add files for gha release workflow (#10576)

* add files for gha release workflow * remove changelog-links script, no longer needed * Update .goreleaser.yml Co-authored-by: angie pinilla <angelinepinilla@gmail.com> * changes for sdkv2 * remove extra sig block Co-authored-by: angie pinilla <angelinepinilla@gmail.com>
hashicorp · Nov 22, 2021 · 7932977 · 7932977
1 parent e3ece04
commit 7932977
Show file tree

Hide file tree

Showing 3 changed files with 137 additions and 31 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,63 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+*'
+
+env:
+  GOPROXY: https://proxy.golang.org/
+  PROTOCOL_VERSION: "5.0"
+  PROTOCOL_VERSIONS: "5.0"
+  SIGNER: interim_signing_subkey_7685B676
+
+jobs:
+  Release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Read go version
+        id: go-version
+        run: |
+          content=`cat ./.go-version`
+          echo "::set-output name=content::$content"
+      - uses: actions/setup-go@v2
+        with:
+          # TODO: Replace with go-version-from-file when it is supported
+          # https://github.com/actions/setup-go/pull/62
+          go-version: ${{ steps.go-version.outputs.content }}
+      - uses: hashicorp/setup-hc-releases@v1
+        with:
+          github-token: ${{ secrets.HC_RELEASES_TOKEN }}
+          signer: ${{ env.SIGNER }}
+      - uses: hashicorp/setup-signore@v2
+        with:
+          github-token: ${{ secrets.SETUP_SIGNORE_GITHUB_TOKEN }}
+          signer: interim_signing_subkey_768B676
+      - name: Release Notes
+        run: sed -n -e "1{/# /d;}" -e "2{/^$/d;}" -e "/# \[$(git describe --abbrev=0 --exclude="$(git describe --abbrev=0 --match='v*.*.*' --tags)" --match='v*.*.*' --tags | tr -d v)/q;p" CHANGELOG.md > /tmp/RELEASE-NOTES.md
+      - uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.TF_PROVIDER_RELEASE_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.TF_PROVIDER_RELEASE_AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+          role-to-assume: ${{ secrets.TF_PROVIDER_RELEASE_AWS_ROLE_ARN }}
+          role-duration-seconds: 3600
+          # TODO: allow session tagging once IAM permission changes addressed
+          # Reference: https://github.com/hashicorp/hc-releases/issues/124
+          role-skip-session-tagging: true
+      - name: goreleaser release
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          args: release --release-notes /tmp/RELEASE-NOTES.md --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SIGNORE_CLIENT_ID: ${{ secrets.SIGNORE_CLIENT_ID }}
+          SIGNORE_CLIENT_SECRET: ${{ secrets.SIGNORE_CLIENT_SECRET }}
+      - name: hc-releases publish
+        run: hc-releases publish -product=${{ github.event.repository.name }}
+        env:
+          FASTLY_API_TOKEN: ${{ secrets.FASTLY_STATIC_PURGE_TOKEN }}
+          TERRAFORM_REGISTRY_SYNC_TOKEN: ${{ secrets.TF_PROVIDER_RELEASE_TERRAFORM_REGISTRY_SYNC_TOKEN }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -0,0 +1,74 @@
+archives:
+  - format: zip
+    name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
+builds:
+  - env:
+      - CGO_ENABLED=0
+    flags:
+      - -trimpath
+    goos:
+      - darwin
+      - freebsd
+      - linux
+      - windows
+    goarch:
+      - '386'
+      - amd64
+      - arm
+      - arm64
+    ignore:
+      - goarch: arm
+        goos: windows
+      - goarch: arm64
+        goos: freebsd
+      - goarch: arm64
+        goos: windows
+    ldflags:
+      - -s -w -X internal/provider.Version={{.Version}}
+    mod_timestamp: '{{ .CommitTimestamp }}'
+checksum:
+  name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
+  algorithm: sha256
+publishers:
+  - name: hc-releases
+    checksum: true
+    signature: true
+    cmd: hc-releases upload-file -header="x-terraform-protocol-version={{ .Env.PROTOCOL_VERSION }}" -header="x-terraform-protocol-versions={{ .Env.PROTOCOL_VERSIONS }}" {{ abs .ArtifactPath }}
+    env:
+      - AWS_DEFAULT_REGION={{ .Env.AWS_DEFAULT_REGION }}
+      - AWS_REGION={{ .Env.AWS_REGION }}
+      - AWS_ACCESS_KEY_ID={{ .Env.AWS_ACCESS_KEY_ID }}
+      - AWS_SECRET_ACCESS_KEY={{ .Env.AWS_SECRET_ACCESS_KEY }}
+      - AWS_SESSION_TOKEN={{ .Env.AWS_SESSION_TOKEN }}
+release:
+  ids:
+    - none
+signs:
+  # Default Signature file (i.e. terraform-provider-awscc_VERSION_SHA256SUMS.sig)
+  - cmd: sh
+    args:
+    - -c
+    - >-
+      signore
+      sign
+      --dearmor
+      --file ${artifact}
+      --signer {{ .Env.SIGNER }}
+      --out ${signature}
+    artifacts: checksum
+  # Signature file with GPG Public Key ID in filename (i.e. terraform-provider-awscc_VERSION_SHA256SUMS.7685B676.sig)
+  - id: sig-with-gpg-public-key-id
+    signature: ${artifact}.72D7468F.sig
+    cmd: sh
+    args:
+    - -c
+    - >-
+      signore
+      sign
+      --dearmor
+      --file ${artifact}
+      --signer {{ .Env.SIGNER }}
+      --out ${signature}
+    artifacts: checksum
+snapshot:
+  name_template: "{{ .Tag }}-next"
diff --git a/scripts/changelog-links.sh b/scripts/changelog-links.sh