Build and release workflows with tooling

.github/workflows/build.yml

@@ -0,0 +1,121 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - "main"
+  pull_request:
+    branches:
+      - "main"
+    types: [ opened, synchronize ]
+
+jobs:
+
+  build-artifact:
+    name: Build and verify artifact
+    runs-on: ${{ matrix.runner }}
+    outputs:
+      module_name: ${{ steps.prepare-release.outputs.module_name }}
+      version: ${{ steps.prepare-release.outputs.version }}
+    strategy:
+      matrix:
+        os: [ ubuntu-22.04, darwin, windows ]
+        arch: [ amd64, arm64 ]
+        include:
+          - os: ubuntu-22.04
+            arch: amd64
+            runner: ubuntu-22.04
+            build_target: build-linux-amd64
+            verify_target: verify-binary-linux
+            dependencies: musl-tools
+          - os: ubuntu-22.04
+            arch: arm64
+            # According to linter: warning Workflow => .github/workflows/build.yml:38:21: label "Terraform-provider-bitwarden-sm-linux" is unknown.
+            runner: Terraform-provider-bitwarden-sm-linux
+            build_target: build-linux-arm64
+            verify-target: verify-binary-linux
+            dependencies: musl-tools
+          - os: darwin
+            arch: amd64
+            # According to linter: label "macos-14" is unknown
+            runner: macos-14
+            build_target: build-darwin-amd64
+            verify_target: verify-binary-darwin-amd64
+          - os: darwin
+            arch: arm64
+            runner: macos-14
+            build_target: build-darwin-arm64
+            verify_target: verify-binary-darwin-arm64
+          - os: windows
+            arch: amd64
+            runner: ubuntu-22.04
+            build_target: build-windows-amd64
+            verify_target: verify-binary-windows-amd64
+            dependencies: mingw-w64
+        exclude:
+          - os: windows
+            arch: arm64
+
+    steps:
+
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup Go
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+
+      - name: Install dependencies (Linux only)
+        if: matrix.os == 'ubuntu-22.04'
+        run: sudo apt update && sudo apt install -y ${{ matrix.dependencies }}
+
+      - name: Install dependencies (Windows cross-compile only)
+        if: matrix.os == 'windows'
+        run: sudo apt update && sudo apt install -y ${{ matrix.dependencies }}
+
+      - name: Install Go dependencies
+        run: go mod tidy
+
+      - name: Get current version
+        id: current-version
+        run: |
+          CURRENT_VERSION=$(grep 'ProviderVersion string =' version/version.go | sed -E 's/.*"([0-9]+\.[0-9]+\.[0-9]+(-pre)?)".*/\1/')
+          echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Build binary
+        run: make ${{ matrix.build_target }} BINARY_VERSION="_${{ steps.current-version.outputs.version }}"
+
+      - name: Verify binary
+        run: make ${{ matrix.verify_target }} BINARY_VERSION="_${{ steps.current-version.outputs.version }}"
+
+      - name: Prepare release artifacts
+        id: prepare-release
+        run: |
+          MODULE_NAME=$(grep "^module" go.mod | awk -F'/' '{print $NF}')
+          BINARY_VERSION=$(echo ${{ steps.current-version.outputs.version }})
+          ARCHIVE="${MODULE_NAME}_${BINARY_VERSION}_${{ matrix.os }}_${{ matrix.arch }}.zip"
+
+          # Conditionally set the binary name with or without .exe extension
+          BINARY="${MODULE_NAME}_${BINARY_VERSION}"
+          if [ "${{ matrix.os }}" = "windows" ]; then
+            BINARY="${BINARY}.exe"
+          fi
+
+          # Create ZIP archive
+          zip ${ARCHIVE} ${BINARY}
+
+          echo "module_name=${MODULE_NAME}" >> "$GITHUB_OUTPUT"
+          echo "version=${BINARY_VERSION}" >> "$GITHUB_OUTPUT"
+
+          echo "binary_version=${BINARY_VERSION}" >> "$GITHUB_OUTPUT"
+          echo "archive=${ARCHIVE}" >> "$GITHUB_OUTPUT"
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        with:
+          name: ${{ steps.prepare-release.outputs.module_name }}_${{ steps.prepare-release.outputs.binary_version }}_${{ matrix.os }}_${{ matrix.arch }}
+          retention-days: 5
+          path: |
+            ${{ steps.prepare-release.outputs.archive }}

.github/workflows/docs.yml

@@ -0,0 +1,45 @@
+name: Docs
+
+on:
+  pull_request:
+    branches:
+      - "main"
+    types: [ opened, synchronize ]
+
+jobs:
+  docs:
+    name: Validate Docs
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+    steps:
+
+      - name: Check out repo
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Setup Go
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+
+      - name: Install Go dependencies
+        run: go mod tidy
+
+      - name: Install build dependencies
+        run: sudo apt update && sudo apt install gcc libc-dev -y
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1
+        with:
+          terraform_version: '1.9.2'
+          terraform_wrapper: false
+
+      - name: Generate documentation
+        run: |
+          make create-docs-linux PARAM_CC="gcc" PARAM_CGO_LDFLAGS="'-s -w -lm'"
+
+      - name: Git diff
+        run: |
+          git diff --compact-summary --exit-code examples docs || \
+            (echo; echo "Unexpected difference in directories [/examples, /docs] after code generation. Run 'go generate ./...' command and commit."; exit 1)

.github/workflows/lint.yml

@@ -0,0 +1,31 @@
+name: GolangCI-lint
+
+on:
+  pull_request:
+    branches:
+      - "main"
+    types: [ opened, synchronize ]
+
+jobs:
+  lint:
+    name: Run Linters
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+    steps:
+
+      - name: Check out repo
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Setup Go
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+
+      - name: Run linters
+        uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
+        with:
+          version: latest

.github/workflows/release.yml

@@ -0,0 +1,64 @@
+name: Release
+
+on:
+  workflow_dispatch:
+
+jobs:
+
+  create-release:
+    name: Create Release
+    runs-on: ubuntu-22.04
+    steps:
+
+      - name: Check out repo
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Get current version
+        id: current-version
+        run: |
+          CURRENT_VERSION=$(grep 'ProviderVersion string =' version/version.go | sed -E 's/.*"([0-9]+\.[0-9]+\.[0-9]+(-pre)?)".*/\1/')
+          echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Download Artifacts
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build.yml
+          workflow_conclusion: success
+          branch: main
+          path: /artifacts
+
+      - name: Generate Checksum File
+        id: checksum
+        run: |
+          MODULE_NAME=$(grep "^module" go.mod | awk -F'/' '{print $NF}')
+          CHECKSUM_FILE="${MODULE_NAME}_${{ steps.current-version.outputs.version }}_SHA256SUMS"
+          shasum -a 256 /artifacts/*.zip > $CHECKSUM_FILE
+          echo "module_name=$MODULE_NAME" >> $GITHUB_OUTPUT
+          echo "checksum_file=$CHECKSUM_FILE" >> $GITHUB_OUTPUT
+
+      - name: Import GPG Key
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+        run: |
+          echo "$GPG_PRIVATE_KEY" | base64 --decode | gpg --import
+
+      - name: Sign Checksum File
+        run: |
+          gpg --detach-sign --local-user ${{ secrets.GPG_KEY_ID }} --output ${{ steps.checksum.outputs.checksum_file }}.sig ${{ steps.checksum.outputs.checksum_file }}
+
+      - name: Prepare Manifest File
+        id: manifest
+        run: |
+          MANIFEST_FILE="${{ steps.checksum.outputs.module_name}}_${{ steps.current-version.outputs.version }}_manifest.json"
+          cp terraform-registry-manifest.json $MANIFEST_FILE
+          echo "manifest_file=$MANIFEST_FILE" >> $GITHUB_OUTPUT
+
+      - name: Release
+        uses: ncipollo/release-action@cdcc88a9acf3ca41c16c37bb7d21b9ad48560d87 # v1.15.0
+        with:
+          name: "${{ steps.current-version.outputs.version }}"
+          generateReleaseNotes: true
+          artifacts: "artifacts/*.zip,
+              ${{ steps.manifest.outputs.manifest_file }},
+              ${{ steps.checksum.outputs.checksum_file }},
+              ${{ steps.checksum.outputs.checksum_file }}.sig"