config tidying, do not sign archives on non-tagged releases

webmeshproj · Jul 26, 2023 · 775f485 · 775f485
1 parent f273bc0
commit 775f485
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 39 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -114,18 +114,31 @@ jobs:
       - name: Setup Buildx
         uses: docker/setup-buildx-action@v2
 
-      - name: Get Release Args
+      - name: Compute Release Args
         shell: bash
         id: release-args
         run: |
           if [[ ${{ github.ref }} =~ ^refs/tags/v.* ]] ; then
               ARGS="--clean --fail-fast"
           else
-              ARGS="--snapshot --clean --fail-fast"
+              ARGS="--snapshot --clean --fail-fast --skip-sign"
           fi
           echo "args=${ARGS}" >> "${GITHUB_OUTPUT}"
 
-      - name: Build Binaries
+      - name: Compute Image Tags
+        shell: bash
+        id: image-tags
+        run: |
+          ALPINE_IMAGES="${ALPINE_IMAGE_NAME}:latest,${ALPINE_IMAGE_NAME}:${{ github.sha }}"
+          DISTROLESS_IMAGES="${DISTROLESS_IMAGE_NAME}:latest,${DISTROLESS_IMAGE_NAME}:${{ github.sha }}"
+          if [[ ${{ github.ref }} =~ ^refs/tags/v.* ]] ; then
+              ALPINE_IMAGES+=",${ALPINE_IMAGE_NAME}:${{ github.ref_name }}"
+              DISTROLESS_IMAGES+=",${DISTROLESS_IMAGE_NAME}:${{ github.ref_name }}"
+          fi
+          echo "alpine-images=${ALPINE_IMAGES}" >> "${GITHUB_OUTPUT}"
+          echo "distroless-images=${DISTROLESS_IMAGES}" >> "${GITHUB_OUTPUT}"
+
+      - name: Run Goreleaser
         uses: goreleaser/goreleaser-action@v4
         with:
           version: latest
@@ -139,26 +152,13 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ github.token }}
 
-      - name: Get Image Tags
-        shell: bash
-        id: tags
-        run: |
-          ALPINE_IMAGES="${ALPINE_IMAGE_NAME}:latest,${ALPINE_IMAGE_NAME}:${{ github.sha }}"
-          DISTROLESS_IMAGES="${DISTROLESS_IMAGE_NAME}:latest,${DISTROLESS_IMAGE_NAME}:${{ github.sha }}"
-          if [[ ${{ github.ref }} =~ ^refs/tags/v.* ]] ; then
-              ALPINE_IMAGES+=",${ALPINE_IMAGE_NAME}:${{ github.ref_name }}"
-              DISTROLESS_IMAGES+=",${DISTROLESS_IMAGE_NAME}:${{ github.ref_name }}"
-          fi
-          echo "alpine-images=${ALPINE_IMAGES}" >> "${GITHUB_OUTPUT}"
-          echo "distroless-images=${DISTROLESS_IMAGES}" >> "${GITHUB_OUTPUT}"
-
       - name: Build Alpine Container Images
         uses: docker/build-push-action@v4
         id: alpine-build
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.tags.outputs.alpine-images }}
+          tags: ${{ steps.image-tags.outputs.alpine-images }}
           platforms: ${{ env.DOCKER_PLATFORMS }}
 
       - name: Build Distroless Container Images
@@ -168,7 +168,7 @@ jobs:
           context: .
           file: Dockerfile.distroless
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.tags.outputs.distroless-images }}
+          tags: ${{ steps.image-tags.outputs.distroless-images }}
           platforms: ${{ env.DOCKER_PLATFORMS }}
 
       - name: Sign Container Images

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -130,20 +130,9 @@ checksum:
 snapshot:
   name_template: "{{ incpatch .Version }}-next"
 
-signs:
-  - cmd: cosign
-    env:
-      - COSIGN_EXPERIMENTAL=1
-    args:
-      - "sign-blob"
-      - "--yes"
-      - "--oidc-issuer=https://token.actions.githubusercontent.com"
-      - "--output-signature=${signature}"
-      - "${artifact}"
-    artifacts: all
-
 archives:
-  - format: tar.gz
+  - id: webmesh
+    format: tar.gz
     builds:
       - node
       - wmctl
@@ -155,13 +144,13 @@ archives:
       {{- else if eq .Arch "386" }}i386
       {{- else }}{{ .Arch }}{{ end }}
       {{- if .Arm }}v{{ .Arm }}{{ end }}
-    # use zip for windows archives
     format_overrides:
       - goos: windows
         format: zip
 
 nfpms:
-  - maintainer: Avi Zimmerman <[email protected]>
+  - id: webmesh
+    maintainer: Avi Zimmerman <[email protected]>
     description: WebMesh is a service mesh for the web
     homepage: https://webmeshproj.github.io
     license: Apache 2.0
@@ -172,6 +161,19 @@ nfpms:
       - deb
       - rpm
       - apk
+      - archlinux
+
+signs:
+  - cmd: cosign
+    env:
+      - COSIGN_EXPERIMENTAL=1
+    args:
+      - "sign-blob"
+      - "--yes"
+      - "--oidc-issuer=https://token.actions.githubusercontent.com"
+      - "--output-signature=${signature}"
+      - "${artifact}"
+    artifacts: all
 
 changelog:
   sort: asc
@@ -184,10 +186,7 @@ release:
     owner: webmeshproj
     name: node
   ids:
-    - node
-    - wmctl
+    - webmesh
 
-# The lines beneath this are called `modelines`. See `:help modeline`
-# Feel free to remove those if you don't want/use them.
 # yaml-language-server: $schema=https://goreleaser.com/static/schema.json
 # vim: set ts=2 sw=2 tw=0 fo=cnqoj
diff --git a/Makefile b/Makefile
@@ -22,8 +22,8 @@ help: ## Display this help.
 ##@ Build
 
 GORELEASER ?= go run github.com/goreleaser/goreleaser@latest
+BUILD_ARGS ?= --snapshot --clean --skip-sign
 
-BUILD_ARGS ?= --snapshot --skip-sign --clean
 build: fmt vet ## Build node and wmctl binary for the local platform.
 	$(GORELEASER) build --single-target $(BUILD_ARGS) --id node --id wmctl
 
@@ -86,4 +86,4 @@ generate: ## Run go generate against code.
 	go generate ./...
 
 clean: ## Clean up build and development artifacts.
-	rm -rf dist
+	rm -rf dist/ $(COVERAGE_FILE)