feat: sign released binaries
Some checks reported warnings
Cadoles/go-http-peering/pipeline/head This commit is unstable

This commit is contained in:
wpetit 2023-10-19 15:08:48 +02:00
parent 891cfa7540
commit 958652ddba
5 changed files with 41 additions and 17 deletions

3
.env.dist Normal file
View File

@ -0,0 +1,3 @@
GPG_SIGNING_KEY=
GPG_SIGNING_PASSPHRASE=
ARCH_TARGETS='amd64 arm arm64'

5
.gitignore vendored
View File

@ -3,4 +3,7 @@
/bin
/testdata
/release
/out
/out
/.mktools
/tools
/.env

13
Jenkinsfile vendored
View File

@ -25,19 +25,6 @@ pipeline {
}
}
}
stage('Release') {
steps {
script {
sh 'make tidy'
sh 'ARCH_TARGETS="amd64 arm arm64 mipsle" make release'
def attachments = sh(returnStdout: true, script: 'find release -maxdepth 1 -type f').split(' ')
gitea.release('forge-jenkins', 'Cadoles', 'go-http-peering', [
'attachments': attachments
])
}
}
}
}
post {

View File

@ -1,3 +1,5 @@
SHELL := /bin/bash
test:
go clean -testcache
go test -cover -v ./...
@ -5,8 +7,11 @@ test:
watch:
go run -mod=readonly github.com/cortesi/modd/cmd/modd@latest
release:
script/release
release: tidy .env
( set -o allexport && source .env && set +o allexport && script/release )
.env:
cp .env.dist .env
tidy:
go mod tidy
@ -17,4 +22,26 @@ lint:
bin/keygen:
CGO_ENABLED=0 go build -o bin/keygen ./cmd/keygen
.PHONY: test lint doc sequence-diagram bin/keygen release
.PHONY: test lint doc sequence-diagram bin/keygen release
gitea-release: .mktools tools/gitea-release/bin/gitea-release.sh release
GITEA_RELEASE_PROJECT="go-http-peering" \
GITEA_RELEASE_ORG="Cadoles" \
GITEA_RELEASE_BASE_URL="https://forge.cadoles.com" \
GITEA_RELEASE_VERSION="$(MKT_PROJECT_VERSION)" \
GITEA_RELEASE_NAME="$(MKT_PROJECT_VERSION)" \
GITEA_RELEASE_COMMITISH_TARGET="$(GIT_VERSION)" \
GITEA_RELEASE_IS_DRAFT="false" \
GITEA_RELEASE_BODY="" \
GITEA_RELEASE_ATTACHMENTS="$$(find release -type f -name '*.tar.gz')" \
tools/gitea-release/bin/gitea-release.sh
.PHONY: mktools
mktools:
rm -rf .mktools
curl -k -q https://forge.cadoles.com/Cadoles/mktools/raw/branch/master/install.sh | $(SHELL)
.mktools:
$(MAKE) mktools
-include .mktools/*.mk

View File

@ -37,6 +37,10 @@ function build {
upx --best "$destdir/$name"
fi
if [ ! -z "${GPG_SIGNING_KEY}" ]; then
echo "signing '$destdir/$name' with gpg key '$GPG_SIGNING_KEY'..."
echo $GPG_SIGNING_PASSPHRASE | gpg --pinentry-mode loopback --passphrase-fd 0 --sign --default-key "${GPG_SIGNING_KEY}" --output "$destdir/$name.sig" "$destdir/$name"
fi
}
function copy {