From d38a43b691445680c4ea4b481ee0a5def94b1a45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=B7=AF=E5=AE=87=E5=9B=B3=E3=82=B7=E3=82=AB=20=28Sikha?= =?UTF-8?q?=29?= <90897223+sikha-root@users.noreply.github.com> Date: Wed, 12 Jun 2024 18:30:15 +0900 Subject: [PATCH] Add SHA256 checksums to release artifacts (#1226) * [actions] use go-release-action for releases and add sha256 checksums * [actions] yamllint fixes and consistency updates --- .github/workflows/backend_build_prod_ecr.yml | 6 ++- .github/workflows/backend_docker_release.yml | 6 ++- .github/workflows/backend_release.yml | 49 ++++++++++--------- .github/workflows/backend_test.yml | 12 ++--- .github/workflows/cli_release.yml | 12 +++-- .github/workflows/cli_release_multiarch.yml | 46 ++++++++--------- .github/workflows/cli_test.yml | 7 +-- .github/workflows/cli_test_e2e.yml | 11 ++--- .github/workflows/dgctl_release.yml | 14 ++++-- .../workflows/ee_backend_docker_release.yml | 6 ++- .github/workflows/ee_backend_test.yml | 12 ++--- .github/workflows/ee_cli_release.yml | 12 +++-- .../workflows/ee_cli_release_multiarch.yml | 15 ++++-- .github/workflows/ee_cli_test.yml | 7 +-- .github/workflows/ee_tasks_release.yml | 6 ++- .github/workflows/latest_tag.yml | 10 ++-- .github/workflows/libs_test.yml | 8 +-- .github/workflows/misc_top_issues.yml | 8 +-- .github/workflows/tasks_release.yml | 6 ++- .github/workflows/tasks_run_test.yml | 7 +-- 20 files changed, 148 insertions(+), 112 deletions(-) diff --git a/.github/workflows/backend_build_prod_ecr.yml b/.github/workflows/backend_build_prod_ecr.yml index d7b48ea8b..31c0ee5a9 100644 --- a/.github/workflows/backend_build_prod_ecr.yml +++ b/.github/workflows/backend_build_prod_ecr.yml @@ -1,7 +1,9 @@ +--- name: Backend Build&Push to Prod ECR -on: + +"on": push: - branches: [ 'develop' ] + branches: ['develop'] permissions: id-token: write diff --git a/.github/workflows/backend_docker_release.yml b/.github/workflows/backend_docker_release.yml index d07169d43..a50d7d254 100644 --- a/.github/workflows/backend_docker_release.yml +++ b/.github/workflows/backend_docker_release.yml @@ -1,8 +1,10 @@ +--- name: Backend Publish docker image -on: +"on": release: - types: ['released'] + types: + - 'released' env: REGISTRY: ghcr.io diff --git a/.github/workflows/backend_release.yml b/.github/workflows/backend_release.yml index ebfd8b8f1..174d008d6 100644 --- a/.github/workflows/backend_release.yml +++ b/.github/workflows/backend_release.yml @@ -1,41 +1,42 @@ +--- name: Backend release -on: + +"on": release: - types: [released] + types: + - 'released' + jobs: binary: strategy: matrix: - arch: [arm, arm64, amd64, 386] + arch: [arm, arm64, amd64, "386"] os: [linux, darwin, freebsd, windows] exclude: - os: darwin arch: arm - os: darwin - arch: 386 + arch: "386" runs-on: ubuntu-latest - steps: - - name: Download Go - uses: actions/setup-go@v5 - with: - go-version: 1.21.1 - id: go + steps: - name: Check out repository uses: actions/checkout@v4 - - name: Build - run: | - echo "Tag that is going to be used as digger version: ${{ github.event.release.tag_name }}" - env GOOS=${{matrix.os}} GOARCH=${{matrix.arch}} CGO_ENABLED=0 go build -ldflags="-X digger/pkg/utils.version=${{ github.event.release.tag_name }}" -o digger-api ./backend - - name: Publish linux-x64 exec to github - id: upload-release-asset-linux-x64 - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ github.event.release.upload_url }} - asset_path: 'digger-api' - asset_name: digger-api-${{matrix.os}}-${{matrix.arch}} - asset_content_type: application/octet-stream + - name: Build and publish binary artifact to GitHub + id: build-and-release-binary + uses: wangyoucao577/go-release-action@8fa1e8368c8465264d64e0198208e10f71474c87 # v1.50 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + goos: ${{ matrix.os }} + goarch: ${{ matrix.arch }} + goversion: 1.21.1 + project_path: ./backend + binary_name: digger-api + pre_command: export CGO_ENABLED=0 + ldflags: ${{ matrix.ldflags }} + sha256sum: true + md5sum: false + asset_name: "digger-api-${{matrix.os}}-${{matrix.arch}}" + compress_assets: "OFF" diff --git a/.github/workflows/backend_test.yml b/.github/workflows/backend_test.yml index fe228ac5a..cf5da501d 100644 --- a/.github/workflows/backend_test.yml +++ b/.github/workflows/backend_test.yml @@ -1,16 +1,17 @@ +--- name: Backend Go Tests -on: + +"on": push: - branches: [ develop ] + branches: ['develop'] pull_request: jobs: - build: name: Build runs-on: ubuntu-latest - steps: + steps: - name: Download Go uses: actions/setup-go@v5 with: @@ -38,6 +39,3 @@ jobs: env: GITHUB_PAT_TOKEN: ${{ secrets.TOKEN_GITHUB }} working-directory: backend - - - diff --git a/.github/workflows/cli_release.yml b/.github/workflows/cli_release.yml index 98b0dca42..8cd2f4421 100644 --- a/.github/workflows/cli_release.yml +++ b/.github/workflows/cli_release.yml @@ -1,12 +1,17 @@ +--- name: release cli -on: + +"on": release: branches: - 'go' - types: [released] + types: + - 'released' + jobs: binary: runs-on: ubuntu-latest + steps: - name: Download Go uses: actions/setup-go@v5 @@ -16,6 +21,7 @@ jobs: - name: Check out repository uses: actions/checkout@v4 + - name: Build run: | echo "Tag that is going to be used as digger version: ${{ github.event.release.tag_name }}" @@ -30,4 +36,4 @@ jobs: upload_url: ${{ github.event.release.upload_url }} asset_path: 'digger' asset_name: digger-cli-Linux-X64 - asset_content_type: application/octet-stream \ No newline at end of file + asset_content_type: application/octet-stream diff --git a/.github/workflows/cli_release_multiarch.yml b/.github/workflows/cli_release_multiarch.yml index 40decece1..bf82e8e84 100644 --- a/.github/workflows/cli_release_multiarch.yml +++ b/.github/workflows/cli_release_multiarch.yml @@ -1,44 +1,44 @@ +--- name: release cli multi architecture -on: + +"on": release: branches: - 'go' - types: [released] + types: + - 'released' + jobs: binary: strategy: matrix: - arch: [arm, arm64, amd64, 386] + arch: [arm, arm64, amd64, "386"] os: [linux, darwin, freebsd, windows] exclude: - os: darwin arch: arm - os: darwin - arch: 386 + arch: "386" runs-on: ubuntu-latest steps: - - name: Download Go - uses: actions/setup-go@v5 - with: - go-version: 1.21.1 - id: go - - name: Check out repository uses: actions/checkout@v4 - - name: Build - run: | - echo "Tag that is going to be used as digger version: ${{ github.event.release.tag_name }}" - env GOOS=${{matrix.os}} GOARCH=${{matrix.arch}} CGO_ENABLED=0 go build -ldflags="-X digger/pkg/utils.version=${{ github.event.release.tag_name }}" -o digger ./cli/cmd/digger - - name: Publish linux-x64 exec to github - id: upload-release-asset-linux-x64 - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Build and publish binary artifact to GitHub + id: build-and-release-binary + uses: wangyoucao577/go-release-action@8fa1e8368c8465264d64e0198208e10f71474c87 # v1.50 with: - upload_url: ${{ github.event.release.upload_url }} - asset_path: 'digger' - asset_name: digger-cli-${{matrix.os}}-${{matrix.arch}} - asset_content_type: application/octet-stream \ No newline at end of file + github_token: ${{ secrets.GITHUB_TOKEN }} + goos: ${{ matrix.os }} + goarch: ${{ matrix.arch }} + goversion: 1.21.1 + project_path: ./cli/cmd/digger + binary_name: digger + pre_command: export CGO_ENABLED=0 + ldflags: ${{ matrix.ldflags }} + sha256sum: true + md5sum: false + asset_name: "digger-cli-${{matrix.os}}-${{matrix.arch}}" + compress_assets: "OFF" diff --git a/.github/workflows/cli_test.yml b/.github/workflows/cli_test.yml index e8e941e76..05afe6fef 100644 --- a/.github/workflows/cli_test.yml +++ b/.github/workflows/cli_test.yml @@ -1,15 +1,16 @@ +--- name: Cli tests -on: + +"on": push: pull_request: jobs: - build: name: Build runs-on: ubuntu-latest - steps: + steps: - name: Download Go uses: actions/setup-go@v5 with: diff --git a/.github/workflows/cli_test_e2e.yml b/.github/workflows/cli_test_e2e.yml index dccca2ed0..8596fb1c8 100644 --- a/.github/workflows/cli_test_e2e.yml +++ b/.github/workflows/cli_test_e2e.yml @@ -1,7 +1,9 @@ +--- name: Cli e2e tests -on: + +"on": push: - branches: [ 'develop' ] + branches: ['develop'] jobs: build: @@ -11,8 +13,8 @@ jobs: name: Build runs-on: ubuntu-latest - steps: + steps: - name: Check out code into the Go module directory uses: actions/checkout@v4 @@ -51,6 +53,3 @@ jobs: GOOGLE_STORAGE_PLAN_ARTEFACT_BUCKET: gcp-plan-artefacts AWS_S3_BUCKET: digger-tests-bucket AWS_REGION: us-east-1 - - - diff --git a/.github/workflows/dgctl_release.yml b/.github/workflows/dgctl_release.yml index fc8c99733..91dfafb00 100644 --- a/.github/workflows/dgctl_release.yml +++ b/.github/workflows/dgctl_release.yml @@ -1,20 +1,24 @@ +--- name: release dgctl -on: + +"on": release: branches: - 'go' - types: [released] + types: + - 'released' + jobs: binary: strategy: matrix: - arch: [arm, arm64, amd64, 386] + arch: [arm, arm64, amd64, "386"] os: [linux, darwin, freebsd, windows] exclude: - os: darwin arch: arm - os: darwin - arch: 386 + arch: "386" runs-on: ubuntu-latest @@ -40,4 +44,4 @@ jobs: upload_url: ${{ github.event.release.upload_url }} asset_path: 'dgctl_bin' asset_name: dgctl-${{matrix.os}}-${{matrix.arch}} - asset_content_type: application/octet-stream \ No newline at end of file + asset_content_type: application/octet-stream diff --git a/.github/workflows/ee_backend_docker_release.yml b/.github/workflows/ee_backend_docker_release.yml index f10ca3fa7..abf4989dc 100644 --- a/.github/workflows/ee_backend_docker_release.yml +++ b/.github/workflows/ee_backend_docker_release.yml @@ -1,8 +1,10 @@ +--- name: EE Backend Publish docker image -on: +"on": release: - types: ['released'] + types: + - 'released' env: REGISTRY: ghcr.io diff --git a/.github/workflows/ee_backend_test.yml b/.github/workflows/ee_backend_test.yml index bfeb56221..844d8f945 100644 --- a/.github/workflows/ee_backend_test.yml +++ b/.github/workflows/ee_backend_test.yml @@ -1,16 +1,17 @@ +--- name: EE Backend Go Tests -on: + +"on": push: - branches: [ develop ] + branches: ['develop'] pull_request: jobs: - build: name: Build runs-on: ubuntu-latest - steps: + steps: - name: Download Go uses: actions/setup-go@v5 with: @@ -38,6 +39,3 @@ jobs: env: GITHUB_PAT_TOKEN: ${{ secrets.TOKEN_GITHUB }} working-directory: ee/backend - - - diff --git a/.github/workflows/ee_cli_release.yml b/.github/workflows/ee_cli_release.yml index 53d6283ff..08f038219 100644 --- a/.github/workflows/ee_cli_release.yml +++ b/.github/workflows/ee_cli_release.yml @@ -1,12 +1,17 @@ +--- name: release ee cli -on: + +"on": release: branches: - 'go' - types: [released] + types: + - 'released' + jobs: binary: runs-on: ubuntu-latest + steps: - name: Download Go uses: actions/setup-go@v5 @@ -16,6 +21,7 @@ jobs: - name: Check out repository uses: actions/checkout@v4 + - name: Build run: | echo "Tag that is going to be used as digger version: ${{ github.event.release.tag_name }}" @@ -30,4 +36,4 @@ jobs: upload_url: ${{ github.event.release.upload_url }} asset_path: 'digger' asset_name: digger-ee-cli-Linux-X64 - asset_content_type: application/octet-stream \ No newline at end of file + asset_content_type: application/octet-stream diff --git a/.github/workflows/ee_cli_release_multiarch.yml b/.github/workflows/ee_cli_release_multiarch.yml index bb9a90eb4..34bdb807e 100644 --- a/.github/workflows/ee_cli_release_multiarch.yml +++ b/.github/workflows/ee_cli_release_multiarch.yml @@ -1,20 +1,24 @@ +--- name: EE release cli multi architecture -on: + +"on": release: branches: - 'go' - types: [released] + types: + - 'released' + jobs: binary: strategy: matrix: - arch: [arm, arm64, amd64, 386] + arch: [arm, arm64, amd64, "386"] os: [linux, darwin, freebsd, windows] exclude: - os: darwin arch: arm - os: darwin - arch: 386 + arch: "386" runs-on: ubuntu-latest @@ -27,6 +31,7 @@ jobs: - name: Check out repository uses: actions/checkout@v4 + - name: Build run: | echo "Tag that is going to be used as digger version: ${{ github.event.release.tag_name }}" @@ -41,4 +46,4 @@ jobs: upload_url: ${{ github.event.release.upload_url }} asset_path: 'digger' asset_name: digger-ee-cli-${{matrix.os}}-${{matrix.arch}} - asset_content_type: application/octet-stream \ No newline at end of file + asset_content_type: application/octet-stream diff --git a/.github/workflows/ee_cli_test.yml b/.github/workflows/ee_cli_test.yml index 4ad3311b0..413857497 100644 --- a/.github/workflows/ee_cli_test.yml +++ b/.github/workflows/ee_cli_test.yml @@ -1,15 +1,16 @@ +--- name: EE Cli tests -on: + +"on": push: pull_request: jobs: - build: name: Build runs-on: ubuntu-latest - steps: + steps: - name: Download Go uses: actions/setup-go@v5 with: diff --git a/.github/workflows/ee_tasks_release.yml b/.github/workflows/ee_tasks_release.yml index 70910a5a2..630605fcb 100644 --- a/.github/workflows/ee_tasks_release.yml +++ b/.github/workflows/ee_tasks_release.yml @@ -1,8 +1,10 @@ +--- name: EE Tasks Publish docker image -on: +"on": release: - types: ['released'] + types: + - 'released' env: REGISTRY: ghcr.io diff --git a/.github/workflows/latest_tag.yml b/.github/workflows/latest_tag.yml index 769f7746a..94389aae0 100644 --- a/.github/workflows/latest_tag.yml +++ b/.github/workflows/latest_tag.yml @@ -1,13 +1,15 @@ +--- name: Update latest tag for every new latest release -on: +"on": release: types: - - released + - 'released' jobs: update_latest_tag: runs-on: ubuntu-latest + steps: - name: Check out repository uses: actions/checkout@v4 @@ -20,8 +22,8 @@ jobs: latest_release=$(curl -s -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r '.tag_name') echo "Latest release: $latest_release" echo "Current release: ${{ github.ref }}" - if [[ "refs/tags/$latest_release" == "${{ github.ref }}" ]]; then - echo "is_latest=true" >> $GITHUB_OUTPUT + if [[ "refs/tags/$latest_release" == "${{ github.ref }}" ]]; then + echo "is_latest=true" >> $GITHUB_OUTPUT else echo "is_latest=false" >> $GITHUB_OUTPUT fi diff --git a/.github/workflows/libs_test.yml b/.github/workflows/libs_test.yml index 95ba99684..842870525 100644 --- a/.github/workflows/libs_test.yml +++ b/.github/workflows/libs_test.yml @@ -1,14 +1,16 @@ +--- name: Libs tests -on: + +"on": push: - branches: [ 'develop' ] + branches: ['develop'] pull_request: jobs: - build: name: Build runs-on: ubuntu-latest + steps: - name: Download Go uses: actions/setup-go@v5 diff --git a/.github/workflows/misc_top_issues.yml b/.github/workflows/misc_top_issues.yml index c23dfadc0..ffd51c402 100644 --- a/.github/workflows/misc_top_issues.yml +++ b/.github/workflows/misc_top_issues.yml @@ -1,14 +1,16 @@ - +--- name: Top issues updater -on: + +"on": schedule: - - cron: "0 * * * *" # every hour + - cron: "0 * * * *" # every hour workflow_dispatch: jobs: get-top-issues: if: github.repository_owner == 'diggerhq' runs-on: ubuntu-latest + steps: - name: update-top-issues uses: diggerhq/top-issues@main diff --git a/.github/workflows/tasks_release.yml b/.github/workflows/tasks_release.yml index 4582b10df..c0edf8490 100644 --- a/.github/workflows/tasks_release.yml +++ b/.github/workflows/tasks_release.yml @@ -1,8 +1,10 @@ +--- name: Tasks Publish docker image -on: +"on": release: - types: ['released'] + types: + - 'released' env: REGISTRY: ghcr.io diff --git a/.github/workflows/tasks_run_test.yml b/.github/workflows/tasks_run_test.yml index e25d4655c..091b36d48 100644 --- a/.github/workflows/tasks_run_test.yml +++ b/.github/workflows/tasks_run_test.yml @@ -1,13 +1,15 @@ +--- name: Tasks run tests -on: + +"on": push: pull_request: jobs: - build: name: Build runs-on: ubuntu-latest + steps: - name: Download Go uses: actions/setup-go@v5 @@ -24,7 +26,6 @@ jobs: go get -v ./... working-directory: backend/tasks - - name: Test run: go test -v ./... working-directory: backend/tasks