From 958652ddbae1c01e3881d99a08928028bbaec1e7 Mon Sep 17 00:00:00 2001 From: William Petit Date: Thu, 19 Oct 2023 15:08:48 +0200 Subject: [PATCH] feat: sign released binaries --- .env.dist | 3 +++ .gitignore | 5 ++++- Jenkinsfile | 13 ------------- Makefile | 33 ++++++++++++++++++++++++++++++--- script/release | 4 ++++ 5 files changed, 41 insertions(+), 17 deletions(-) create mode 100644 .env.dist diff --git a/.env.dist b/.env.dist new file mode 100644 index 0000000..a414403 --- /dev/null +++ b/.env.dist @@ -0,0 +1,3 @@ +GPG_SIGNING_KEY= +GPG_SIGNING_PASSPHRASE= +ARCH_TARGETS='amd64 arm arm64' \ No newline at end of file diff --git a/.gitignore b/.gitignore index a15e297..2de59f8 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,7 @@ /bin /testdata /release -/out \ No newline at end of file +/out +/.mktools +/tools +/.env \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index f9fc565..c269bf9 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -25,19 +25,6 @@ pipeline { } } } - stage('Release') { - steps { - script { - sh 'make tidy' - sh 'ARCH_TARGETS="amd64 arm arm64 mipsle" make release' - - def attachments = sh(returnStdout: true, script: 'find release -maxdepth 1 -type f').split(' ') - gitea.release('forge-jenkins', 'Cadoles', 'go-http-peering', [ - 'attachments': attachments - ]) - } - } - } } post { diff --git a/Makefile b/Makefile index 1a1e836..3971860 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,5 @@ +SHELL := /bin/bash + test: go clean -testcache go test -cover -v ./... @@ -5,8 +7,11 @@ test: watch: go run -mod=readonly github.com/cortesi/modd/cmd/modd@latest -release: - script/release +release: tidy .env + ( set -o allexport && source .env && set +o allexport && script/release ) + +.env: + cp .env.dist .env tidy: go mod tidy @@ -17,4 +22,26 @@ lint: bin/keygen: CGO_ENABLED=0 go build -o bin/keygen ./cmd/keygen -.PHONY: test lint doc sequence-diagram bin/keygen release \ No newline at end of file +.PHONY: test lint doc sequence-diagram bin/keygen release + +gitea-release: .mktools tools/gitea-release/bin/gitea-release.sh release + GITEA_RELEASE_PROJECT="go-http-peering" \ + GITEA_RELEASE_ORG="Cadoles" \ + GITEA_RELEASE_BASE_URL="https://forge.cadoles.com" \ + GITEA_RELEASE_VERSION="$(MKT_PROJECT_VERSION)" \ + GITEA_RELEASE_NAME="$(MKT_PROJECT_VERSION)" \ + GITEA_RELEASE_COMMITISH_TARGET="$(GIT_VERSION)" \ + GITEA_RELEASE_IS_DRAFT="false" \ + GITEA_RELEASE_BODY="" \ + GITEA_RELEASE_ATTACHMENTS="$$(find release -type f -name '*.tar.gz')" \ + tools/gitea-release/bin/gitea-release.sh + +.PHONY: mktools +mktools: + rm -rf .mktools + curl -k -q https://forge.cadoles.com/Cadoles/mktools/raw/branch/master/install.sh | $(SHELL) + +.mktools: + $(MAKE) mktools + +-include .mktools/*.mk \ No newline at end of file diff --git a/script/release b/script/release index 225441e..1950a91 100755 --- a/script/release +++ b/script/release @@ -37,6 +37,10 @@ function build { upx --best "$destdir/$name" fi + if [ ! -z "${GPG_SIGNING_KEY}" ]; then + echo "signing '$destdir/$name' with gpg key '$GPG_SIGNING_KEY'..." + echo $GPG_SIGNING_PASSPHRASE | gpg --pinentry-mode loopback --passphrase-fd 0 --sign --default-key "${GPG_SIGNING_KEY}" --output "$destdir/$name.sig" "$destdir/$name" + fi } function copy {