Merge pull request #39 from iits-consulting/Ninja243-ppa-workflow

Build linux packages files and push to respective repos

.github/workflows/release.yml

@@ -89,6 +89,7 @@ jobs:
 
   aur-publish:
     runs-on: ubuntu-latest
+    needs: goreleaser
     steps:
       - uses: actions/checkout@v2
 
@@ -107,6 +108,168 @@ jobs:
           commit_message: "Bump to ${{ github.github_ref_name }}"
           ssh_keyscan_types: rsa,dsa,ecdsa,ed25519
 
+  apk-publish:
+    runs-on: ubuntu-latest
+    needs: goreleaser
+    container:
+      image: alpine:latest
+
+    steps:
+      - name: Get latest apks
+        uses: robinraju/[email protected]
+        with:
+          latest: true
+          fileName: "*.apk"
+
+      - name: Install dependencies
+        run: |
+          apk add alpine-sdk openssl
+
+      - name: Import keys
+        run: |
+          mkdir ~/.abuild
+          echo "$APK_PACKAGE_RSA" > ~/.abuild/abuild.rsa
+          openssl rsa -pubout -in ~/.abuild/abuild.rsa -out ~/.abuild/abuild.rsa.pub
+          echo "PACKAGER_PRIVKEY=\"~/.abuild/abuild.rsa\"" >> /etc/abuild.conf
+          cp ~/.abuild/abuild.rsa.pub /etc/apk/keys/
+        env:
+          APK_PACKAGE_RSA: ${{ secrets.APK_PACKAGE_RSA }}
+
+      - name: Make and sign apkindex
+        run: |
+          apk index -o APKINDEX.tar.gz *.apk
+          abuild-sign -k ~/.abuild/abuild.rsa APKINDEX.tar.gz
+
+      - name: Create repo structure
+        run: |
+          cp ~/.abuild/abuild.rsa.pub otc-auth.rsa.pub
+          echo -e "  # <img src='https://iits-consulting.de/wp-content/uploads/2021/08/iits-logo-2021-red-square-xl.png' width="150"/> otc-auth apk-repo \n This repo contains .apk files built from the [latest version of otc-auth](https://github.com/iits-consulting/otc-auth/releases).\n\n ## Usage \n \`\`\`bash \n apk add curl \n curl -SsL -o /etc/apk/keys/otc-auth.rsa.pub https://iits-consulting.github.io/apk-repo otc-auth.rsa.pub \n apk add otc-auth --repository='https://iits-consulting.github.io/apk-repo' \`\`\`" > README.md;
+
+      - name: Cleanup
+        run: |
+          rm -rf ~/.abuild
+
+      - name: Push to APK repo
+        uses: cpina/github-action-push-to-another-repository@main
+        env:
+          SSH_DEPLOY_KEY: ${{ secrets.APK_SSH_DEPLOY_KEY }}
+          API_TOKEN_GITHUB: ${{ secrets.API_TOKEN_GITHUB }}
+        with:
+          source-directory: .
+          destination-github-username: 'iits-consulting'
+          destination-repository-name: 'apk-repo'
+          user-email: [email protected]
+          target-branch: main
+
+  rpm-publish:
+    runs-on: ubuntu-latest
+    needs: goreleaser
+    container:
+      image: fedora:latest
+
+    steps:
+      - name: Get latest rpms
+        uses: robinraju/[email protected]
+        with:
+          latest: true
+          fileName: "*.rpm"
+
+      - name: Get dependencies
+        run: |
+          dnf install rpm-sign -y
+
+
+      - name: Generate keys
+        run: |
+          export GPG_TTY=`tty`;
+          echo "$GPG_PPA_PRIV_KEY" | base64 --decode | gpg --import --batch;
+          echo -e "pinentry-mode loopback \npassphrase ${GPG_PPA_PRIV_KEY_PASSPHRASE}" > ~/.gnupg/gpg.conf
+          echo -e "%_signature gpg \n%_gpg_name [email protected]" > /root/.rpmmacros
+          echo "Sanity check: $(cat /root/.rpmmacros)"
+          rpm --define "_gpg_name [email protected]" --addsign *.rpm
+          mkdir -p otc\-auth/packages
+          mv *.rpm otc\-auth/packages
+          cd otc\-auth/packages
+          createrepo .
+          gpg --detach-sign --armor --default-key "[email protected]" repodata/repomd.xml
+          gpg --armor --export "[email protected]" > KEY.gpg;
+          echo -e "[example-repo]\nname=Example Repo\nbaseurl=http://iits-consulting.github.io/rpm-repo/packages\nenabled=1\ngpgcheck=1\ngpgkey=http://iits-consulting.github.io/rpm-repo/KEY.gpg" > example.repo
+          cd ~
+          echo -e " # <img src='https://iits-consulting.de/wp-content/uploads/2021/08/iits-logo-2021-red-square-xl.png' width="150"/> otc-auth RPM Repo \n This repo contains .deb files built from the [latest version of otc-auth](https://github.com/iits-consulting/otc-auth/releases).\n\n ## Usage \n \`\`\`bash \n yum-config-manager --add-repo https://iits-consulting.github.io/rpm-repo.repo \n yum install -y hello-world \n \`\`\`" > README.md;
+        env:
+          GPG_PPA_PRIV_KEY: ${{ secrets.GPG_PPA_PRIV_KEY }}
+          GPG_PPA_PRIV_KEY_PASSPHRASE: ${{ secrets.GPG_PPA_PRIV_KEY_PASSPHRASE }}
+
+      - name: Push to RPM repo
+        uses: cpina/github-action-push-to-another-repository@main
+        env:
+          SSH_DEPLOY_KEY: ${{ secrets.RPM_SSH_DEPLOY_KEY }}
+          API_TOKEN_GITHUB: ${{ secrets.API_TOKEN_GITHUB }}
+        with:
+          source-directory: .
+          destination-github-username: 'iits-consulting'
+          destination-repository-name: 'rpm-repo'
+          user-email: [email protected]
+          target-branch: main
+
+  deb-publish:
+    runs-on: ubuntu-latest
+    needs: goreleaser
+    steps:
+      - name: Get latest debs
+        uses: robinraju/[email protected]
+        with:
+            latest: true
+            fileName: "*.deb"
+
+      - name: Create PPA repo structure
+        run: |
+          dpkg-scanpackages --multiversion . > Packages;
+          gzip -k -f Packages;
+          apt-ftparchive release . > Release;
+          echo "deb [signed-by=/etc/apt/trusted.gpg.d/otc-auth_ppa.gpg] https://iits-consulting.github.io/ppa/debian ./" > otc-auth.list
+          echo -e " # <img src='https://iits-consulting.de/wp-content/uploads/2021/08/iits-logo-2021-red-square-xl.png' width="150"/> otc-auth PPA \n This repo (based on the one [here](https://github.com/assafmo/ppa)) contains .deb files built from the [latest version of otc-auth](https://github.com/iits-consulting/otc-auth/releases).\n\n ## Usage \n \`\`\`bash \n sudo curl -SsL -o /etc/apt/trusted.gpg.d/otc-auth_ppa.gpg https://iits-consulting.github.io/ppa/debian/KEY.gpg \n sudo curl -SsL -o /etc/apt/sources.list.d/otc-auth.list https://iits-consulting.github.io/ppa/debian/otc-auth.list \n cat /etc/apt/trusted.gpg.d/otc-auth_ppa.gpg | gpg --dearmor | tee /etc/apt/trusted.gpg.d/otc-auth_ppa.gpg >/dev/null \n sudo apt update \n sudo apt install otc-auth \n \`\`\`" > README.md;
+
+      - name: Generate keys
+        run: |
+          export GPG_TTY=`tty`;
+          echo "$GPG_PPA_PRIV_KEY" | base64 --decode | gpg --import --batch;
+          gpg --armor --export "[email protected]" > KEY.gpg;
+          echo "Sanity Check: $(ls -la Release)"
+          echo -e "pinentry-mode loopback \npassphrase ${GPG_PPA_PRIV_KEY_PASSPHRASE}" > ~/.gnupg/gpg.conf
+          gpg --default-key "[email protected]" -abs -o - Release > Release.gpg;
+          gpg --default-key "[email protected]" --clearsign -o - Release > InRelease;
+          
+          sudo apt-get install -y debsigs 
+          for package in *.deb; do
+            debsigs --sign=origin --default-key="[email protected]" "$package"
+          done
+
+        env:
+          GPG_PPA_PRIV_KEY: ${{ secrets.GPG_PPA_PRIV_KEY }}
+          GPG_PPA_PRIV_KEY_PASSPHRASE: ${{ secrets.GPG_PPA_PRIV_KEY_PASSPHRASE }}
+
+      - name: Final cleanup
+        run: |
+          mkdir .debian
+          mv README.md .README.md
+          mv * .debian
+          mv .README.md README.md
+          mv .debian debian
+          rm ~/.gnupg/gpg.conf
+
+      - name: Push to PPA repo
+        uses: cpina/github-action-push-to-another-repository@main
+        env:
+          SSH_DEPLOY_KEY: ${{ secrets.SSH_DEPLOY_KEY }}
+          API_TOKEN_GITHUB: ${{ secrets.API_TOKEN_GITHUB }}
+        with:
+          source-directory: .
+          destination-github-username: 'iits-consulting'
+          destination-repository-name: 'ppa'
+          user-email: [email protected]
+          target-branch: main
+
   wikiupdate:
     runs-on: ubuntu-latest
     steps:

.gitignore

@@ -252,6 +252,11 @@ fabric.properties
 ### macOS ###
 # General
 .DS_Store
+
+# Files generated by JetBrains IDEs, e.g. IntelliJ IDEA
+.idea/
+*.iml
+dist/
 .AppleDouble
 .LSOverride
 
@@ -321,4 +326,5 @@ tags
 .history
 .ionide
 
-# End of https://www.toptal.com/developers/gitignore/api/go,goland+all,intellij+all,vim,emacs,macos,linux,visualstudiocode,git
+# End of https://www.toptal.com/developers/gitignore/api/go,goland+all,intellij+all,vim,emacs,macos,linux,visualstudiocode,git
+

.golangci.yaml

@@ -241,15 +241,14 @@ linters:
     - wastedassign # finds wasted assignment statements
     - whitespace # detects leading and trailing whitespace
     - godox # detects FIXME, TODO and other comment keywords
+    - interfacebloat # checks the number of methods inside an interface
 
     ## you may want to enable
     #- musttag # enforces field tags in (un)marshaled structs
-    #- decorder # checks declaration order and count of types, constants, variables and functions
     #- exhaustruct # [highly recommend to enable] checks if all structure fields are initialized
     #- gci # controls golang package import order and makes it always deterministic
     #- ginkgolinter # [if you use ginkgo/gomega] enforces standards of using ginkgo and gomega
     #- goheader # checks is file header matches to pattern
-    #- interfacebloat # checks the number of methods inside an interface
     #- ireturn # accept interfaces, return concrete types
     #- prealloc # [premature optimization, but can be used in some cases] finds slice declarations that could potentially be preallocated
     #- varnamelen # [great idea, but too many false positives] checks that the length of a variable's name matches its scope

.goreleaser.yaml

@@ -1,5 +1,63 @@
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+    # you may remove this if you don't need go generate
+    - go generate ./...
 builds:
   - id: otc-auth
     hooks:
       post:
-        - cmd: ./signOSX.sh {{ .Path }} {{ .Os }} {{ .Version }} {{ .Arch }}
+        - cmd: ./signOSX.sh {{ .Path }} {{ .Os }} {{ .Version }} {{ .Arch }}
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+
+archives:
+  - format: tar.gz
+    # this name template makes the OS and Arch compatible with the results of uname.
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
+    format_overrides:
+    - goos: windows
+      format: zip
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+
+# The lines beneath this are called `modelines`. See `:help modeline`
+# Feel free to remove those if you don't want/use them.
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj
+
+
+nfpms:
+  - id: foo
+    package_name: otc-auth
+    file_name_template: "{{ .ConventionalFileName }}"
+    vendor: "iits-consulting"
+    homepage: "https://github.com/iits-consulting/otc-auth"
+    maintainer: "[email protected]"
+    description: "Open Source CLI for the Open Telekom Cloud written in go"
+    license: GPL3.0
+    formats:
+      - apk
+      - deb
+      - rpm
+      - archlinux

Formula/otc-auth.rb

@@ -0,0 +1,26 @@
+# Adds the otc-auth project to homebrew
+class OtcAuth < Formula
+  desc "Open Source CLI for the Open Telekom Cloud written in go"
+  homepage "https://github.com/iits-consulting/otc-auth"
+
+  url "https://github.com/iits-consulting/otc-auth.git",
+      tag:      "v2.0.0",
+      revision: "86b76b04813ce94cfaacd95f8653f2fe13851a60"
+  license "GPLv3"
+  head "https://github.com/iits-consulting/otc-auth.git", branch: "main"
+
+  depends_on "bash" => :build
+  depends_on "coreutils" => :build
+  depends_on "go" => :build
+  uses_from_macos "rsync" => :build
+
+  def install
+    system "go", "build", "-ldflags", "-X main.version=#{version} -X main.date=#{Date.today}"
+    bin.install "./otc-auth"
+  end
+
+  test do
+    run_output = shell_output("#{bin}/otc-auth version 2>&1")
+    assert run_output.start_with?("OTC-Auth #{version}")
+  end
+end