chore(ci): add release workflow

Siddhant-K-code · Jun 12, 2023 · 4f0f384 · 4f0f384
1 parent eff897e
commit 4f0f384
Show file tree

Hide file tree

Showing 4 changed files with 190 additions and 0 deletions.
diff --git a/.dockerignore b/.dockerignore
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -56,3 +56,56 @@ jobs:
 
     - name: Build
       run: make build
+
+  release:
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/v')
+    needs: [lint,audit,test]
+    permissions:
+      contents: write
+      packages: write # publish a new github release
+      id-token: write # needed for keyless signing
+    steps:
+      - name: Extract Version from Tag
+        id: tag_name
+        run: |
+          echo "current_version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
+        shell: bash
+
+      - name: Checkout
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        with:
+          go-version-file: './go.mod'
+          cache-dependency-path: './go.sum'
+          check-latest: true
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - uses: sigstore/cosign-installer@dd6b2e2b610a11fd73dd187a43d57cc1394e35f9 # v3.0.5
+      - uses: anchore/sbom-action/download-syft@422cb34a0f8b599678c41b21163ea6088edb2624 # v0.14.1
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean --config .goreleaser.yaml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
+
+      - name: Update Docker Hub Description
+        uses: peter-evans/dockerhub-description@579f64ca0abced29dbbc44ab4c6a0b9e33ab3588 # v3.4.1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          repository: openfga/cli
+          short-description: ${{ github.event.repository.description }}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -0,0 +1,126 @@
+project_name: fga-cli
+
+builds:
+  -
+    main: ./main.go
+    binary: fga
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+    ldflags:
+      - "-s -w"
+      - "-X github.com/openfga/cli/internal/build.Version=v{{ .Version }}"
+      - "-X github.com/openfga/cli/internal/build.Commit={{.Commit}}"
+      - "-X github.com/openfga/cli/internal/build.Date={{.Date}}"
+
+dockers:
+  - goos: linux
+    goarch: amd64
+
+    dockerfile: Dockerfile
+
+    image_templates:
+      - "openfga/cli:latest-amd64"
+      - "openfga/cli:{{ .Tag }}-amd64"
+      - "openfga/cli:v{{ .Version }}-amd64"
+      - "openfga/cli:v{{ .Major }}-amd64"
+      - "openfga/cli:v{{ .Major }}.{{ .Minor }}-amd64"
+      - "openfga/cli:v{{ .Major }}.{{ .Minor }}.{{ .Patch }}-amd64"
+
+    use: buildx
+    build_flag_templates:
+      - "--platform=linux/amd64"
+
+  - goos: linux
+    goarch: arm64
+
+    dockerfile: Dockerfile
+
+    image_templates:
+      - "openfga/cli:latest-arm64"
+      - "openfga/cli:{{ .Tag }}-arm64"
+      - "openfga/cli:v{{ .Version }}-arm64"
+      - "openfga/cli:v{{ .Major }}-arm64"
+      - "openfga/cli:v{{ .Major }}.{{ .Minor }}-arm64"
+      - "openfga/cli:v{{ .Major }}.{{ .Minor }}.{{ .Patch }}-arm64"
+
+    use: buildx
+
+    build_flag_templates:
+      - "--platform=linux/arm64"
+
+docker_manifests:
+  - name_template: openfga/cli:latest
+    image_templates:
+      - openfga/cli:latest-amd64
+      - openfga/cli:latest-arm64
+  - name_template: openfga/cli:v{{ .Version }}
+    image_templates:
+      - openfga/cli:v{{ .Version }}-amd64
+      - openfga/cli:v{{ .Version }}-arm64
+  - name_template: openfga/cli:v{{ .Major }}
+    image_templates:
+      - openfga/cli:v{{ .Major }}-amd64
+      - openfga/cli:v{{ .Major }}-arm64
+  - name_template: openfga/cli:v{{ .Major }}.{{ .Minor }}
+    image_templates:
+      - openfga/cli:v{{ .Major }}.{{ .Minor }}-amd64
+      - openfga/cli:v{{ .Major }}.{{ .Minor }}-arm64
+  - name_template: openfga/cli:v{{ .Major }}.{{ .Minor }}.{{ .Patch }}
+    image_templates:
+      - openfga/cli:v{{ .Major }}.{{ .Minor }}.{{ .Patch }}-amd64
+      - openfga/cli:v{{ .Major }}.{{ .Minor }}.{{ .Patch }}-arm64
+
+release:
+  github:
+    owner: openfga
+    name: cli
+
+sboms:
+  - artifacts: archive
+
+signs:
+- cmd: cosign
+  env:
+  - COSIGN_EXPERIMENTAL=1
+  certificate: '${artifact}.pem'
+  args:
+    - sign-blob
+    - '--output-certificate=${certificate}'
+    - '--output-signature=${signature}'
+    - '${artifact}'
+    - "--yes" # needed on cosign 2.0.0+
+  artifacts: checksum
+  output: true
+
+docker_signs:
+  - cmd: cosign
+    env:
+    - COSIGN_EXPERIMENTAL=1
+    artifacts: manifests
+    output: true
+    args:
+    - 'sign'
+    - '${artifact}'
+    - "--yes" # needed on cosign 2.0.0+
+
+archives:
+  - rlcp: true
+    files:
+      - assets
+
+checksum:
+  name_template: 'checksums.txt'
+
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,11 @@
+FROM cgr.dev/chainguard/go:1.20@sha256:8454bbbb4061bd8fed6ce0b6de0d08c0a6037fe33e136b3f16dba31a68b9b3b6 AS builder
+
+WORKDIR /app
+
+COPY . .
+RUN CGO_ENABLED=0 go build -o fga ./main.go
+
+FROM cgr.dev/chainguard/static@sha256:ee47224a2afc674c1f1089b9dea97d5ee400cf2fff3797398778450a4cfb2a8d
+
+COPY --from=builder /app/fga /fga
+ENTRYPOINT ["/fga"]