diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..b615b6b --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,28 @@ +name: build + +on: + push: + branches: ["master"] + pull_request: + branches: ["master"] + +permissions: + contents: read + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: 1.21 + cache: true + + - name: Build + run: go build -v ./... + + - name: Test + run: go test -v ./... diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml deleted file mode 100644 index 8c24059..0000000 --- a/.github/workflows/go.yml +++ /dev/null @@ -1,28 +0,0 @@ -# This workflow will build a golang project -# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go - -name: Go - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - -jobs: - - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version: '1.21' - - - name: Build - run: go build -v ./... - - - name: Test - run: go test -v ./... diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..f0cf61c --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,36 @@ +# +# Releaser workflow setup +# https://goreleaser.com/ci/actions/ +# +name: release + +# run only on tags +on: + push: + tags: + - "v*" + +permissions: + contents: write # needed to write releases + id-token: write # needed for keyless signing + packages: write # needed for ghcr access + +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # this is important, otherwise it won't checkout the full tree (i.e. no previous tags) + - uses: actions/setup-go@v4 + with: + go-version: 1.21 + cache: true + - uses: sigstore/cosign-installer@v3.1.2 # installs cosign + - uses: anchore/sbom-action/download-syft@v0.14.3 # installs syft + - uses: goreleaser/goreleaser-action@v5 # run goreleaser + with: + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..849ddff --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +dist/ diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000..cb46f21 --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,59 @@ +project_name: prometheus-net-discovery + +# setups builds for linux and darwin on amd64 and arm64 +# https://goreleaser.com/customization/build +builds: + - env: + - CGO_ENABLED=0 + goos: + - linux + goarch: + - amd64 + # ensures mod timestamp to be the commit timestamp + mod_timestamp: "{{ .CommitTimestamp }}" + flags: + # trims path + - -trimpath + ldflags: + # use commit date instead of current date as main.date + # only needed if you actually use those things in your main package, otherwise can be ignored. + - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{ .CommitDate }} + +# proxies from the go mod proxy before building +# https://goreleaser.com/customization/gomod +gomod: + proxy: true + +# config the checksum filename +# https://goreleaser.com/customization/checksum +checksum: + name_template: "checksums.txt" + +# create a source tarball +# https://goreleaser.com/customization/source/ +source: + enabled: true + +# creates SBOMs of all archives and the source tarball using syft +# https://goreleaser.com/customization/sbom +sboms: + - artifacts: archive + - id: source # Two different sbom configurations need two different IDs + artifacts: source + +# signs the checksum file +# all files (including the sboms) are included in the checksum, so we don't need to sign each one if we don't want to +# https://goreleaser.com/customization/sign +signs: + - cmd: cosign + env: + - COSIGN_EXPERIMENTAL=1 + certificate: "${artifact}.pem" + args: + - sign-blob + - "--output-certificate=${certificate}" + - "--output-signature=${signature}" + - "${artifact}" + - "--yes" # needed on cosign 2.0.0+ + artifacts: checksum + output: true