rework build system to support CGO

for yubikey support we require CGO support. CGO on crosscompile is hard,
to avoid we build natively where suppported and disabled where not

since goreleaser does only support prebuilt archives in the pro version,
the brew publishing step had to be moved to a different github action

.github/workflows/build-artifacts-and-draft-release.yaml

@@ -0,0 +1,82 @@
+name: Build release artifacts and draft release
+
+on:
+  push:
+    tags:
+      - "*.*.*"
+
+jobs:
+  build-binary:
+    strategy:
+      matrix:
+        platform: [ubuntu-latest, macos-latest, windows-latest]
+    runs-on: ${{ matrix.platform }}
+    steps:
+        - uses: actions/checkout@v4
+          with:
+            fetch-depth: 0
+        - uses: actions/setup-go@v5
+          with:
+            go-version: 1.22
+            check-latest: true
+            cache: true
+        - if: ${{ matrix.platform == 'ubuntu-latest' }}
+          name: Install dependencies
+          run: |
+            sudo apt-get update
+            sudo apt-get install gcc-multilib
+        - name: Build
+          uses: goreleaser/goreleaser-action@v5
+          with:
+            args: release --skip=publish --config .goreleaser-${{ matrix.platform }}.yaml
+        - name: Upload
+          uses: actions/upload-artifact@v4
+          with:
+            name: ${{ matrix.platform }}-binary
+            path: dist/clisso*
+            retention-days: 2
+
+  draft-release:
+    needs: [build-binary]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+            fetch-depth: 0
+      - uses: actions/setup-go@v5
+        with:
+          go-version: 1.22
+          check-latest: true
+          cache: true
+      - name: Make directories
+        run: |
+          mkdir -p ./release/linux
+          mkdir -p ./release/darwin
+          mkdir -p ./release/windows
+      - name: Download linux binaries
+        uses: actions/download-artifact@v4
+        with:
+          name: ubuntu-latest-binary
+          path: ./release/linux
+      - name: Download MacOS binaries
+        uses: actions/download-artifact@v4
+        with:
+          name: macos-latest-binary
+          path: ./release/darwin
+      - name: Download windows binaries
+        uses: actions/download-artifact@v4
+        with:
+          name: windows-latest-binary
+          path: ./release/windows
+      - name: Merge checksum file
+        run: |
+          cd ./release
+          find .
+          find . -name "clisso*checksums.txt" -exec sh -c 'cat {} >> checksums.txt' \;
+          find . -name "clisso*checksums.txt" -delete
+      - name: Release
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          args: release --config .goreleaser-release.yaml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/homebrew-release.yaml

@@ -0,0 +1,50 @@
+# .github/workflows/release.yml
+# Start Homebrew Releaser when a new GitHub release is created
+name: Update Homebrew Tap
+on:
+  release:
+    types: [published]
+
+jobs:
+  homebrew-releaser:
+    runs-on: ubuntu-latest
+    name: homebrew-releaser
+    steps:
+      - name: Release my project to my Homebrew tap
+        uses: Justintime50/homebrew-releaser@v1
+        with:
+          # The name of the homebrew tap to publish your formula to as it appears on GitHub.
+          # Required - strings
+          homebrew_owner: allcloud-io
+          homebrew_tap: homebrew-tools
+
+          # The name of the folder in your homebrew tap where formula will be committed to.
+          # Default is shown - string
+          formula_folder: .
+
+          # The Personal Access Token (saved as a repo secret) that has `repo` permissions for the repo running the action AND Homebrew tap you want to release to.
+          # Required - string
+          github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+
+          # Custom install command for your formula.
+          # Required - string
+          install: 'bin.install "clisso"'
+
+          # Adds URL and checksum targets for different OS and architecture pairs. Using this option assumes
+          # a tar archive exists on your GitHub repo with the following URL pattern (this cannot be customized):
+          # https://github.com/{GITHUB_OWNER}/{REPO_NAME}/releases/download/{TAG}/{REPO_NAME}-{VERSION}-{OPERATING_SYSTEM}-{ARCHITECTURE}.tar.gz'
+          # Darwin AMD pre-existing path example: https://github.com/justintime50/myrepo/releases/download/v1.2.0/myrepo-1.2.0-darwin-amd64.tar.gz
+          # Linux ARM pre-existing path example: https://github.com/justintime50/myrepo/releases/download/v1.2.0/myrepo-1.2.0-linux-arm64.tar.gz
+          # Optional - booleans
+          target_darwin_amd64: true
+          target_darwin_arm64: true
+          target_linux_amd64: true
+          target_linux_arm64: true
+
+          # Skips committing the generated formula to a homebrew tap (useful for local testing).
+          # Default is shown - boolean
+          skip_commit: false
+
+          # Logs debugging info to console.
+          # Default is shown - boolean
+          debug: false

.gitignore

@@ -12,4 +12,5 @@ steps_output.txt
 bottle_output.txt
 
 dist/
-clisso.yaml
+clisso.yaml
+release/

.goreleaser-macos-latest.yaml

@@ -0,0 +1,33 @@
+project_name: clisso
+before:
+  hooks:
+    - go mod tidy
+
+builds:
+  - id: macos-amd64
+    binary: clisso
+    env:
+      - CGO_ENABLED=1
+    goos:
+      - darwin
+    goarch:
+      - "amd64"
+    # hooks:
+    #   post: gon gon-amd64.json
+  - id: macos-arm64
+    binary: clisso
+    env:
+      - CGO_ENABLED=1
+    goos:
+      - darwin
+    goarch:
+      - "arm64"
+    # hooks:
+    #   post: gon gon-arm64.json
+
+archives:
+  - format: tar.gz
+    name_template: "{{ .ProjectName }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
+
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"

.goreleaser-release.yaml

@@ -0,0 +1,15 @@
+builds:
+  - skip: true
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"
+release:
+  draft: true
+  mode: append
+  extra_files:
+    - glob: ./release/**/*
+    - glob: ./release/checksums.txt
+  name_template: "Release {{.Tag}}"

.goreleaser-ubuntu-latest.yaml

@@ -0,0 +1,45 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+project_name: clisso
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+    # you may remove this if you don't need go generate
+    - go generate ./...
+builds:
+  - id: linux
+    binary: clisso
+    env:
+      - CGO_ENABLED=1
+    goos:
+      - linux
+    goarch:
+      - "amd64"
+      - "386"
+
+  # The build-chain does not support CGO for ARM64 on Linux
+  - id: unsupported-cgo
+    binary: clisso
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+    goarch:
+      - "arm64"
+    goarm:
+      - "6"
+      - "7"
+
+archives:
+  - format: tar.gz
+    name_template: "{{ .ProjectName }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
+
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'

.goreleaser-windows-latest.yaml

@@ -0,0 +1,45 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+project_name: clisso
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+    # you may remove this if you don't need go generate
+    - go generate ./...
+builds:
+  - id: windows
+    binary: clisso
+    env:
+      - CGO_ENABLED=1
+    goos:
+      - windows
+    goarch:
+      - "amd64"
+
+  # The build-chain does not support CGO for ARM64 and 386 on Windows
+  - id: unsupported-cgo
+    binary: clisso
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - windows
+    goarch:
+      - "arm64"
+      - "386"
+    goarm:
+      - "6"
+      - "7"
+
+archives:
+  - format: zip
+    name_template: "{{ .ProjectName }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
+
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'

.goreleaser.yaml

@@ -11,7 +11,7 @@ builds:
   - id: other
     binary: clisso
     env:
-      - CGO_ENABLED=0
+      - CGO_ENABLED=1
     goos:
       - linux
       - windows
@@ -20,6 +20,8 @@ builds:
       - "7"
   - id: macos-amd64
     binary: clisso
+    env:
+      - CGO_ENABLED=1
     goos:
       - darwin
     goarch:
@@ -28,6 +30,8 @@ builds:
     #   post: gon gon-amd64.json
   - id: macos-arm64
     binary: clisso
+    env:
+      - CGO_ENABLED=1
     goos:
       - darwin
     goarch:

README.md

@@ -290,7 +290,7 @@ To save the credentials to a custom file, use the `--output` flag with a custom
 To print the credentials to the shell instead of storing them in a file, use the `--output environment` flag. This
 will output shell commands which can be pasted in any shell to use the credentials.
 
-To select a specific MFA device by name instead of choosing from a list, use the `-m` flag. The 
+To select a specific MFA device by name instead of choosing from a list, use the `-m` flag. The
 configuration field `global.mfa-device` may also be set.
 
 ### Running as `credential_process`
@@ -347,9 +347,9 @@ AWS recommends using [regional STS endpoints](https://docs.aws.amazon.com/sdkref
 
 To use a regional endpoint, specify the region via the `global.aws-region` field in the config file. A per app configuration using `apps.<app>.aws-region` is also possible.
 
-## YubiKey Autodetection
+## YubiKey Auto Detection
 
-YubiKey Autodetection is available for the OneLogin provider. To enable this feature set the `global.autodetect-yubikey` field to `true`. Clisso will look at attached USB devices and automatically select the YubiKey as an MFA device if it is available. 
+YubiKey Auto Detection is available for the OneLogin provider. To enable this feature set the `global.autodetect-yubikey` field to `true`. Clisso will look at attached USB devices and automatically select the YubiKey as an MFA device if it is available. The feature is only available for OneLogin providers and will not work with Okta. The released binaries only support it on macOS (arm64 and amd64), Windows (amd64), and Linux (amd64). If you need support for other platforms, you will have to build Clisso from source.
 
 ## Caveats and Limitations
 
@@ -379,6 +379,12 @@ else
     eval $(echo "$(/lib/cryptsetup/askpass 'Password: ')" | gnome-keyring-daemon --unlock);
 fi
 ```
+
+### YubiKey Auto Detection is not working
+
+YubiKey Auto Detection is only available for OneLogin providers. Make sure that the `global.autodetect-yubikey` field is set to `true` in the config file.
+Additionally, the feature is only available on macOS (arm64 and amd64), Windows (amd64), and Linux (amd64) in the released binaries. If you need support for other platforms, you will have to build Clisso from source.
+
 ## Contributing
 
 TODO

onelogin/get.go

@@ -21,8 +21,8 @@ import (
 	"github.com/allcloud-io/clisso/spinner"
 	"github.com/allcloud-io/clisso/yubikey"
 	"github.com/icza/gog"
-	"github.com/spf13/viper"
 	"github.com/sirupsen/logrus"
+	"github.com/spf13/viper"
 )
 
 const (
@@ -171,7 +171,7 @@ func Get(app, provider, pArn, awsRegion string, duration int32, interactive bool
 		st := rSaml.StateToken
 
 		devices := rSaml.Devices
-    log.Log.WithField("Devices", devices).Trace("Devices returned by GenerateSamlAssertion")
+		log.Log.WithField("Devices", devices).Trace("Devices returned by GenerateSamlAssertion")
 
 		deviceOpts := NewDeviceOptions()