🐛 build mondoo package

.github/workflows/build_mondoo_pkgs.yaml

@@ -0,0 +1,85 @@
+name: "Build Mondoo Package (Testing)"
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version that should be released'
+        required: true
+        default: '9.0.0'
+
+jobs:
+  build-mondoo-payloads:
+    runs-on: ubuntu-latest
+    env:
+      VERSION: ${{ github.event.inputs.version }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Create destination folder
+        run: |
+          cd  helper
+          mkdir packages  
+        #   cp mondoo.sh  packages/
+        #   cp mondoo.ps1 packages/
+
+      - name: Install RPM tools
+        run: |
+          sudo apt update && sudo apt install -y rpm gpg
+
+      - name: Authenticate with GCloud
+        uses: 'google-github-actions/auth@v1'
+        with:
+          credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
+
+      - name: Setup GCloud SDK
+        uses: 'google-github-actions/setup-gcloud@v1'
+
+      - name: Download Signing Keys
+        env:
+          KEY_PATH: ${{ runner.temp }}
+        run: |
+          gcloud --project=mondoo-base-infra secrets versions access latest --secret=gpg-package-signing-cert-public-2023 --out-file=${KEY_PATH}/public.gpg
+          gpg --import ${KEY_PATH}/public.gpg
+          gcloud --project=mondoo-base-infra secrets versions access latest --secret=gpg-package-signing-cert-private-2023 --out-file=${KEY_PATH}/private.gpg
+          gpg --import --allow-secret-key-import ${KEY_PATH}/private.gpg
+
+      - name: Check GPG Keys
+        run: |
+          gpg --list-keys
+          gpg --list-secret-keys
+
+      - name: Build Packages
+        env: 
+          VERSION: ${{ github.event.inputs.version }}
+        run: |
+          cd helper && make
+
+      - name: Sign RPMs
+        run: |
+          cd helper/
+          rpmsign --define='%_gpg_name Mondoo Inc' --addsign ./packages/*rpm
+
+      - name: Generate Checksums
+        run: |
+          cd helper/packages
+          sha256sum *linux* > checksums.linux.txt
+          sha256sum *windows* > checksums.windows.txt
+          sha256sum *darwin* > checksums.macos.txt
+
+      - name: Upload files to releases.mondoo.com
+        run: |
+          gsutil cp -r helper/packages/* gs://releases-us.mondoo.io/mondoo/${VERSION}/
+
+      - name: Upload files to GitHub Release Page
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: ${{ github.event.inputs.version }}
+          files: helper/packages/*
+
+      - name: Create Artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: mondoo-${{ github.event.inputs.version }}
+          path: helper/packages/
+          retention-days: 7

.github/workflows/release_mondoo_pkgs.yaml

@@ -0,0 +1,128 @@
+name: "Create mondoo meta-package"
+
+on:
+  release:
+    types: [released]
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version that should be released'
+        required: true
+        default: '1.2.3'
+
+jobs:
+  build-mondoo-payloads:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Version from Workflow Dispatch
+        if: github.event_name == 'workflow_dispatch'
+        run: |
+          echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
+      - name: Version from Release Tag
+        if: github.event_name == 'release'
+        run: |
+          echo "VERSION=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
+      - name: Verify valid version
+        id: version
+        run: |
+          if [[ ! $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "Invalid version: $VERSION"
+            exit 1
+          fi
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+      - name: Create destination folder
+        run: |
+          cd  helper
+          mkdir packages
+        #   cp mondoo.sh  packages/
+        #   cp mondoo.ps1 packages/
+      - name: Install RPM tools
+        run: |
+          sudo apt update && sudo apt install -y rpm gpg
+      - name: Authenticate with GCloud
+        uses: 'google-github-actions/auth@v1'
+        with:
+          credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
+
+      - name: Setup GCloud SDK
+        uses: 'google-github-actions/setup-gcloud@v1'
+
+      - name: Download Signing Keys
+        env:
+          KEY_PATH: ${{ runner.temp }}
+        run: |
+          gcloud --project=mondoo-base-infra secrets versions access latest --secret=gpg-package-signing-cert-public-2023 --out-file=${KEY_PATH}/public.gpg
+          gpg --import ${KEY_PATH}/public.gpg
+          gcloud --project=mondoo-base-infra secrets versions access latest --secret=gpg-package-signing-cert-private-2023 --out-file=${KEY_PATH}/private.gpg
+          gpg --import --allow-secret-key-import ${KEY_PATH}/private.gpg
+      - name: Check GPG Keys
+        run: |
+          gpg --list-keys
+          gpg --list-secret-keys
+      - name: Build Packages
+        run: |
+          cd helper && make
+      - name: Sign RPMs
+        run: |
+          cd helper/
+          rpmsign --define='%_gpg_name Mondoo Inc' --addsign ./packages/*rpm
+      - name: Generate Checksums
+        run: |
+          cd helper/packages
+          sha256sum *linux* > checksums.linux.txt
+          sha256sum *windows* > checksums.windows.txt
+          sha256sum *darwin* > checksums.macos.txt
+      - name: Upload files to releases.mondoo.com
+        run: |
+          gsutil cp -r helper/packages/* gs://releases-us.mondoo.io/mondoo/${VERSION}/
+      - name: Upload files to GitHub Release Page
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: ${{ steps.version.outputs.version }}
+          files: helper/packages/*
+
+      - name: Reindex folder on releaser.mondoo.com
+        uses: peter-evans/repository-dispatch@v2
+        with:
+          token: ${{ secrets.REPO_API_TOKEN }}
+          repository: "mondoohq/releasr"
+          event-type: reindex
+          client-payload: '{
+              "reindex-path": "mondoo/${{ steps.version.outputs.version }}",
+              "bucket": "releases-us.mondoo.io"
+            }'
+
+      - name: Create Artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: mondoo-${{ steps.version.outputs.version }}
+          path: helper/packages/
+          retention-days: 7
+
+  update-downstream:
+    runs-on: ubuntu-latest
+    needs: build-mondoo-payloads
+    ## Matrix task, repeats steps for each repo
+    strategy:
+      matrix:
+        repo: ["mondoohq/repobuilder"]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Repository Dispatch (Workflow Dispatch)
+        uses: peter-evans/repository-dispatch@v2
+        if: github.event_name == 'workflow_dispatch'
+        with:
+          token: ${{ secrets.REPO_API_TOKEN }}
+          repository: ${{ matrix.repo }}
+          event-type: update
+          client-payload: '{"version": "${{ github.event.inputs.version }}"}'
+      - name: Repository Dispatch (Release)
+        uses: peter-evans/repository-dispatch@v2
+        if: github.event_name == 'release'
+        with:
+          token: ${{ secrets.REPO_API_TOKEN }}
+          repository: ${{ matrix.repo }}
+          event-type: update
+          client-payload: '{"version": "${{ github.event.release.tag_name }}"}'