diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..49bce944 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,247 @@ +name: Create Release & Upload Assets + +on: + push: + # Sequence of patterns matched against refs/tags + tags: + - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10 + +jobs: + lintTestBuild: + name: Lint, Test, Build + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Setup Go + uses: actions/setup-go@v2 + with: + go-version: '^1.15.6' + - name: Lint, Test, Build + id: lintTestBuild + run: V=1 make -j1 bootstrap travis + + create_release: + name: Create Release + runs-on: ubuntu-latest + needs: lintTestBuild + outputs: + version: ${{ steps.extract-tag.outputs.VERSION }} + vversion: ${{ steps.extract-tag.outputs.VVERSION }} + upload_url: ${{ steps.create_release.outputs.upload_url }} + is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }} + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Extract Tag Names + id: extract-tag + run: | + VVERSION=${GITHUB_REF#refs/tags/} + VERSION=${GITHUB_REF#refs/tags/v} + echo "::set-output name=VVERSION::${VVERSION}" + echo "::set-output name=VERSION::${VERSION}" + - name: Is Pre-release + id: is_prerelease + run: | + set +e + echo ${{ github.ref }} | grep "\-rc.*" + OUT=$? + if [ $OUT -eq 0 ]; then IS_PRERELEASE=true; else IS_PRERELEASE=false; fi + echo "::set-output name=IS_PRERELEASE::${IS_PRERELEASE}" + - name: Create Release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ github.ref }} + release_name: Release ${{ github.ref }} + draft: false + prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }} + + build_upload_github_assets: + name: Build & Upload Mac OS | Linux | Windows Assets To Github Release + runs-on: ubuntu-latest + needs: create_release + steps: + - + name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - + name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: 1.16 + - + name: Run GoReleaser + uses: goreleaser/goreleaser-action@56f5b77f7fa4a8fe068bf22b732ec036cc9bc13f # v2.4.1 + with: + version: latest + args: release --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.PAT }} + + # build_upload_docker: + # name: Build & Upload Docker Images + # runs-on: ubuntu-latest + # needs: create_release + # if: needs.create_release.outputs.is_prerelease == 'false' + # steps: + # - name: Checkout + # uses: actions/checkout@v2 + # - name: Setup Go + # uses: actions/setup-go@v2 + # with: + # go-version: '^1.15.6' + # - name: Build + # id: build + # run: | + # PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin + # make docker-artifacts + # env: + # DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + # DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + # + # build_upload_aws_s3_binaries: + # name: Build & Upload AWS S3 Binaries + # runs-on: ubuntu-latest + # needs: create_release + # if: needs.create_release.outputs.is_prerelease == 'false' + # steps: + # - name: Checkout + # uses: actions/checkout@v2 + # - name: Setup Go + # uses: actions/setup-go@v2 + # with: + # go-version: '^1.15.6' + # - name: Build + # id: build + # run: | + # PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin + # make -j1 binary-linux binary-darwin binary-windows + # mkdir -p ./.releases + # cp ./output/binary/linux/bin/step ./.releases/step-linux-${{ needs.create_release.outputs.version }} + # cp ./output/binary/linux/bin/step ./.releases/step-linux-latest-integration + # cp ./output/binary/darwin/bin/step ./.releases/step-darwin-${{ needs.create_release.outputs.version }} + # cp ./output/binary/windows/bin/step ./.releases/step-windows-${{ needs.create_release.outputs.version }}.exe + # - name: Upload s3 + # id: upload-s3 + # uses: jakejarvis/s3-sync-action@v0.5.1 + # with: + # args: --acl public-read --follow-symlinks + # env: + # AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # AWS_REGION: us-east-1 + # SOURCE_DIR: ./.releases + # + # upload_windows_installer: + # name: Upload Windows Installer + # runs-on: ubuntu-latest + # needs: create_release + # if: needs.create_release.outputs.is_prerelease == 'false' + # steps: + # - name: Checkout + # uses: actions/checkout@v2 + # - name: Download Existing Installer + # id: download + # uses: prewk/s3-cp-action@v0.1.1 + # env: + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # AWS_REGION: us-east-1 + # SOURCE: s3://${{ secrets.AWS_s3_BUCKET }}/install-step.ps1 + # DEST: ./install-step.ps1 + # - name: Modify Installer + # id: modify + # run: sed -i -e "s~step-windows-.*.exe~step-windows-foo.exe~g" ./install-step.ps1 + # - name: Upload and Overwrite + # id: upload + # uses: prewk/s3-cp-action@v0.1.1 + # with: + # args: --acl public-read --follow-symlinks + # env: + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # AWS_REGION: us-east-1 + # DEST: s3://${{ secrets.AWS_s3_BUCKET }}/install-step.ps1 + # SOURCE: ./install-step.ps1 + # + # update_arch: + # name: Update Arch Linux Packager + # runs-on: ubuntu-latest + # needs: [create_release, build_upload_github_assets] + # if: needs.create_release.outputs.is_prerelease == 'false' + # steps: + # - name: Checkout + # uses: actions/checkout@v2 + # - name: Calculate New SHAs + # id: calculate-shas + # run: | + # PKG=step-cli-bin + # VVER=${{ needs.create_release.outputs.vversion }} + # VER=${{ needs.create_release.outputs.version }} + # ARM64_URL="https://github.com/smallstep/cli/releases/download/${VVER}/step_linux_${VER}_arm64.tar.gz" + # AMD64_URL="https://github.com/smallstep/cli/releases/download/${VVER}/step_linux_${VER}_amd64.tar.gz" + # # Get arm64 SHA for step-cli + # curl -o "${PKG}-arm64.tar.gz" -J -L -s --show-error -f "${ARM64_URL}" + # ARM64_SHA="$(shasum -a 256 "${PKG}-arm64.tar.gz" | awk '{printf $1}')" + # # Get amd64 SHA for step-cli + # curl -o "${PKG}-amd64.tar.gz" -J -L -s --show-error -f "${AMD64_URL}" + # AMD64_SHA="$(shasum -a 256 "${PKG}-amd64.tar.gz" | awk '{printf $1}')" + # # Clone arch linux step-cli-bin repo + # echo "${{ secrets.ARCH_SSH_KEY }}" > /tmp/ssh_arch_key && chmod 0400 /tmp/ssh_arch_key + # ssh-agent bash -c 'ssh-add /tmp/ssh_arch_key; GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" git clone ssh://aur@aur.archlinux.org/step-cli-bin.git' + # cd step-cli-bin + # # Modify values in files + # sed -i -e "s/^pkgver=.*/pkgver=${VER}/" "./PKGBUILD" + # sed -i -e "s/^sha256sums_aarch64=.*/sha256sums_aarch64=(\"${ARM64_SHA}\")/" "./PKGBUILD" + # sed -i -e "s/^sha256sums_x86_64=.*/sha256sums_x86_64=(\"${AMD64_SHA}\")/" "./PKGBUILD" + # - name: Makepkg Build and Check + # id: makepkg + # uses: smallstep/pkgbuild-action@v1.0.2 + # with: + # pkgdir: ./step-cli-bin + # - name: Update ARCH Repo + # id: update + # run: | + # # Git commit and push + # cd ./step-cli-bin + # git add "./PKGBUILD" "./.SRCINFO" + # git commit -m "Update to ${{ needs.create_release.outputs.vversion }}" + # ssh-agent bash -c 'ssh-add /tmp/ssh_arch_key; GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" git push origin HEAD:master' + # + # update_reference_docs: + # name: Update Reference Docs + # runs-on: ubuntu-latest + # needs: create_release + # if: needs.create_release.outputs.is_prerelease == 'false' + # steps: + # - name: Checkout + # uses: actions/checkout@v2 + # - name: Setup Go + # uses: actions/setup-go@v2 + # with: + # go-version: '^1.15.6' + # - name: Build + # id: build + # run: make build + # - name: Checkout Docs + # uses: actions/checkout@master + # with: + # repository: smallstep/docs + # token: ${{ secrets.PAT }} + # path: './docs' + # - name: Update Reference + # id: update_refrence + # run: ./bin/step help --markdown ./docs/step-cli/reference + # - name: Push changes + # uses: ad-m/github-push-action@v0.6.0 + # with: + # github_token: ${{ secrets.PAT }} + # branch: 'master' + # directory: './docs' + # repository: 'smallstep/docs' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..3a516c7e --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,31 @@ +name: Lint, Test, Build + +on: + push: + tags-ignore: + - 'v*' + branches: + - "**" + pull_request: + +jobs: + lintTestBuild: + name: Lint, Test, Build + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Setup Go + uses: actions/setup-go@v2 + with: + go-version: '^1.15.6' + - name: Lint, Test, Build + id: lintTestBuild + run: V=1 make -j1 bootstrap all + - name: Codecov + uses: codecov/codecov-action@v1.2.1 + with: + token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos + file: ./coverage.out # optional + name: codecov-umbrella # optional + fail_ci_if_error: true # optional (default = false) diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 00000000..65f3efc7 --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,197 @@ +# This is an example .goreleaser.yml file with some sane defaults. +# Make sure to check the documentation at http://goreleaser.com +project_name: step-ca +before: + hooks: + # You may remove this if you don't use go modules. + - go mod download + # - go generate ./... +builds: + - + env: + - CGO_ENABLED=0 + goos: + - linux + - darwin + goarch: + - amd64 + - arm + - arm64 + - 386 + goarm: + - 7 + flags: + - -trimpath + main: ./cmd/step-ca/main.go + binary: bin/step + ldflags: + - -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}} + - + env: + - CGO_ENABLED=0 + goos: + - linux + - darwin + goarch: + - amd64 + - arm + - arm64 + - 386 + goarm: + - 7 + flags: + - -trimpath + main: ./cmd/step-cloudkms-init/main.go + binary: bin/step-cloudkms-init + ldflags: + - -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}} + - + env: + - CGO_ENABLED=0 + goos: + - linux + - darwin + goarch: + - amd64 + - arm + - arm64 + - 386 + goarm: + - 7 + flags: + - -trimpath + main: ./cmd/step-awskms-init/main.go + binary: bin/step-awskms-init + ldflags: + - -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}} +archives: + - + # Can be used to change the archive formats for specific GOOSs. + # Most common use case is to archive as zip on Windows. + # Default is empty. + name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Version }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}" + wrap_in_directory: "{{ .ProjectName }}_{{ .Version }}" + files: + - README.md + - LICENSE +source: + enabled: true + name_template: '{{ .ProjectName }}_{{ .Version }}' +checksum: + name_template: 'checksums.txt' +snapshot: + name_template: "{{ .Tag }}-next" +release: + # Repo in which the release will be created. + # Default is extracted from the origin remote URL or empty if its private hosted. + # Note: it can only be one: either github, gitlab or gitea + github: + owner: smallstep + name: certificates + + # IDs of the archives to use. + # Defaults to all. + #ids: + # - foo + # - bar + + # If set to true, will not auto-publish the release. + # Default is false. + #draft: true + + # If set to auto, will mark the release as not ready for production + # in case there is an indicator for this in the tag e.g. v1.0.0-rc1 + # If set to true, will mark the release as not ready for production. + # Default is false. + prerelease: auto + + # You can change the name of the release. + # Default is `{{.Tag}}` + #name_template: "{{.ProjectName}}-v{{.Version}} {{.Env.USER}}" + + # You can disable this pipe in order to not upload any artifacts. + # Defaults to false. + #disable: true + + # You can add extra pre-existing files to the release. + # The filename on the release will be the last part of the path (base). If + # another file with the same name exists, the latest one found will be used. + # Defaults to empty. + #extra_files: + # - glob: ./path/to/file.txt + # - glob: ./glob/**/to/**/file/**/* + # - glob: ./glob/foo/to/bar/file/foobar/override_from_previous +scoop: + # Template for the url which is determined by the given Token (github or gitlab) + # Default for github is "https://github.com///releases/download/{{ .Tag }}/{{ .ArtifactName }}" + # Default for gitlab is "https://gitlab.com///uploads/{{ .ArtifactUploadHash }}/{{ .ArtifactName }}" + # Default for gitea is "https://gitea.com///releases/download/{{ .Tag }}/{{ .ArtifactName }}" + url_template: "http://github.com/smallstep/certificates/releases/download/{{ .Tag }}/{{ .ArtifactName }}" + + # Repository to push the app manifest to. + bucket: + owner: smallstep + name: scoop-bucket + + # Git author used to commit to the repository. + # Defaults are shown. + commit_author: + name: goreleaserbot + email: goreleaser@smallstep.com + + # The project name and current git tag are used in the format string. + commit_msg_template: "Scoop update for {{ .ProjectName }} version {{ .Tag }}" + + # Your app's homepage. + # Default is empty. + homepage: "https://smallstep.com/docs/step-ca" + + # Skip uploads for prerelease. + skip_upload: auto + + # Your app's description. + # Default is empty. + description: "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH." + + # Your app's license + # Default is empty. + license: "Apache-2.0" + + #dockers: + # - dockerfile: docker/Dockerfile + # goos: linux + # goarch: amd64 + # use_buildx: true + # image_templates: + # - "smallstep/step-cli:latest" + # - "smallstep/step-cli:{{ .Tag }}" + # build_flag_templates: + # - "--platform=linux/amd64" + # - dockerfile: docker/Dockerfile + # goos: linux + # goarch: 386 + # use_buildx: true + # image_templates: + # - "smallstep/step-cli:latest" + # - "smallstep/step-cli:{{ .Tag }}" + # build_flag_templates: + # - "--platform=linux/386" + # - dockerfile: docker/Dockerfile + # goos: linux + # goarch: arm + # goarm: 7 + # use_buildx: true + # image_templates: + # - "smallstep/step-cli:latest" + # - "smallstep/step-cli:{{ .Tag }}" + # build_flag_templates: + # - "--platform=linux/arm/v7" + # - dockerfile: docker/Dockerfile + # goos: linux + # goarch: arm64 + # use_buildx: true + # image_templates: + # - "smallstep/step-cli:latest" + # - "smallstep/step-cli:{{ .Tag }}" + # build_flag_templates: + # - "--platform=linux/arm64/v8" diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index fcf73d2d..00000000 --- a/.travis.yml +++ /dev/null @@ -1,37 +0,0 @@ -language: go -os: linux -dist: focal -services: - - docker -go: - - 1.14.x -addons: - apt: - packages: - - debhelper - - fakeroot - - bash-completion - - libpcsclite-dev -env: - global: - - V=1 -before_script: - - make bootstrap -script: - - make travis - - make artifacts -after_success: - - bash <(curl -s https://codecov.io/bash) -t "$CODECOV_TOKEN" || echo "Codecov did - not collect coverage reports" -notifications: - email: false -deploy: - provider: releases - skip_cleanup: true - token: - secure: EVV43Vkqn67hhKGYn4WhQp2YO6KFmUDSkLXjYXYGX07Fm8p5KjRFBPOz9LV83QrvVmLigvg0CtR8Jqqcnq2SUhus3nhZaN2g19NhMypZLioyOVP0kAkas8ocuvxkwz3YxIK/yMrmTKbQ7JGXtbc8IjAox9ovNo1fFIQmVMAzPfu++OWBJ0j+gUqKtpaNA7gzsSv8UOw3/T3hNm6E1IbpWxl9BPSOzUOE9F/QOThANzifGfdxvqNJFkAgqu5DVPz8zQNbMrz4zH+KwASKxd6hjhzSSMzouKzOEHTA/elDCHEjke0Jos29MkGWHcIydLtCD95DGecqM8BFSC9f2acHDjmUO1rdfoLA3Pt+UiZJuTwyQm/jrHHhRnH8oJpK15G5LvxSqzY9YDWpAk38+jMw/udW6wt7BGAU8FEXLbq0bsFL3yfTepeWjmzT5WS0YXdiBz2SEK+Og9R2bSdtl4owghRzKNio5DNPuYAbqbpi+jqzqQVLj27x7LWoQ0MHvZcz9U+oO00r6M1tDCmFVRdtfgb2H+MIDY69qYGo5qoGMfH1btCWR8bA9wSYB/Z7hW/xZT9r7f/d5/P40k8yKINmTZqyUTQeplrE3y4BPVzKksclczBZa67syIUQ49I35QppnH4GFQHUwlra7r3W9zfZRvaLnp5qOIKAQe3MAIZqtLg= - file_glob: true - file: .travis-releases/* - on: - repo: smallstep/certificates - tags: true