From 0754030d0f34b74552c7ee54f92fbc42136d9057 Mon Sep 17 00:00:00 2001
From: sbailey <1661003+spbsoluble@users.noreply.github.com>
Date: Thu, 17 Aug 2023 09:52:24 -0700
Subject: [PATCH] feat(ci): Adding CI to build different architectures of the
plugin.
---
.github/dependabot.yml | 12 +++
.github/images/kf_logo.png | Bin 0 -> 3602 bytes
.../workflows/keyfactor-starter-workflow.yml | 43 +++++++++
.github/workflows/release.yml | 43 +++++++++
.goreleaser.yml | 86 ++++++++++++++++++
5 files changed, 184 insertions(+)
create mode 100644 .github/dependabot.yml
create mode 100644 .github/images/kf_logo.png
create mode 100644 .github/workflows/keyfactor-starter-workflow.yml
create mode 100644 .github/workflows/release.yml
create mode 100644 .goreleaser.yml
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..fa3ed22
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+# See GitHub's documentation for more information on this file:
+# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
+version: 2
+updates:
+ - package-ecosystem: "github-actions"
+ directory: "/"
+ schedule:
+ interval: "daily"
+ - package-ecosystem: "gomod"
+ directory: "/"
+ schedule:
+ interval: "daily"
\ No newline at end of file
diff --git a/.github/images/kf_logo.png b/.github/images/kf_logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..027e15ead76cb673ad0772596a804258e601476d
GIT binary patch
literal 3602
zcmX|^cRUpSAICXoCtNbl-YbWk3mHdt4jK8{B;yVpiIdI@QAU|(UnR3BPK3<NY!{Nf
zj&k;1{jPt0kI&=vc|AX$&+GAd|NV+LH#J~k0y9xjQLz{q>RM2InIa7aI?8TQSYbsm
z>HrG^9jb}}zBS50*Zn^u4+MfrhQbU~)X$Jqz<&{nz!XtY(cr16Xedto?+y?6|LZcI
z=KrkmFDRK3U``o|HPY3#3Z^FKhJLiRzS@$E2*0m`f{Kd37TaG6y$0w+KZ;9sxxT9%
zcZu#&EJr60WE+1!F3}i`H)P^*)=?=+XcS|PP3AU+FSKj7Mo?#`n0p$h6rK&vY)&?9
zU^eVd*8?`bCI@W(@?QB`y?NpAgj{oQGI5%_ONVLN&69%TDeHmMR@0OVh>ekhfkVn%
zh{4?@8XlQ@hXMnfV)!dkY|+=ZD6xTm;K>XcqU3aVf`!b5JSmV>P0P3nWCFgvq|PSw
zQi%e6Kcj$;0JKr&bOH<<-8>Xn@zDmTMFO;?Xjp+vO9>PR_$)-72agm=i=+q8KGdgx
zs{P9dQ+&(mO)#U~<=HEaBjh*VkY<8kplXEE^lu@rb@1?a(nIsm<@Uo0v%>j|jB{<F
zE2SJVRxbejrc$+Mzu|i$`OPJJ>ZhB3^<_6_OER8C!6Q+Y_;yBd;Cats{++eSor$E?
z^tXSlzTeWu!)v66gkwO?>{pa8R~DSu>>Z_$x7W9Bn&TZQV*nbl^@srbH?5+Y0**t+
z*wm{ZoT^kqb_M@RUu?w1YrlPxVRE`Pld7zpY1cU|QEw^bIiuBCVQ;c|y14Ci*!i|&
z)?%S88LN;DC54oh;0|-F!)3CcPyW}@tJC%X{oEFJQ9yPL%TTYa)cTKMK?vJ?wmr7$
zy^EG2whsE(Zeu@%fi%Bw&X~XV25APs0?EZhu4SY1<M&TBk}@9T`Xitl<+t9(mP3A&
z=}IOwf_?28<U@)c*UI2C57$AV{=J?=%@NMVliE?=F<lhv#w~-xcskZixvN||Euo~M
zTePy>m{EjXI8tFtV}Ja{n};_Pi_K@$yrZE(!tzE^T<>#N#fTLj<hf{5E<3s*4Ihy&
z=Dk|ex^6#r4Bc-iGJv`rnKAp`)gs8Da$y8N-Fv55sm&UF@n+x4_{H5)S|ygi_CCby
zQpROc=YHTpmqW^!HgD<~d+pwfjk-hqN>LGD2FtqaET6zU=C%sPdv)R4c+3kc&RHq4
znorZLty(KDW(%FGrrR;Sk@F}ckZ>B&oFh1qCjH#`YC%dz5ZU4A0dujI>!7e@i0)$X
z+qxb=sty}Vg+Q=gBoE@4rn=zTQRa#Xhzwjr!XF*H5=_(g90pwr5vL|E16JDVkddko
z2W4ryqwf3iMW0W*rk=Ul_?+u&r~Yy$r{~xD_z;##d9wVSt4a1*s~H|)TYr1|t3{!Y
z?Mmv*+r%)+iI@e&@Lsnv#w8yqj)D5k&XlQlm~%CqU?}`1H$2YQ_sQv@LG88@LSy&a
zQo0F#4b$)|>!4{+^C<+Aomy02@A1VEXgR3P-u>)GU&6#tFEtE!^1Ar|2utmhUiJ<1
z>R<5<5b<*G#nlF5qnFd^WFTp~;jrNzqL%ZXk3@O}qRb`ZTaaiHRN)hJPCt1`iGz^m
z);hd}YxIZPXMSJW)|BjPgyf4~2q?qy{O0e%tBtA73B@iVFVo*Bfy0N(O378FE(cw5
zYFy{CGHD8GH%sVn=^#t*{m@-cNZsq`IzC?^U9bzP6Z06x!R7MXSP1D|nvWI;X6HGe
z#xY}B=_fupK8RVPaUM9!QYXi|+;g<z#l202gNTZC4e!Ob+ygvPQLH!^I_*$l0G^DI
z|8P~2)?vW^t`<l{zCrRB<-liSVv?kyASf1*MS>}FB5Z=H3R(1+%I1_NvgvQnb-xJD
zjNKa$ZJ`NkQt)Vth|4jCz=u+??j`}!^}T$OgFK}tevS>!4&2!#i@7;Aab8&01-Nwy
z0fx>C8>Ic@m~=$NAeh0<>pxXv*p`QQUXwWn)4bfQI(tFB^2GSLn)9Quy;5NftI^4$
zznWZ@G9qc$REi>)t4>~d4mOezACHds{1ciUN67fBH?rYqg;Pj?Gop$Dnm}M-DBJ}6
zBCiuT=Y)UD9$PAK7S(#U#$WP|8tBAy;g-cO`T9jAHHV*cM3th@aF2HAuAY#|BthA1
zTrqvDlc4vJkjcQ-{nO2+1j1goOS&F9e9uUQ+rjDPajact;&u#w7c(`~ayINT_kkh_
zoK=5S(Ro+}Jj`7(5>}`^L;BemoLUWLj`~S%3-7Oz6H#<b*x)1HS!LQ{+wXv;3aw%N
zmg=Z2s-xmJL58CYk#7Z};)Jf{*TU)p=aQ}Hl*uyNL|Ca<B%w<JS3Er6rPvTQ2907&
z6sy~NyJ^Q^k(Foj*<9l1$&VdTvQgd0dc;V&+Gs4Tf7bN1#z*^?`<GCjCuXNafcg-7
z>%<Y!>C<h*YDog#JI6HJ-X!7gv{7?h)70j(_-7{~DLmId>HCm<Fp)i|q^fnS+}G7V
zCyG-ab52nG79?-Zc(j3gR;5vwpzXOK@8f6>QkKNca<Tr)UJzg!$7c^io8N^Y7Bf3B
zgU>yt*XhwIWtr*pG$`tP5==m5FOf(3xQBtCw{Xe+p!vd>U4D#y6v9$xvIIRp8Y3&?
z8|<tnul?x#Ksz@;Cr6ub!t%iD!yT|KW?wS>iwU`Q25XP9NU_N<m*5Y-zb|_G<29wH
z{P~W`A3SbNh!^SYdfhPrfFXb5OAW_qdd30jUf$8{E)cLAlDfc@D-1sbyFimxFti%^
z1;w*qIa^+@SDa20j~zIAO$B$D-}}EXRx_nxeSk9pp#7$5&v8a-1zFKMQDcm3P6jWK
zevorRM#+j8*9D|UE>VBi;HKkydA#?XKJF>obm(PmX~rPm;{aZ|v-a4h3k#<}?E1xE
z{$u%iBxzjdWa4}A_18Vq#D`S*nC-7)H}1w)mge;o-&ag64C^MHdL89eV+$%Tb1x0)
zH?gaZ7UfD-M0}oLc+G+<@iJpf0ccv}*!BHcFa5c5y%yS-X(W{;WnpGzLBnlgxoek$
zBDMF~0S5$lW6_(HtX|{G6RzS~{-gEhu-*=W?40HMy}!E2Gt&#UUrzgTxIoaofgstn
zvZhR<X=~+V7ALz~zC(RFM$d535Q(m5w*$T!>VT+SFO55cEjzD9DlIOC8?U^RuI#jI
zfD|8xHrrc<M6ftX%(*QF?}`5;woi%IrFjnZAw;VF<3hR;k1p<|Le<5B@b^Vt9!#U&
z+2yR8Xug}KF&S8PlDpKnI@}Y(7Q$Ja>u<^z*3V;G<G*br>N6><P98Qvz75e_tpCmS
zX>_&AoqDY;qP#h{h17kKiVCdgmdmd(l}qM|kQJhBSqPNf=H-e?w0*<MzV#(BIfV7r
zBfFbUszK&6b&WT<WbPRmSJp9F|GJ+pm!@$1G+?}}mRo4$mYHdJiAznEcB~*@n|DIf
z@!D74C>dnK;TMmtKqxPPD%nvIG3f=bX0Ou!51cZ{#P4D#C@lKhC&^7^h;-ui<Y*dL
zUq}Vs6`NZPC;(5@)Mm1UT$wg~qm(_^<ne6e73|W<d|1t+eR*U;RiDkM>cRDH)XN)x
zM-<9q(W=KQ+5CNF=RX%40P4$g+wYK1C!ymIe)AsEz6dUSt)8btb6BNubb|QMUP7sA
z;*~)gXH;<DOv~K4G1r_<WP^nI_Uh+y`GEd`_i~3Z$}WwCm1slX?_+62mX}v61&DY7
z)j4O6W31k-%8D2+RKJR*8TXJU>2R%lGLS%J_GNKLkJkPvoON8o1(ySp>mRK7Vs7RF
z)G|>z9lFc%r$I0A>xL|sdyNL5B~hX?g~~Ua+^wlM^+~t>a22$Fw&XsbI%@MpTf@tz
z$w_#gZq}PLViCF{Baya#;lMfP>&;Sil(`N|`S~tU`y!H*-0(cWx`;N|g%e<E<VP;i
zeAB|V72kZ`B5CFTehOpov>S3l-u{(bt|<@Pn+}R8BUddX70KQx={oxah8q4ky=x++
z-OZQkb;FbGW8-lqSooLd?A5u}!W~8so9%M70LZU_LC!5=e|{3b&5Q_BHN$#6NqBhj
zutv{sW%l!A&soKR1rH?C7hxEP-N7}lRF4X<2+j&Qp5OgeOrSSZljz9_M=s9HAZ;Qf
z!(8F*Ea3tlWT;zT9lfIWxP}h40>nY?MwN#8M;^C2=2W7!h~FPt&HvU~E0J6K0dLrR
z&Mcny6#v36U8R{IdFKV?7y8L}sy_PVC^pt3bJo_Sj(bVrRa8fEb)hwx5`!bn<t%l(
z7lj8QY2|Y6b4fvFPl9kn`D};NUSVIwO2&+1xOFrLs4C%4ec_Jf!u+VLy*^&90})PL
zof|0w3X8%2nD9?p)uk^_!pWaw`rrImTKw?=niD&1AU=YdZ~Pu#bkLFKKb$lgD_5Ew
zL@MczN&fSl73Mg=J9RvOSx<Pmf#aBSIj>hNh=U-{3H0pf0Bl6%-bv3WJKDxC!&8v7
z6k{<rP^?nn^A+Z`m;|Feq-ijXD^TrWzVKI%GVhcIh0!zRx-nUGU^Th|nA+)?h)_yZ
z7~9*SUHbEiQW5_6Tes(;vMJ;patzqnH>8w={kk$&Q)L8&l)qxBk3$OKY`q~4KNO0y
zizt-s)D(f$u%Pr7jS3Xb5@AUpguFAnNkEz{x=O%Cxv#Y79~EWF3ppoq90?j0mW7nJ
Sy(#(E$Bgt$bt`mSqW%ZgDACCP
literal 0
HcmV?d00001
diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml
new file mode 100644
index 0000000..7e58879
--- /dev/null
+++ b/.github/workflows/keyfactor-starter-workflow.yml
@@ -0,0 +1,43 @@
+name: Starter Workflow
+on: workflow_dispatch
+
+jobs:
+ catalog-update-check:
+ runs-on: windows-latest
+ outputs:
+ upd_cat: ${{ steps.read-json.outputs.prop }}
+ steps:
+ - uses: actions/checkout@v3
+ - name: Read json
+ id: read-json
+ shell: pwsh
+ run: |
+ $json = Get-Content integration-manifest.json | ConvertFrom-Json
+ echo "::set-output name=prop::$(echo $json.update_catalog)"
+
+ #call-create-github-release-workflow:
+ # uses: Keyfactor/actions/.github/workflows/github-release.yml@main
+
+ #call-dotnet-build-and-release-workflow:
+ # needs: [call-create-github-release-workflow]
+ # uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main
+ # with:
+ # release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
+ # release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }}
+ # release_dir: SslStoreCaProxy/bin/Release
+ # secrets:
+ # token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }}
+
+ call-generate-readme-workflow:
+ if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
+ uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main
+ secrets:
+ token: ${{ secrets.APPROVE_README_PUSH }}
+
+ call-update-catalog-workflow:
+ needs: catalog-update-check
+ if: needs.catalog-update-check.outputs.upd_cat == 'True' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
+ uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main
+ secrets:
+ token: ${{ secrets.SDK_SYNC_PAT }}
+
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..7c4987a
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,43 @@
+# Terraform Provider release workflow.
+name: Release
+
+# This GitHub action creates a release when a tag that matches the pattern
+# "v*" (e.g. v0.1.0) is created.
+on:
+ push:
+ tags:
+ - 'v*'
+
+# Releases need permissions to read and write the repository contents.
+# GitHub considers creating releases and uploading assets as writing contents.
+permissions:
+ contents: write
+
+jobs:
+ goreleaser:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ with:
+ # Allow goreleaser to access older tag information.
+ fetch-depth: 0
+ - uses: actions/setup-go@v4
+ with:
+ go-version-file: 'go.mod'
+ cache: true
+ - name: Import GPG key
+ uses: crazy-max/ghaction-import-gpg@v5
+ id: import_gpg
+ with:
+ gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+ passphrase: ${{ secrets.PASSPHRASE }}
+ - name: Run GoReleaser
+ uses: goreleaser/goreleaser-action@v4
+ with:
+ args: release --clean
+ env:
+ # GitHub sets the GITHUB_TOKEN secret automatically.
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ PAT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+ GPG_TTY: $(tty)
\ No newline at end of file
diff --git a/.goreleaser.yml b/.goreleaser.yml
new file mode 100644
index 0000000..3fb2cc3
--- /dev/null
+++ b/.goreleaser.yml
@@ -0,0 +1,86 @@
+# Visit https://goreleaser.com for documentation on how to customize this
+# behavior.
+before:
+ hooks:
+ # this is just an example and not a requirement for provider building/publishing
+ - go mod tidy
+builds:
+ - env:
+ # goreleaser does not work with CGO, it could also complicate
+ # usage by users in CI/CD systems like Terraform Cloud where
+ # they are unable to install libraries.
+ - CGO_ENABLED=0
+ mod_timestamp: '{{ .CommitTimestamp }}'
+ flags:
+ - -trimpath
+ ldflags:
+ - '-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}'
+ goos:
+ - freebsd
+ - windows
+ - linux
+ - darwin
+ goarch:
+ - amd64
+ - '386'
+ - arm
+ - arm64
+ ignore:
+ - goos: darwin
+ goarch: '386'
+ binary: 'kfutil'
+archives:
+ - format: zip
+ name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
+checksum:
+ extra_files:
+ - glob: 'integration-manifest.json'
+ name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
+ name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
+ algorithm: sha256
+signs:
+ - artifacts: checksum
+ args:
+ # if you are using this in a GitHub action or some other automated pipeline, you
+ # need to pass the batch flag to indicate its not interactive.
+ - "--batch"
+ - "--local-user"
+ - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key
+ - "--output"
+ - "${signature}"
+ - "--detach-sign"
+ - "${artifact}"
+release:
+ prerelease: auto
+ extra_files:
+ - glob: 'integration-manifest.json'
+ name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
+ # If you want to manually examine the release before its live, uncomment this line:
+ draft: true
+changelog:
+ sort: asc
+ use: github
+ filters:
+ exclude:
+ - '^test:'
+ - '^chore'
+ - 'merge conflict'
+ - Merge pull request
+ - Merge remote-tracking branch
+ - Merge branch
+ - go mod tidy
+ groups:
+ - title: Dependency updates
+ regexp: "^.*(feat|fix)\\(deps\\)*:+.*$"
+ order: 300
+ - title: 'New Features'
+ regexp: "^.*feat[(\\w)]*:+.*$"
+ order: 100
+ - title: 'Bug fixes'
+ regexp: "^.*fix[(\\w)]*:+.*$"
+ order: 200
+ - title: 'Documentation updates'
+ regexp: "^.*docs[(\\w)]*:+.*$"
+ order: 400
+ - title: Other work
+ order: 9999