From d1b3c4701495c56e7912f61fe79d43581f52997d Mon Sep 17 00:00:00 2001 From: Joe Doss Date: Tue, 23 Jul 2024 14:05:22 -0500 Subject: [PATCH 1/7] Add support in for signing and publishing RPM and Deb packages to GCP Artifact Registry. --- .github/workflows/goreleaser.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index e1f6b37..fa7a5d7 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -37,16 +37,25 @@ on: required: false AWS_SECRET_ACCESS_KEY: required: false + GPG_PRIVATE_KEY: + required: false jobs: goreleaser: +<<<<<<< HEAD name: Upload Assets To Github w/ goreleaser runs-on: ${{ inputs.runs-on }} +======= + name: Upload Assets To Github and Google Artifact Registry w/ goreleaser + runs-on: ubuntu-latest +>>>>>>> 660f1cc (Add support in for signing and publishing RPM and Deb packages to GCP Artifact Registry.) permissions: id-token: write contents: write + packages: write env: GOPRIVATE: ${{ inputs.goprivate }} + GPG_PRIVATE_KEY_FILE: "0x889B19391F774443-Certify.key" steps: - name: Install Dependencies # Some dependencies require this package if: ${{ inputs.os-dependencies != '' }} @@ -87,6 +96,23 @@ jobs: run: | RELEASE_DATE=$(date -u +"%y-%m-%d") echo "RELEASE_DATE=${RELEASE_DATE}" >> "${GITHUB_ENV}" + - name: Authenticate to Google Cloud + id: gcloud-auth + uses: google-github-actions/auth@v2 + with: + token_format: access_token + workload_identity_provider: ${{ secrets.GOOGLE_CLOUD_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ secrets.GOOGLE_CLOUD_GITHUB_SERVICE_ACCOUNT }} + - name: Set up Google Cloud SDK + uses: google-github-actions/setup-gcloud@v2 + with: + project_id: prod-us-central1-e5bd + - name: Write GPG private key to file + run: | + echo "${GPG_PRIVATE_KEY}" > "${GPG_PRIVATE_KEY_FILE}" + shell: bash + env: + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - name: Run GoReleaser Pro uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 with: From 924c1d0c6bfaddddf32a99b2fd46805cd4517e7f Mon Sep 17 00:00:00 2001 From: Joe Doss Date: Thu, 8 Aug 2024 14:52:04 -0500 Subject: [PATCH 2/7] Add GOOGLE_CLOUD_PACKAGES_PROJECT_ID secret. --- .github/workflows/goreleaser.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index fa7a5d7..6b50ea9 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -106,7 +106,7 @@ jobs: - name: Set up Google Cloud SDK uses: google-github-actions/setup-gcloud@v2 with: - project_id: prod-us-central1-e5bd + project_id: ${{ secrets.GOOGLE_CLOUD_PACKAGES_PROJECT_ID }} - name: Write GPG private key to file run: | echo "${GPG_PRIVATE_KEY}" > "${GPG_PRIVATE_KEY_FILE}" From ba9a8078c3d5820516a9fe2ea163a1ba435a74af Mon Sep 17 00:00:00 2001 From: Joe Doss Date: Thu, 8 Aug 2024 14:58:40 -0500 Subject: [PATCH 3/7] Add secrets for reals. --- .github/workflows/goreleaser.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index 6b50ea9..2c51399 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -39,6 +39,12 @@ on: required: false GPG_PRIVATE_KEY: required: false + GOOGLE_CLOUD_WORKLOAD_IDENTITY_PROVIDER: + required: true + GOOGLE_CLOUD_GITHUB_SERVICE_ACCOUNT: + required: false + GOOGLE_CLOUD_PACKAGES_PROJECT_ID: + required: false jobs: goreleaser: From f438e742347d919a8178bac823f0a1639b265546 Mon Sep 17 00:00:00 2001 From: Joe Doss Date: Thu, 8 Aug 2024 15:22:09 -0500 Subject: [PATCH 4/7] Add input var enable-packages-upload. --- .github/workflows/goreleaser.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index 2c51399..ed365fd 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -5,6 +5,10 @@ on: required: false type: string default: 'v2.2.3' + enable-packages-upload: + required: false + type: boolean + default: false goprivate: required: false type: string @@ -103,6 +107,7 @@ jobs: RELEASE_DATE=$(date -u +"%y-%m-%d") echo "RELEASE_DATE=${RELEASE_DATE}" >> "${GITHUB_ENV}" - name: Authenticate to Google Cloud + if: inputs.enable-packages-upload id: gcloud-auth uses: google-github-actions/auth@v2 with: @@ -110,10 +115,12 @@ jobs: workload_identity_provider: ${{ secrets.GOOGLE_CLOUD_WORKLOAD_IDENTITY_PROVIDER }} service_account: ${{ secrets.GOOGLE_CLOUD_GITHUB_SERVICE_ACCOUNT }} - name: Set up Google Cloud SDK + if: inputs.enable-packages-upload uses: google-github-actions/setup-gcloud@v2 with: project_id: ${{ secrets.GOOGLE_CLOUD_PACKAGES_PROJECT_ID }} - name: Write GPG private key to file + if: inputs.enable-packages-upload run: | echo "${GPG_PRIVATE_KEY}" > "${GPG_PRIVATE_KEY_FILE}" shell: bash From 2a1b814eacc154b8104deb35ab45bd2a0b3fa9bc Mon Sep 17 00:00:00 2001 From: Joe Doss Date: Thu, 8 Aug 2024 15:30:38 -0500 Subject: [PATCH 5/7] Set GOOGLE_CLOUD_WORKLOAD_IDENTITY_PROVIDER to false. --- .github/workflows/goreleaser.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index ed365fd..0068710 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -44,7 +44,7 @@ on: GPG_PRIVATE_KEY: required: false GOOGLE_CLOUD_WORKLOAD_IDENTITY_PROVIDER: - required: true + required: false GOOGLE_CLOUD_GITHUB_SERVICE_ACCOUNT: required: false GOOGLE_CLOUD_PACKAGES_PROJECT_ID: From b074ef2a68bb693232abcdbc44d5d49e17d77b4b Mon Sep 17 00:00:00 2001 From: Joe Doss Date: Thu, 8 Aug 2024 15:53:27 -0500 Subject: [PATCH 6/7] Set NFPM_PASSPHRASE. --- .github/workflows/goreleaser.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index 0068710..6e1b737 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -43,6 +43,8 @@ on: required: false GPG_PRIVATE_KEY: required: false + GPG_PRIVATE_KEY_PASSWORD: + required: false GOOGLE_CLOUD_WORKLOAD_IDENTITY_PROVIDER: required: false GOOGLE_CLOUD_GITHUB_SERVICE_ACCOUNT: @@ -50,15 +52,11 @@ on: GOOGLE_CLOUD_PACKAGES_PROJECT_ID: required: false + jobs: goreleaser: -<<<<<<< HEAD name: Upload Assets To Github w/ goreleaser runs-on: ${{ inputs.runs-on }} -======= - name: Upload Assets To Github and Google Artifact Registry w/ goreleaser - runs-on: ubuntu-latest ->>>>>>> 660f1cc (Add support in for signing and publishing RPM and Deb packages to GCP Artifact Registry.) permissions: id-token: write contents: write @@ -126,6 +124,7 @@ jobs: shell: bash env: GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + - name: Run GoReleaser Pro uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 with: From 8eb108664005b8f3edc50f39d7d0d4d1d99edc21 Mon Sep 17 00:00:00 2001 From: Joe Doss Date: Thu, 8 Aug 2024 20:19:35 -0500 Subject: [PATCH 7/7] Sort and readd NFPM_PASSPHRASE to env. --- .github/workflows/goreleaser.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index 6e1b737..410135e 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -132,11 +132,11 @@ jobs: version: latest args: release --clean env: - GITHUB_TOKEN: ${{ secrets.GORELEASER_PAT }} - GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} AWS_S3_REGION: ${{ secrets.AWS_S3_REGION }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + GITHUB_TOKEN: ${{ secrets.GORELEASER_PAT }} + GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} + NFPM_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSWORD }} RELEASE_DATE: ${{ env.RELEASE_DATE }} -