Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revamp release automation #1250

Merged
merged 26 commits into from
Aug 14, 2023
Merged

Revamp release automation #1250

merged 26 commits into from
Aug 14, 2023

Commits on Aug 14, 2023

  1. release: outline release logic using GoReleaser

    This adds the base for releasing using GoReleaser going forward in a
    backwards compatible manner, which means:
    
    - Publishing of artifacts in the same formats as previous releases
    - Publishing of RPM and deb artifacts in the same formats as previous
      releases (although the metadata may need a bit of tweaking)
    
    In addition, it includes:
    
    - SBOM inclusion per binary artifact
    
    It still needs work around:
    
    - Artifact signing
    - SLSA compliance
    - Docker images
    - GitHub release
    - Changelog generation
    - GitHub Action workflow
    
    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    02de4a8 View commit details
    Browse the repository at this point in the history
  2. release: configure build of Docker images

    GoReleaser requires specifically crafted Dockerfiles as the build
    context is dynamically constructed.
    
    For more information, refer to https://goreleaser.com/errors/docker-build/#do
    and other documentation around Docker image templates and manifests.
    
    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    b5b3760 View commit details
    Browse the repository at this point in the history
  3. release: sign checksum file and images with cosign

    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    138d9fe View commit details
    Browse the repository at this point in the history
  4. release: enable GitHub native note generation

    This appears to be the best option at present to e.g. celebrate new
    contributors while also allowing things to be grouped by pull request
    label.
    
    For more information, see xrefs in patch.
    
    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    947979b View commit details
    Browse the repository at this point in the history
  5. release: add release configuration

    This still needs further configuration of at least the `.header` field.
    
    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    2186d1e View commit details
    Browse the repository at this point in the history
  6. release: publish container images to GHCR and Quay

    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    9907309 View commit details
    Browse the repository at this point in the history
  7. release: download modules and check dirty state

    Plus a tiny nit to not have to pass `--yes` to Cosign everywhere, and
    enabling of size reporting.
    
    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    22fb5f0 View commit details
    Browse the repository at this point in the history
  8. build: outline new release workflow

    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    10c827d View commit details
    Browse the repository at this point in the history
  9. release: remove stale Make target utilities

    These are no longer required, as they are now handled by GoReleaser
    or no longer under our control (`make_download_page.sh`).
    
    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    986a4c2 View commit details
    Browse the repository at this point in the history
  10. release: small nits

    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    12c6e3f View commit details
    Browse the repository at this point in the history
  11. release: refactor backwards compatible artifacts

    Which in turn solves the generation of the checksum file.
    
    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    cf05f48 View commit details
    Browse the repository at this point in the history
  12. release: extend timeout

    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    0411c7d View commit details
    Browse the repository at this point in the history
  13. release: further improve build flags

    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    31823b0 View commit details
    Browse the repository at this point in the history
  14. release: pin GoReleaser version

    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    30abe25 View commit details
    Browse the repository at this point in the history
  15. release: artifact, SBOM and container provenance

    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    0e585a1 View commit details
    Browse the repository at this point in the history
  16. release: backwards compatible tag fmt, changelog

    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    feb34a0 View commit details
    Browse the repository at this point in the history
  17. release: further solve backwards compatible names

    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    fe45a84 View commit details
    Browse the repository at this point in the history
  18. build: remove obsolete Dockerfiles

    These were only part of the release process, and now continue to exist
    in `.release/*`.
    
    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    feb7d43 View commit details
    Browse the repository at this point in the history
  19. release: tweak signature and certificate filenames

    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    3deb00e View commit details
    Browse the repository at this point in the history
  20. release: disable Go cache for workflow

    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    5276fcf View commit details
    Browse the repository at this point in the history
  21. release: improve release notes

    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    cd23b73 View commit details
    Browse the repository at this point in the history
  22. release: remove DockerHub release util script

    As it has been replaced with GoReleaser.
    
    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    bf884fa View commit details
    Browse the repository at this point in the history
  23. build: add release-snapshot Make target

    This allows you to run the release locally, without publishing or
    signing, against the current state of the repository.
    
    There are some more improvements I would like to make to the
    `Makefile` e.g., the deprecation of `golint` and the introduction of a
    `help` target. But they are out of scope for the current things I am
    working on.
    
    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    13794d7 View commit details
    Browse the repository at this point in the history
  24. docs: briefly outline release procedure

    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    8f2333c View commit details
    Browse the repository at this point in the history
  25. release: update GoReleaser to 1.20.0

    Which now allows us to set the `mod_timestamp` on universal binaries.
    
    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    cbcd73d View commit details
    Browse the repository at this point in the history
  26. release: further improvements based on feedback

    - Describe difference between Debian (slim) and Alpine image
    - Add `-o text` flag to `cosign verify` example to print readable text
      instead of JSON blob
    - Fix typo in one of the `ghcr.io` domains
    - Use correct OCI annotation for image "title"
    
    Signed-off-by: Hidde Beydals <hidde@hhh.computer>
    hiddeco committed Aug 14, 2023
    Configuration menu
    Copy the full SHA
    79bbb22 View commit details
    Browse the repository at this point in the history