diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 659f3b0a..00000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Release binaries to Mirantis/Launchpad - -on: - push: - tags: - - v* -jobs: - release: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v2 - - name: Run release script - env: - TAG_NAME: ${{ github.ref_name }} - SM_API_KEY: ${{ secrets.SM_API_KEY }} - SM_CLIENT_CERT_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }} - run: | - echo "${{ secrets.SM_CLIENT_PKC12_CERT }}" > secret.txt - echo "SM_CLIENT_CERT_FILE=$(pwd)/secret.txt" >> $GITHUB_ENV - make release diff --git a/.gitignore b/.gitignore index d8bd19d9..eccf4992 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,16 @@ +# goreleaser build path dist/ + +# Mac & VSCode files .idea/ .DS_Store +# any terraform state files that you may have created running tests +# or terraform directly to test. .tfstate +# the gh releaser, downloaded in release.sh github-release + +# go mod vendor folder +vendor diff --git a/.goreleaser.local.yml b/.goreleaser.local.yml new file mode 100644 index 00000000..00e116c5 --- /dev/null +++ b/.goreleaser.local.yml @@ -0,0 +1,15 @@ +# +# GoRelease instructions for local builds +# +project_name: launchpad +builds: +- env: + - CGO_ENABLED=0 + mod_timestamp: '{{ .CommitTimestamp }}' + flags: + - -trimpath + ldflags: + - -X github.com/Mirantis/mcc/version.Environment=development + - -X github.com/Mirantis/mcc/version.GitCommit={{ .FullCommit }} + - -X github.com/Mirantis/mcc/version.Version={{ .Version }} + binary: '{{ .ProjectName }}' diff --git a/.goreleaser.build.yml b/.goreleaser.release.yml similarity index 76% rename from .goreleaser.build.yml rename to .goreleaser.release.yml index eef444c8..c5cc4032 100644 --- a/.goreleaser.build.yml +++ b/.goreleaser.release.yml @@ -15,16 +15,15 @@ builds: flags: - -trimpath ldflags: - - -X github.com/Mirantis/mcc/version.Environment=Production - -X github.com/Mirantis/mcc/version.GitCommit={{ .FullCommit }} - - -X github.com/Mirantis/mcc/version.Version={{ .Tag }} + - -X github.com/Mirantis/mcc/version.Version={{ .Version }} goos: - - freebsd - - windows - linux - darwin + - windows + - freebsd goarch: - amd64 - arm64 no_unique_dist_dir: true - binary: 'artifacts/{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}_{{ .Version }}' + binary: 'release/{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}_{{ .Version }}' diff --git a/Jenkinsfile b/Jenkinsfile index d46c87ca..aa9a99aa 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,43 +1,95 @@ -launchpad_creds = [ - usernamePassword( - usernameVariable: 'GITHUB_USERNAME', - passwordVariable: 'GITHUB_TOKEN', - credentialsId : 'tools-github-up', - ), - usernamePassword( - usernameVariable: 'REGISTRY_USERNAME', - passwordVariable: 'REGISTRY_PASSWORD', - credentialsId : 'tools-dockerhub-up', - ), - string(credentialsId: 'common-digicert--api-key--secret-text', variable: 'SM_API_KEY'), - file(credentialsId: 'common-digicert--auth-pkcs12--file', variable: 'SM_CLIENT_CERT_FILE'), - string(credentialsId: 'common-digicert--auth-pkcs12-passphrase--secret-text', variable: 'SM_CLIENT_CERT_PASSWORD'), -] - pipeline { - agent none parameters { string( - defaultValue: 'v1.5.3', - name: 'TAG_NAME', + name: 'TAG_NAME', trim: true ) } + agent { + kubernetes { + yaml """\ +apiVersion: v1 +kind: Pod +spec: + imagePullSecrets: + - name: regcred-registry-mirantis-com + containers: + - name: jnlp + image: registry.mirantis.com/prodeng/ci-workspace:stable + imagePullPolicy: Always + resources: + requests: + cpu: "0.5" + memory: 128Mi + - name: goreleaser + image: goreleaser/goreleaser:latest + imagePullPolicy: Always + resources: + limits: + cpu: "4" + requests: + cpu: "4" + command: + - sleep + args: + - 99d + - name: digicert + image: registry.mirantis.com/prodeng/digicert-keytools-jsign:latest + imagePullPolicy: Always + resources: + requests: + cpu: "1" + memory: 4Gi + command: + - sleep + args: + - 99d +""".stripIndent() + } + } stages { stage('Release') { - agent { - label "linux && pod" - } steps { - withCredentials(launchpad_creds) { + container("goreleaser") { sh ( - label: "Executing 'make release'", + label: "build clean release", script: """ - make release + make build-release """ ) } + container("digicert") { + withCredentials([ + string(credentialsId: 'common-digicert--api-key--secret-text', variable: 'SM_API_KEY'), + file(credentialsId: 'common-digicert--auth-pkcs12--file', variable: 'SM_CLIENT_CERT_FILE'), + string(credentialsId: 'common-digicert--auth-pkcs12-passphrase--secret-text', variable: 'SM_CLIENT_CERT_PASSWORD'), + ]) { + sh ( + label: "signing release binaries (in digicert container)", + script: """ + make SIGN=./sign sign-release + """ + ) + } + } + container("jnlp") { + withCredentials([ + usernamePassword( + usernameVariable: 'GITHUB_USERNAME', + passwordVariable: 'GITHUB_TOKEN', + credentialsId : 'tools-github-up', + ), + ]) { + sh ( + label: "creating release", + script: """ + make checksum-release + ./release.sh + """ + ) + } + } } } } diff --git a/Makefile b/Makefile index d3e7f6c8..3099fbe3 100644 --- a/Makefile +++ b/Makefile @@ -1,31 +1,62 @@ -GIT_COMMIT = $(shell git rev-parse --short=7 HEAD) - -VOLUME_MOUNTS=-v "$(CURDIR):/v" -SIGN?=docker run --rm -i $(VOLUME_MOUNTS) -e SM_API_KEY -e SM_CLIENT_CERT_PASSWORD -e SM_CLIENT_CERT_FILE -v "$(SM_CLIENT_CERT_FILE):$(SM_CLIENT_CERT_FILE)" -w "/v" registry.mirantis.com/prodeng/digicert-keytools-jsign:latest sign - GO=$(shell which go) -ARTIFACTS_FOLDER=dist/artifacts +RELEASE_FOLDER=dist/release CHECKSUM=$(shell which sha256sum) CHECKSUM_FILE?=checksums.txt -GOLANGCI_LINT?=docker run -t --rm -v "$(CURDIR):/data" -w "/data" golangci/golangci-lint:latest golangci-lint +VOLUME_MOUNTS=-v "$(CURDIR):/v" +SIGN?=docker run --rm -i $(VOLUME_MOUNTS) -e SM_API_KEY -e SM_CLIENT_CERT_PASSWORD -e SM_CLIENT_CERT_FILE -v "$(SM_CLIENT_CERT_FILE):$(SM_CLIENT_CERT_FILE)" -w "/v" registry.mirantis.com/prodeng/digicert-keytools-jsign:latest sign -# "Signing Windows binaries" -sign-win: - for f in `find $(ARTIFACTS_FOLDER)/*.exe`; do echo $(SIGN) "$$f"; done +GOLANGCI_LINT?=docker run -t --rm -v "$(CURDIR):/data" -w "/data" golangci/golangci-lint:latest golangci-lint +.PHONY: clean clean: - rm -f dist + rm -fr dist + +# Sign release binaries (Windows) +# (build may need to be run in a separate make run) +.PHONY: sign-release +sign-release: $(RELEASE_FOLDER) + for f in `find $(RELEASE_FOLDER)/*.exe`; do echo $(SIGN) "$$f"; done + +# Force a clean build of the artifacts by first cleaning +# and then building +.PHONY: build-release +build-release: clean $(RELEASE_FOLDER) # build all the binaries for release, using goreleaser, but # don't use any of the other features of goreleaser - because # we need to use digicert to sign the binaries first, and # goreleaser doesn't allow for that (some pro features may # allow it in a round about way.) -build-release: - goreleaser build --clean --config=.goreleaser.build.yml +$(RELEASE_FOLDER): + goreleaser build --clean --config=.goreleaser.release.yml + +# clean out any existing release build +.PHONY: clean-release +clean-release: + rm -fr $(RELEASE_FOLDER) + +# write checksum files for the release artifacts +# (build may need to be run in a separate make run) +.PHONY: checksumm-release +checksum-release: $(RELEASE_FOLDER) + cd $(RELEASE_FOLDER) && rm -rf $(CHECKSUM_FILE) && $(CHECKSUM) * > $(CHECKSUM_FILE) + +# Local build of the plugin. This saves time building platforms that you +# won't test locally. To use it, find the path to your build binary path +# and alias it. +.PHONY: local +local: + GORELEASER_CURRENT_TAG="$(LOCAL_TAG)" goreleaser build --clean --single-target --skip=validate --snapshot --config .goreleaser.local.yml + +# run linting +.PHONY: lint +lint: + $(GOLANGCI_LINT) run + +# Testing related targets .PHONY: unit-test unit-test: @@ -43,20 +74,3 @@ smoke-full: clean-launchpad-chart: terraform -chdir=./examples/tf-aws/launchpad apply --auto-approve --destroy -checksum-release: build-release - cd $(ARTIFACTS_FOLDER) && rm -rf $(CHECKSUM_FILE) && $(CHECKSUM) * > $(CHECKSUM_FILE) - -# Local build of the plugin. This saves time building platforms that you -# won't test locally. To use it, find the path to your build binary path -# and alias it. -.PHONY: local -local: - GORELEASER_CURRENT_TAG="$(LOCAL_TAG)" goreleaser build --clean --single-target --skip=validate --snapshot --config .goreleaser.build.yml - -# run the Github release script after a buil -release: build-release sign-win checksum-release - ./release.sh - -.PHONY: lint -lint: - $(GOLANGCI_LINT) run diff --git a/release.sh b/release.sh index a9eec5af..f2561598 100755 --- a/release.sh +++ b/release.sh @@ -6,7 +6,7 @@ if [ -z "${TAG_NAME}" ]; then exit 1 fi -artifact_path="dist/artifacts" +artifact_path="dist/release" artifacts=$(find ${artifact_path}/* -exec basename {} \;) echo "Releasing with:" for artifact in ${artifacts}; do echo "- ${artifact}"; done @@ -44,7 +44,7 @@ do --file "${artifact_path}/${artifact}" done -if [ -z "$releaseopt"]; then +if [ -z "$releaseopt" ]; then echo "Creating release named ${TAG_NAME} in Launchpad repo" # Release to the public repo diff --git a/version/version.go b/version/version.go index 921b16c1..c7126fa2 100644 --- a/version/version.go +++ b/version/version.go @@ -20,7 +20,7 @@ var ( // GitCommit is set during the build. GitCommit = "HEAD" // Environment of the product, is set during the build. - Environment = "development" + Environment = "production" // GitHubRepo for the upgrade check. GitHubRepo = "Mirantis/launchpad"