dispatch - tags: ${{ github.event.inputs.tag }} - build_args: BUILDKIT_INLINE_CACHE=1 - cache_froms: > - ${{ env.GHCR_HOSTNAME }}/${{ github.repository }}:build, - ${{ env.GHCR_HOSTNAME }}/${{ github.repository }}:latest + push: ${{ github.event.inputs.tag != '' || startsWith(github.event.push.ref, 'refs/tags/') }} + builder: ${{ steps.buildx.outputs.name }} + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml index 0e1d8a24..a83d89ca 100644 --- a/.github/workflows/contributors.yml +++ b/.github/workflows/contributors.yml @@ -7,7 +7,7 @@ jobs: contributors: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - uses: wow-actions/contributors-list@v1 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -26,10 +26,10 @@ jobs: - name: Create Pull Request - uses: peter-evans/create-pull-request@v3 + uses: peter-evans/create-pull-request@v6 with: - commit-message: '[Chore] Update Contributors SVG' - title: '[Chore] Update Contributors SVG' + commit-message: "[Chore] Update Contributors SVG" + title: "[Chore] Update Contributors SVG" delete-branch: true assignees: dmattia - reviewers: dmattia \ No newline at end of file + reviewers: dmattia diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 12de1fee..317c8385 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,24 +12,21 @@ jobs: steps: # Install golang - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v5 with: - go-version: '^1.16' - - # Install external go modules before cloning - - run: go install github.com/laher/goxc@latest + go-version: "^1.21" # Checkout code - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 # Install golang deps, using a cache - - uses: actions/cache@v2 + - uses: actions/cache@v4 with: path: ~/go/pkg/mod - key: ubuntu-latest-1.16-go-${{ hashFiles('**/go.sum') }} + key: ubuntu-latest-1.21-go-${{ hashFiles('**/go.sum') }} restore-keys: | - ubuntu-latest-1.16-go- - + ubuntu-latest-1.21-go- + # build binaries for all supported environments - run: sudo apt update && sudo apt install -y make - run: make build-all @@ -37,19 +34,19 @@ jobs: # Create the binary checksums - name: Get the version id: get_version - run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/v} - - name: Create checksums - run: | - readonly BUILD_DIR="build/${{ steps.get_version.outputs.VERSION }}" - find "$BUILD_DIR" -type f -exec sha256sum {} + | awk -v build_dir="$BUILD_DIR" '{sub("^"build_dir"/", ""); print $1, $2}' > SHA256SUMS - find "$BUILD_DIR" -type f -exec sha512sum {} + | awk -v build_dir="$BUILD_DIR" '{sub("^"build_dir"/", ""); print $1, $2}' > SHA512SUMS + run: echo VERSION=${GITHUB_REF#refs/tags/v} >> $GITHUB_OUTPUT + - uses: jmgilman/actions-generate-checksum@24a35957fba81c6cbaefeb1e3d59ee56e3db5077 + id: checksums + with: + patterns: "build/${{ steps.get_version.outputs.VERSION }}/*" + method: sha512 + output: checksums.txt # Create the release - - uses: "marvinpinto/action-automatic-releases@latest" + - uses: "marvinpinto/action-automatic-releases@d68defdd11f9dcc7f52f35c1b7c236ee7513bcc1" with: repo_token: "${{ secrets.GITHUB_TOKEN }}" prerelease: false files: | build/${{ steps.get_version.outputs.VERSION }}/* - SHA256SUMS - SHA512SUMS + checksums.txt diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml index 5d381c75..ee127cd6 100644 --- a/.github/workflows/run_tests.yml +++ b/.github/workflows/run_tests.yml @@ -6,19 +6,19 @@ jobs: strategy: matrix: os: [ubuntu-latest, windows-latest] - golang-version: [1.13, 1.14, 1.15, 1.16, 1.17] + golang-version: ["1.21"] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v2 - - name: Setup golang v${{ matrix.golang-version }} - uses: actions/setup-go@v2 + - uses: actions/checkout@v4 + - name: Setup golang + uses: actions/setup-go@v5 with: go-version: "^${{ matrix.golang-version }}" - - uses: actions/cache@v2 + - uses: actions/cache@v4 with: path: ~/go/pkg/mod key: ${{ matrix.os }}-${{ matrix.golang-version }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ matrix.os }}-${{ matrix.golang-version }}-go- - run: mkdir cmd/test_artifacts - - run: go test -v ./... + - run: go test -v -cover ./... diff --git a/Dockerfile b/Dockerfile index b60e4ed4..e76400a8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ -FROM golang AS build +ARG GO_VERSION=1.21 +FROM golang:${GO_VERSION} AS build -ENV GO111MODULE=on WORKDIR /app # copy source @@ -11,7 +11,8 @@ RUN go mod download # build the executable COPY cmd ./cmd -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build +ENV CGO_ENABLED=0 +RUN go build # create super thin container with the binary only FROM scratch diff --git a/Makefile b/Makefile index 47606911..02ab9bfd 100644 --- a/Makefile +++ b/Makefile @@ -1,37 +1,44 @@ -VERSION=1.17.4 +VERSION=1.21.6 PATH_BUILD=build/ FILE_COMMAND=terragrunt-atlantis-config -FILE_ARCH=darwin_amd64 -S3_BUCKET_NAME=cloudfront-origin-homebrew-tap-transcend-io -PROFILE=transcend-prod +FILE_ARCH=$(shell go env GOOS)_$(shell go env GOARCH) # Determine the arch/os combos we're building for -XC_ARCH=amd64 arm +XC_ARCH=amd64 arm64 XC_OS=linux darwin windows .PHONY: clean clean: rm -rf ./build - rm -rf '$(HOME)/bin/$(FILE_COMMAND)' + rm -rf "$(HOME)/.local/bin/$(FILE_COMMAND)" .PHONY: build build: clean CGO_ENABLED=0 \ - goxc \ - -bc="darwin,amd64" \ - -pv=$(VERSION) \ - -d=$(PATH_BUILD) \ - -build-ldflags "-X main.VERSION=$(VERSION)" + go build \ + -trimpath \ + -mod=readonly \ + -modcacherw \ + -ldflags "-X main.VERSION=$(VERSION)" \ + -o $(PATH_BUILD)$(VERSION)/$(FILE_COMMAND)_$(VERSION)_$(FILE_ARCH) .PHONY: build-all build-all: clean - CGO_ENABLED=0 \ - goxc \ - -os="$(XC_OS)" \ - -arch="$(XC_ARCH)" \ - -pv=$(VERSION) \ - -d=$(PATH_BUILD) \ - -build-ldflags "-X main.VERSION=$(VERSION)" + for arch in $(XC_ARCH); do \ + for os in $(XC_OS); do \ + echo "Building for '$$os/$$arch'" ; \ + ext="" ; [ "$$os" = "windows" ] && ext=".exe" ; \ + CGO_ENABLED=0 \ + GOARCH=$$arch \ + GOOS=$$os \ + go build \ + -trimpath \ + -mod=readonly \ + -modcacherw \ + -ldflags "-X main.VERSION=$(VERSION)" \ + -o $(PATH_BUILD)$(VERSION)/$(FILE_COMMAND)_$(VERSION)_$${os}_$${arch}$${ext} ; \ + done \ + done .PHONY: gotestsum gotestsum: @@ -51,10 +58,10 @@ version: .PHONY: sign sign: build-all - rm -f $(PATH_BUILD)${VERSION}/SHA256SUMS - shasum -a256 $(PATH_BUILD)${VERSION}/* > $(PATH_BUILD)${VERSION}/SHA256SUMS + rm -f $(PATH_BUILD)$(VERSION)/SHA256SUMS + shasum -a256 $(PATH_BUILD)$(VERSION)/* > $(PATH_BUILD)$(VERSION)/SHA256SUMS .PHONY: install install: - install -d -m 755 '$(HOME)/bin/' - install $(PATH_BUILD)$(FILE_COMMAND)/$(VERSION)/$(FILE_COMMAND)_$(VERSION)_$(FILE_ARCH) '$(HOME)/bin/$(FILE_COMMAND)' + install -d -m 755 '$(HOME)/.local/bin/' + install $(PATH_BUILD)$(VERSION)/$(FILE_COMMAND)_$(VERSION)_$(FILE_ARCH) '$(HOME)/.local/bin/$(FILE_COMMAND)'