diff --git a/.github/workflows/build-artifacts-and-draft-release.yaml b/.github/workflows/build-artifacts-and-draft-release.yaml new file mode 100644 index 0000000..5a9f18a --- /dev/null +++ b/.github/workflows/build-artifacts-and-draft-release.yaml @@ -0,0 +1,82 @@ +name: Build release artifacts and draft release + +on: + push: + tags: + - "*.*.*" + +jobs: + build-binary: + strategy: + matrix: + platform: [ubuntu-latest, macos-latest, windows-latest] + runs-on: ${{ matrix.platform }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - uses: actions/setup-go@v5 + with: + go-version: 1.22 + check-latest: true + cache: true + - if: ${{ matrix.platform == 'ubuntu-latest' }} + name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install gcc-multilib + - name: Build + uses: goreleaser/goreleaser-action@v5 + with: + args: release --skip=publish --config .goreleaser-${{ matrix.platform }}.yaml + - name: Upload + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.platform }}-binary + path: dist/clisso* + retention-days: 2 + + draft-release: + needs: [build-binary] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - uses: actions/setup-go@v5 + with: + go-version: 1.22 + check-latest: true + cache: true + - name: Make directories + run: | + mkdir -p ./release/linux + mkdir -p ./release/darwin + mkdir -p ./release/windows + - name: Download linux binaries + uses: actions/download-artifact@v4 + with: + name: ubuntu-latest-binary + path: ./release/linux + - name: Download MacOS binaries + uses: actions/download-artifact@v4 + with: + name: macos-latest-binary + path: ./release/darwin + - name: Download windows binaries + uses: actions/download-artifact@v4 + with: + name: windows-latest-binary + path: ./release/windows + - name: Merge checksum file + run: | + cd ./release + find . + find . -name "clisso*checksums.txt" -exec sh -c 'cat {} >> checksums.txt' \; + find . -name "clisso*checksums.txt" -delete + - name: Release + uses: goreleaser/goreleaser-action@v5 + with: + args: release --config .goreleaser-release.yaml + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/homebrew-release.yaml b/.github/workflows/homebrew-release.yaml new file mode 100644 index 0000000..c3431fc --- /dev/null +++ b/.github/workflows/homebrew-release.yaml @@ -0,0 +1,50 @@ +# .github/workflows/release.yml +# Start Homebrew Releaser when a new GitHub release is created +name: Update Homebrew Tap +on: + release: + types: [published] + +jobs: + homebrew-releaser: + runs-on: ubuntu-latest + name: homebrew-releaser + steps: + - name: Release my project to my Homebrew tap + uses: Justintime50/homebrew-releaser@v1 + with: + # The name of the homebrew tap to publish your formula to as it appears on GitHub. + # Required - strings + homebrew_owner: allcloud-io + homebrew_tap: homebrew-tools + + # The name of the folder in your homebrew tap where formula will be committed to. + # Default is shown - string + formula_folder: . + + # The Personal Access Token (saved as a repo secret) that has `repo` permissions for the repo running the action AND Homebrew tap you want to release to. + # Required - string + github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + + # Custom install command for your formula. + # Required - string + install: 'bin.install "clisso"' + + # Adds URL and checksum targets for different OS and architecture pairs. Using this option assumes + # a tar archive exists on your GitHub repo with the following URL pattern (this cannot be customized): + # https://github.com/{GITHUB_OWNER}/{REPO_NAME}/releases/download/{TAG}/{REPO_NAME}-{VERSION}-{OPERATING_SYSTEM}-{ARCHITECTURE}.tar.gz' + # Darwin AMD pre-existing path example: https://github.com/justintime50/myrepo/releases/download/v1.2.0/myrepo-1.2.0-darwin-amd64.tar.gz + # Linux ARM pre-existing path example: https://github.com/justintime50/myrepo/releases/download/v1.2.0/myrepo-1.2.0-linux-arm64.tar.gz + # Optional - booleans + target_darwin_amd64: true + target_darwin_arm64: true + target_linux_amd64: true + target_linux_arm64: true + + # Skips committing the generated formula to a homebrew tap (useful for local testing). + # Default is shown - boolean + skip_commit: false + + # Logs debugging info to console. + # Default is shown - boolean + debug: false \ No newline at end of file diff --git a/.gitignore b/.gitignore index be336aa..9deed92 100644 --- a/.gitignore +++ b/.gitignore @@ -12,4 +12,5 @@ steps_output.txt bottle_output.txt dist/ -clisso.yaml \ No newline at end of file +clisso.yaml +release/ \ No newline at end of file diff --git a/.goreleaser-macos-latest.yaml b/.goreleaser-macos-latest.yaml new file mode 100644 index 0000000..70fd86d --- /dev/null +++ b/.goreleaser-macos-latest.yaml @@ -0,0 +1,33 @@ +project_name: clisso +before: + hooks: + - go mod tidy + +builds: + - id: macos-amd64 + binary: clisso + env: + - CGO_ENABLED=1 + goos: + - darwin + goarch: + - "amd64" + # hooks: + # post: gon gon-amd64.json + - id: macos-arm64 + binary: clisso + env: + - CGO_ENABLED=1 + goos: + - darwin + goarch: + - "arm64" + # hooks: + # post: gon gon-arm64.json + +archives: + - format: tar.gz + name_template: "{{ .ProjectName }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" + +snapshot: + name_template: "{{ incpatch .Version }}-next" \ No newline at end of file diff --git a/.goreleaser-release.yaml b/.goreleaser-release.yaml new file mode 100644 index 0000000..6ca7811 --- /dev/null +++ b/.goreleaser-release.yaml @@ -0,0 +1,15 @@ +builds: + - skip: true +changelog: + sort: asc + filters: + exclude: + - "^docs:" + - "^test:" +release: + draft: true + mode: append + extra_files: + - glob: ./release/**/* + - glob: ./release/checksums.txt + name_template: "Release {{.Tag}}" diff --git a/.goreleaser-ubuntu-latest.yaml b/.goreleaser-ubuntu-latest.yaml new file mode 100644 index 0000000..151e83f --- /dev/null +++ b/.goreleaser-ubuntu-latest.yaml @@ -0,0 +1,45 @@ +# This is an example .goreleaser.yml file with some sensible defaults. +# Make sure to check the documentation at https://goreleaser.com +project_name: clisso +before: + hooks: + # You may remove this if you don't use go modules. + - go mod tidy + # you may remove this if you don't need go generate + - go generate ./... +builds: + - id: linux + binary: clisso + env: + - CGO_ENABLED=1 + goos: + - linux + goarch: + - "amd64" + - "386" + + # The build-chain does not support CGO for ARM64 on Linux + - id: unsupported-cgo + binary: clisso + env: + - CGO_ENABLED=0 + goos: + - linux + goarch: + - "arm64" + goarm: + - "6" + - "7" + +archives: + - format: tar.gz + name_template: "{{ .ProjectName }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" + +snapshot: + name_template: "{{ incpatch .Version }}-next" +changelog: + sort: asc + filters: + exclude: + - '^docs:' + - '^test:' diff --git a/.goreleaser-windows-latest.yaml b/.goreleaser-windows-latest.yaml new file mode 100644 index 0000000..9f47b57 --- /dev/null +++ b/.goreleaser-windows-latest.yaml @@ -0,0 +1,45 @@ +# This is an example .goreleaser.yml file with some sensible defaults. +# Make sure to check the documentation at https://goreleaser.com +project_name: clisso +before: + hooks: + # You may remove this if you don't use go modules. + - go mod tidy + # you may remove this if you don't need go generate + - go generate ./... +builds: + - id: windows + binary: clisso + env: + - CGO_ENABLED=1 + goos: + - windows + goarch: + - "amd64" + + # The build-chain does not support CGO for ARM64 and 386 on Windows + - id: unsupported-cgo + binary: clisso + env: + - CGO_ENABLED=0 + goos: + - windows + goarch: + - "arm64" + - "386" + goarm: + - "6" + - "7" + +archives: + - format: zip + name_template: "{{ .ProjectName }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" + +snapshot: + name_template: "{{ incpatch .Version }}-next" +changelog: + sort: asc + filters: + exclude: + - '^docs:' + - '^test:' diff --git a/.goreleaser.yaml b/.goreleaser.yaml index e56a901..3dffc80 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -11,7 +11,7 @@ builds: - id: other binary: clisso env: - - CGO_ENABLED=0 + - CGO_ENABLED=1 goos: - linux - windows @@ -20,6 +20,8 @@ builds: - "7" - id: macos-amd64 binary: clisso + env: + - CGO_ENABLED=1 goos: - darwin goarch: @@ -28,6 +30,8 @@ builds: # post: gon gon-amd64.json - id: macos-arm64 binary: clisso + env: + - CGO_ENABLED=1 goos: - darwin goarch: diff --git a/README.md b/README.md index 8cbd943..0d59742 100644 --- a/README.md +++ b/README.md @@ -290,7 +290,7 @@ To save the credentials to a custom file, use the `--output` flag with a custom To print the credentials to the shell instead of storing them in a file, use the `--output environment` flag. This will output shell commands which can be pasted in any shell to use the credentials. -To select a specific MFA device by name instead of choosing from a list, use the `-m` flag. The +To select a specific MFA device by name instead of choosing from a list, use the `-m` flag. The configuration field `global.mfa-device` may also be set. ### Running as `credential_process` @@ -347,9 +347,9 @@ AWS recommends using [regional STS endpoints](https://docs.aws.amazon.com/sdkref To use a regional endpoint, specify the region via the `global.aws-region` field in the config file. A per app configuration using `apps..aws-region` is also possible. -## YubiKey Autodetection +## YubiKey Auto Detection -YubiKey Autodetection is available for the OneLogin provider. To enable this feature set the `global.autodetect-yubikey` field to `true`. Clisso will look at attached USB devices and automatically select the YubiKey as an MFA device if it is available. +YubiKey Auto Detection is available for the OneLogin provider. To enable this feature set the `global.autodetect-yubikey` field to `true`. Clisso will look at attached USB devices and automatically select the YubiKey as an MFA device if it is available. The feature is only available for OneLogin providers and will not work with Okta. The released binaries only support it on macOS (arm64 and amd64), Windows (amd64), and Linux (amd64). If you need support for other platforms, you will have to build Clisso from source. ## Caveats and Limitations @@ -379,6 +379,12 @@ else eval $(echo "$(/lib/cryptsetup/askpass 'Password: ')" | gnome-keyring-daemon --unlock); fi ``` + +### YubiKey Auto Detection is not working + +YubiKey Auto Detection is only available for OneLogin providers. Make sure that the `global.autodetect-yubikey` field is set to `true` in the config file. +Additionally, the feature is only available on macOS (arm64 and amd64), Windows (amd64), and Linux (amd64) in the released binaries. If you need support for other platforms, you will have to build Clisso from source. + ## Contributing TODO diff --git a/onelogin/get.go b/onelogin/get.go index 07df558..598846c 100644 --- a/onelogin/get.go +++ b/onelogin/get.go @@ -21,8 +21,8 @@ import ( "github.com/allcloud-io/clisso/spinner" "github.com/allcloud-io/clisso/yubikey" "github.com/icza/gog" - "github.com/spf13/viper" "github.com/sirupsen/logrus" + "github.com/spf13/viper" ) const ( @@ -171,7 +171,7 @@ func Get(app, provider, pArn, awsRegion string, duration int32, interactive bool st := rSaml.StateToken devices := rSaml.Devices - log.Log.WithField("Devices", devices).Trace("Devices returned by GenerateSamlAssertion") + log.Log.WithField("Devices", devices).Trace("Devices returned by GenerateSamlAssertion") deviceOpts := NewDeviceOptions()