diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000000..61243bed8d4 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,63 @@ +name: Release + +on: + push: + tags: + - 'v[0-9]+.[0-9]+.[0-9]+*' + +env: + GOPROXY: https://proxy.golang.org/ + PROTOCOL_VERSION: "5.0" + PROTOCOL_VERSIONS: "5.0" + SIGNER: interim_signing_subkey_7685B676 + +jobs: + Release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Read go version + id: go-version + run: | + content=`cat ./.go-version` + echo "::set-output name=content::$content" + - uses: actions/setup-go@v2 + with: + # TODO: Replace with go-version-from-file when it is supported + # https://github.com/actions/setup-go/pull/62 + go-version: ${{ steps.go-version.outputs.content }} + - uses: hashicorp/setup-hc-releases@v1 + with: + github-token: ${{ secrets.HC_RELEASES_TOKEN }} + signer: ${{ env.SIGNER }} + - uses: hashicorp/setup-signore@v2 + with: + github-token: ${{ secrets.SETUP_SIGNORE_GITHUB_TOKEN }} + signer: interim_signing_subkey_768B676 + - name: Release Notes + run: sed -n -e "1{/# /d;}" -e "2{/^$/d;}" -e "/# \[$(git describe --abbrev=0 --exclude="$(git describe --abbrev=0 --match='v*.*.*' --tags)" --match='v*.*.*' --tags | tr -d v)/q;p" CHANGELOG.md > /tmp/RELEASE-NOTES.md + - uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.TF_PROVIDER_RELEASE_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.TF_PROVIDER_RELEASE_AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + role-to-assume: ${{ secrets.TF_PROVIDER_RELEASE_AWS_ROLE_ARN }} + role-duration-seconds: 3600 + # TODO: allow session tagging once IAM permission changes addressed + # Reference: https://github.com/hashicorp/hc-releases/issues/124 + role-skip-session-tagging: true + - name: goreleaser release + uses: goreleaser/goreleaser-action@v2 + with: + args: release --release-notes /tmp/RELEASE-NOTES.md --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SIGNORE_CLIENT_ID: ${{ secrets.SIGNORE_CLIENT_ID }} + SIGNORE_CLIENT_SECRET: ${{ secrets.SIGNORE_CLIENT_SECRET }} + - name: hc-releases publish + run: hc-releases publish -product=${{ github.event.repository.name }} + env: + FASTLY_API_TOKEN: ${{ secrets.FASTLY_STATIC_PURGE_TOKEN }} + TERRAFORM_REGISTRY_SYNC_TOKEN: ${{ secrets.TF_PROVIDER_RELEASE_TERRAFORM_REGISTRY_SYNC_TOKEN }} \ No newline at end of file diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 00000000000..f51bae465cc --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,74 @@ +archives: + - format: zip + name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}' +builds: + - env: + - CGO_ENABLED=0 + flags: + - -trimpath + goos: + - darwin + - freebsd + - linux + - windows + goarch: + - '386' + - amd64 + - arm + - arm64 + ignore: + - goarch: arm + goos: windows + - goarch: arm64 + goos: freebsd + - goarch: arm64 + goos: windows + ldflags: + - -s -w -X internal/provider.Version={{.Version}} + mod_timestamp: '{{ .CommitTimestamp }}' +checksum: + name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS' + algorithm: sha256 +publishers: + - name: hc-releases + checksum: true + signature: true + cmd: hc-releases upload-file -header="x-terraform-protocol-version={{ .Env.PROTOCOL_VERSION }}" -header="x-terraform-protocol-versions={{ .Env.PROTOCOL_VERSIONS }}" {{ abs .ArtifactPath }} + env: + - AWS_DEFAULT_REGION={{ .Env.AWS_DEFAULT_REGION }} + - AWS_REGION={{ .Env.AWS_REGION }} + - AWS_ACCESS_KEY_ID={{ .Env.AWS_ACCESS_KEY_ID }} + - AWS_SECRET_ACCESS_KEY={{ .Env.AWS_SECRET_ACCESS_KEY }} + - AWS_SESSION_TOKEN={{ .Env.AWS_SESSION_TOKEN }} +release: + ids: + - none +signs: + # Default Signature file (i.e. terraform-provider-awscc_VERSION_SHA256SUMS.sig) + - cmd: sh + args: + - -c + - >- + signore + sign + --dearmor + --file ${artifact} + --signer {{ .Env.SIGNER }} + --out ${signature} + artifacts: checksum + # Signature file with GPG Public Key ID in filename (i.e. terraform-provider-awscc_VERSION_SHA256SUMS.7685B676.sig) + - id: sig-with-gpg-public-key-id + signature: ${artifact}.72D7468F.sig + cmd: sh + args: + - -c + - >- + signore + sign + --dearmor + --file ${artifact} + --signer {{ .Env.SIGNER }} + --out ${signature} + artifacts: checksum +snapshot: + name_template: "{{ .Tag }}-next" \ No newline at end of file diff --git a/scripts/changelog-links.sh b/scripts/changelog-links.sh deleted file mode 100755 index f43a430724f..00000000000 --- a/scripts/changelog-links.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -# This script rewrites [GH-nnnn]-style references in the CHANGELOG.md file to -# be Markdown links to the given github issues. -# -# This is run during releases so that the issue references in all of the -# released items are presented as clickable links, but we can just use the -# easy [GH-nnnn] shorthand for quickly adding items to the "Unrelease" section -# while merging things between releases. - -set -e - -if [[ ! -f CHANGELOG.md ]]; then - echo "ERROR: CHANGELOG.md not found in pwd." - echo "Please run this from the root of the terraform provider repository" - exit 1 -fi - -if [[ `uname` == "Darwin" ]]; then - echo "Using BSD sed" - SED="sed -i.bak -E -e" -else - echo "Using GNU sed" - SED="sed -i.bak -r -e" -fi - -PROVIDER_URL="https:\/\/github.com\/hashicorp\/terraform-provider-google\/issues" - -$SED "s/GH-([0-9]+)/\[#\1\]\($PROVIDER_URL\/\1\)/g" -e 's/\[\[#(.+)([0-9])\)]$/(\[#\1\2))/g' CHANGELOG.md - -rm CHANGELOG.md.bak