Merge pull request #85 from authzed/goreleaser

Adds a goreleaser workflow
authzed · Mar 19, 2024 · 570b7d4 · 570b7d4
2 parents a9fba13 + 6e6f198
commit 570b7d4
Show file tree

Hide file tree

Showing 3 changed files with 134 additions and 2 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,57 @@
+---
+name: "Release"
+on:  # yamllint disable-line rule:truthy
+  push:
+    tags:
+      - "*"
+permissions:
+  contents: "write"
+  packages: "write"
+jobs:
+  goreleaser:
+    runs-on: "ubuntu-latest"
+    env:
+      KUSTOMIZER_ARTIFACT: "oci://ghcr.io/${{github.repository_owner}}/${{github.event.repository.name}}-manifests"
+    steps:
+      - uses: "actions/checkout@v3"
+        with:
+          fetch-depth: 0
+      - uses: "authzed/actions/setup-go@main"
+      - uses: "authzed/actions/docker-login@main"
+        with:
+          github_token: "${{ secrets.GITHUB_TOKEN }}"
+      # the release directory is gitignored, which keeps goreleaser from
+      # complaining about a dirty tree
+      - name: "Copy manifests to release directory"
+        run: |
+          mkdir release
+          cp -R deploy release
+      - name: "Set operator image in release manifests"
+        uses: "mikefarah/yq@master"
+        with:
+          cmd: |
+            yq eval '.images[0].newName="ghcr.io/${{github.repository_owner}}/${{github.event.repository.name}}"' -i ./release/deploy/kustomization.yaml
+            yq eval '.images[0].newTag="${{ github.ref_name }}"' -i ./release/deploy/kustomization.yaml
+      - name: "Build release bundle.yaml"
+        uses: "karancode/kustomize-github-action@master"
+        with:
+          kustomize_build_dir: "release/deploy"
+          kustomize_output_file: "release/bundle.yaml"
+      - uses: "goreleaser/goreleaser-action@v2"
+        with:
+          distribution: "goreleaser-pro"
+          version: "latest"
+          args: "release --rm-dist"
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          GORELEASER_KEY: "${{ secrets.GORELEASER_KEY }}"
+      - name: "Setup Kustomizer CLI"
+        uses: "stefanprodan/kustomizer/action@main"
+      - name: "Push release manifests"
+        run: |
+          kustomizer push artifact ${KUSTOMIZER_ARTIFACT}:${{ github.ref_name }} -k ./release/deploy \
+            --source=${{ github.repositoryUrl }} \
+            --revision="${{ github.ref_name }}/${{ github.sha }}"
+      - name: "Tag latest release manifests"
+        run: |
+          kustomizer tag artifact ${KUSTOMIZER_ARTIFACT}:${GITHUB_REF_NAME} latest
diff --git a/.gitignore b/.gitignore
@@ -1,10 +1,12 @@
 *.kubeconfig
-/testbin/
+dist/
+testbin/
+release/
 /**/apiserver.local.config/
 client-ca.crt
 client-cert.crt
 client-key.crt
 *__failpoint_*.go
 *.go__failpoint*
 *.sqlite
-magefiles/mage_output_file.go
+magefiles/mage_output_file.go
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -0,0 +1,73 @@
+---
+builds:
+  - main: "./cmd/spicedb-kubeapi-proxy"
+    env:
+      - "CGO_ENABLED=0"
+    goos:
+      - "linux"
+      - "windows"
+      - "darwin"
+    goarch:
+      - "amd64"
+      - "arm64"
+    mod_timestamp: "{{ .CommitTimestamp }}"
+    ldflags:
+      - "-s -w"
+      - "-X github.com/jzelinskie/cobrautil.Version={{ .Version }}"
+kos:
+  - repository: ghcr.io/autzhed/spicedb-kubeapi-proxy
+    tags:
+      - 'v{{.Version}}'
+      - latest
+    bare: true
+    preserve_import_paths: false
+    platforms:
+      - linux/amd64
+      - linux/arm64
+checksum:
+  name_template: "checksums.txt"
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  use: "github-native"
+  sort: "asc"
+release:
+  prerelease: "auto"
+  extra_files:
+    - glob: "release/bundle.yaml"
+  footer: |
+    > [!NOTE]
+    > Deploy manifests are still in alpha and may change in the future.
+    > They install cert-manager manually and don't yet provide a simple
+    > way to get kubectl access to the proxy. We're working on it!
+    > Check out the scripts in `magefiles` to see the steps required to connect.
+    
+    ## Install with `kubectl`
+
+    ```yaml
+    kubectl apply --server-side -f https://github.com/authzed/spicedb-kubeapi-proxy/releases/download/v{{ .Version }}/bundle.yaml
+    ```
+
+    ## Include or modify this release in your own `kustomize` bundle
+
+    ```yaml
+    apiVersion: kustomize.config.k8s.io/v1beta1
+    kind: Kustomization
+    resources:
+      - https://github.com/authzed/spicedb-kubeapi-proxy/deploy?ref=v{{ .Version }}
+    images:
+      - name: authzed/spicedb-kubeapi-proxy:dev
+        newName: ghcr.io/authzed/spicedb-kubeapi-proxy
+        newTag: v{{ .Version }}
+    ```
+
+    ## Install with `kustomizer`
+    release manifests can be found at `oci://ghcr.io/authzed/spicedb-kubeapi-proxy-manifests:v{{ .Version }}` and can be installed or inspected with [kustomizer](https://kustomizer.dev/):
+
+    ```sh
+    kustomizer apply inventory spicedb-kubeapi-proxy --artifact oci://ghcr.io/authzed/spicedb-kubeapi-proxy-manifests:v{{ .Version }}
+    ```
+
+    ## Docker Images
+    This release's image is available at:
+    - `ghcr.io/authzed/spicedb-kubeapi-proxy:v{{ .Version }}`