Merge pull request #697 from smallstep/max/deb-checksum

Add deb checksum, add golang 1.17 for tests, build with golang 1.17

.github/workflows/release.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-20.04
     strategy:
       matrix:
-        go: [ '1.15', '1.16' ]
+        go: [ '1.15', '1.16', '1.17' ]
     outputs:
       is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
     steps:
@@ -99,10 +99,23 @@ jobs:
         name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.16
+          go-version: 1.17
+      -
+        name: APT Install
+        id: aptInstall
+        run: sudo apt-get -y install build-essential debhelper fakeroot
+      -
+        name: Build Debian package
+        id: make_debian
+        run: |
+          PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin
+          make debian
+          # need to restore the git state otherwise goreleaser fails due to dirty state
+          git restore debian/changelog
+          git clean -fd
       -
         name: Install cosign
-        uses: sigstore/cosign-installer@main
+        uses: sigstore/cosign-installer@v1.1.0
         with:
           cosign-release: 'v1.1.0'
       -
@@ -119,40 +132,6 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.PAT }}
           COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
 
-  release_deb:
-    name: Build & Upload Debian Package To Github
-    runs-on: ubuntu-20.04
-    needs: create_release
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      -
-        name: Set up Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: '1.16'
-      -
-        name: APT Install
-        id: aptInstall
-        run: sudo apt-get -y install build-essential debhelper fakeroot
-      -
-        name: Build Debian package
-        id: build
-        run: |
-          PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin
-          make debian
-      -
-        name: Upload Debian Package
-        id: upload_deb
-        run: |
-          tag_name="${GITHUB_REF##*/}"
-          hub release edit $(find ./.releases -type f -printf "-a %p ") -m "" "$tag_name"
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
   build_upload_docker:
     name: Build & Upload Docker Images
     runs-on: ubuntu-20.04
@@ -165,10 +144,10 @@ jobs:
         name: Setup Go
         uses: actions/setup-go@v2
         with:
-          go-version: '1.16'
+          go-version: '1.17'
       -
         name: Install cosign
-        uses: sigstore/cosign-installer@main
+        uses: sigstore/cosign-installer@v1.1.0
         with:
           cosign-release: 'v1.1.0'
       -

.github/workflows/test.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-20.04
     strategy:
       matrix:
-        go: [ '1.15', '1.16' ]
+        go: [ '1.15', '1.16', '1.17' ]
     steps:
       -
         name: Checkout

.gitignore

@@ -14,8 +14,8 @@
 
 # Others
 *.swp
-.travis-releases
+.releases
 coverage.txt
-vendor
 output
+vendor
 .idea

.goreleaser.yml

@@ -1,10 +1,12 @@
 # This is an example .goreleaser.yml file with some sane defaults.
 # Make sure to check the documentation at http://goreleaser.com
 project_name: step-ca
+
 before:
   hooks:
     # You may remove this if you don't use go modules.
     - go mod download
+
 builds:
   -
     id: step-ca
@@ -93,6 +95,7 @@ builds:
     binary: bin/step-awskms-init
     ldflags:
       - -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
+
 archives:
   -
     # Can be used to change the archive formats for specific GOOSs.
@@ -106,18 +109,25 @@ archives:
     files:
       - README.md
       - LICENSE
+
 source:
   enabled: true
   name_template: '{{ .ProjectName }}_{{ .Version }}'
+
 checksum:
   name_template: 'checksums.txt'
+  extra_files:
+    - glob: ./.releases/*
+
 signs:
 - cmd: cosign
   stdin: '{{ .Env.COSIGN_PWD }}'
   args: ["sign-blob", "-key=/tmp/cosign.key", "-output=${signature}", "${artifact}"]
   artifacts: all
+
 snapshot:
   name_template: "{{ .Tag }}-next"
+
 release:
   # Repo in which the release will be created.
   # Default is extracted from the origin remote URL or empty if its private hosted.
@@ -154,6 +164,8 @@ release:
   # The filename on the release will be the last part of the path (base). If
   # another file with the same name exists, the latest one found will be used.
   # Defaults to empty.
+  extra_files:
+    - glob: ./.releases/*
   #extra_files:
   #  - glob: ./path/to/file.txt
   #  - glob: ./glob/**/to/**/file/**/*

CHANGELOG.md

@@ -6,12 +6,15 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased - 0.17.3] - DATE
 ### Added
+- go 1.17 to github action test matrix
 ### Changed
+- Using go 1.17 for binaries
 ### Deprecated
 ### Removed
 ### Fixed
 ### Security
 - Use cosign to sign and upload signatures for multi-arch Docker container.
+- Add debian checksum
 
 ## [0.17.2] - 08.30.2021
 ### Added

kms/pkcs11/benchmark_test.go

@@ -1,3 +1,4 @@
+//go:build cgo
 // +build cgo
 
 package pkcs11

kms/pkcs11/opensc_test.go

@@ -1,3 +1,4 @@
+//go:build opensc
 // +build opensc
 
 package pkcs11

kms/pkcs11/other_test.go

@@ -1,3 +1,4 @@
+//go:build cgo && !softhsm2 && !yubihsm2 && !opensc
 // +build cgo,!softhsm2,!yubihsm2,!opensc
 
 package pkcs11

kms/pkcs11/pkcs11.go

@@ -1,3 +1,4 @@
+//go:build cgo
 // +build cgo
 
 package pkcs11

kms/pkcs11/pkcs11_no_cgo.go

@@ -1,3 +1,4 @@
+//go:build !cgo
 // +build !cgo
 
 package pkcs11

kms/pkcs11/pkcs11_test.go

@@ -1,3 +1,4 @@
+//go:build cgo
 // +build cgo
 
 package pkcs11

kms/pkcs11/setup_test.go

@@ -1,3 +1,4 @@
+//go:build cgo
 // +build cgo
 
 package pkcs11

kms/pkcs11/softhsm2_test.go

@@ -1,3 +1,4 @@
+//go:build cgo && softhsm2
 // +build cgo,softhsm2
 
 package pkcs11

kms/pkcs11/yubihsm2_test.go

@@ -1,3 +1,4 @@
+//go:build cgo && yubihsm2
 // +build cgo,yubihsm2
 
 package pkcs11

kms/yubikey/yubikey.go

@@ -1,3 +1,4 @@
+//go:build cgo
 // +build cgo
 
 package yubikey

kms/yubikey/yubikey_no_cgo.go

@@ -1,3 +1,4 @@
+//go:build !cgo
 // +build !cgo
 
 package yubikey