Merge pull request #1744 from authzed/snap

goreleaser: init snap, linux shell completions
authzed · Apr 24, 2024 · 9da37ed · 9da37ed
2 parents 7bd975f + 151101a
commit 9da37ed
Show file tree

Hide file tree

Showing 7 changed files with 80 additions and 7 deletions.
diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml
@@ -15,6 +15,8 @@ jobs:
         with:
           fetch-depth: 0
       - uses: "authzed/actions/setup-go@main"
+      - name: "Install snapcraft"
+        run: "sudo snap install snapcraft --channel=7.x/stable --classic"
       - uses: "authzed/actions/docker-login@main"
         with:
           quayio_token: "${{ secrets.QUAYIO_PASSWORD }}"
@@ -26,7 +28,7 @@ jobs:
         with:
           distribution: "goreleaser-pro"
           version: "latest"
-          args: "release -f nightly.goreleaser.yml --clean --nightly"
+          args: "release -f .goreleaser.nightly.yml --clean --nightly"
         env:
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
           GORELEASER_KEY: "${{ secrets.GORELEASER_KEY }}"
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -23,6 +23,8 @@ jobs:
         if: "${{ !startsWith(github.ref_name, 'v') || steps.version.outputs.is_valid != 'true' }}"
         run: 'echo "SpiceDB version must start with `v` and be a semver" && exit 1'
         shell: "bash"
+      - name: "Install snapcraft"
+        run: "sudo snap install snapcraft --channel=7.x/stable --classic"
       - uses: "authzed/actions/docker-login@main"
         with:
           quayio_token: "${{ secrets.QUAYIO_PASSWORD }}"
@@ -40,3 +42,9 @@ jobs:
           HOMEBREW_TAP_GITHUB_TOKEN: "${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}"
           GORELEASER_KEY: "${{ secrets.GORELEASER_KEY }}"
           GEMFURY_PUSH_TOKEN: "${{ secrets.GEMFURY_PUSH_TOKEN }}"
+      - name: "Release snap"
+        env:
+          SNAPCRAFT_STORE_CREDENTIALS: "${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}"
+        run: |
+          snapcraft upload dist/*_amd64.snap --release stable
+          snapcraft upload dist/*_arm64.snap --release stable
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -47,6 +47,8 @@ jobs:
         with:
           username: "${{ env.DOCKERHUB_PUBLIC_USER }}"
           password: "${{ env.DOCKERHUB_PUBLIC_ACCESS_TOKEN }}"
+      - name: "Install snapcraft"
+        run: "sudo snap install snapcraft --channel=7.x/stable --classic"
       - uses: "aquasecurity/trivy-action@master"
         with:
           scan-type: "fs"

diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 dist/
+completions/
 *.wasm
 .vscode/settings.json
 .env.local

diff --git a/nightly.goreleaser.yml → .goreleaser.nightly.yml b/nightly.goreleaser.yml → .goreleaser.nightly.yml
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -2,6 +2,9 @@
 git:
   tag_sort: "-version:creatordate"
   prerelease_suffix: "-"
+before:
+  hooks:
+    - "go run mage.go gen:completions"
 builds:
   - main: "./cmd/spicedb"
     env:
@@ -17,6 +20,11 @@ builds:
     ldflags:
       - "-s -w"
       - "-X github.com/jzelinskie/cobrautil/v2.Version=v{{ .Version }}"
+archives:
+  - files:
+      - "README.md"
+      - "LICENSE"
+      - "completions/*"
 nfpms:
   - vendor: "authzed inc."
     homepage: "https://spicedb.io"
@@ -28,10 +36,42 @@ nfpms:
       - "apk"
       - "deb"
       - "rpm"
+    contents:
+      - src: "./completions/spicedb.bash"
+        dst: "/usr/share/bash-completion/completions/spicedb"
+        file_info:
+          mode: 0644
+      - src: "./completions/spicedb.fish"
+        dst: "/usr/share/fish/vendor_completions.d/spicedb.fish"
+        file_info:
+          mode: 0644
+      - src: "./completions/spicedb.zsh"
+        dst: "/usr/share/zsh/vendor-completions/_spicedb"
+        file_info:
+          mode: 0644
 furies:
   - account: "authzed"
     secret_name: "GEMFURY_PUSH_TOKEN"
-    skip: "{{ gt (len .Prerelease) 0 }}"
+    disable: "{{ gt (len .Prerelease) 0 }}"
+snapcrafts:
+  - name: "spicedb"
+    publish: true
+    summary: "A database that stores, computes, and validates application permissions"
+    description: |
+      SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions.
+
+      Developers create a schema and use client libraries to apply the schema to the database, insert relationships into the database, and query the database to efficiently check permissions in their applications.
+    grade: "stable"
+    confinement: "strict"
+    license: "Apache-2.0"
+    base: "core22"
+    apps:
+      spicedb:
+        command: "spicedb"
+        completer: "completions/spicedb.bash"
+        plugs:
+          - "network-bind"
+          - "network"
 brews:
   - name: "{{.ProjectName}}"
     repository:
@@ -47,7 +87,7 @@ brews:
     homepage: "https://authzed.com/"
     description: "SpiceDB is a Zanzibar-inspired database that stores, computes, and validates application permissions."
     license: "Apache-2.0"
-    folder: "Formula"
+    directory: "Formula"
     skip_upload: "auto"
     custom_block: |
       head "https://github.com/authzed/spicedb.git", :branch => "main"
@@ -78,7 +118,7 @@ brews:
     homepage: "https://authzed.com/"
     description: "SpiceDB is a Zanzibar-inspired database that stores, computes, and validates application permissions."
     license: "Apache-2.0"
-    folder: "Formula"
+    directory: "Formula"
     skip_upload: "auto"
     custom_block: |
       head "https://github.com/authzed/spicedb.git", :branch => "main"
@@ -92,9 +132,9 @@ brews:
         system "go build --ldflags \"-s -w -X github.com/jzelinskie/cobrautil/v2.Version=$(git describe --always --abbrev=7 --dirty --tags)\" ./cmd/spicedb"
       end
       bin.install "spicedb"
-      (bash_completion/"spicedb").write Utils.safe_popen_read("#{bin}/spicedb", "completion", "bash")
-      (zsh_completion/"_spicedb").write Utils.safe_popen_read("#{bin}/spicedb", "completion", "zsh")
-      (fish_completion/"spicedb.fish").write Utils.safe_popen_read("#{bin}/spicedb", "completion", "fish")
+      bash_completion.install "completions/spicedb.bash" => "spicedb"
+      zsh_completion.install "completions/spicedb.zsh" => "_spicedb"
+      fish_completion.install "completions/spicedb.fish"
 dockers:
   # AMD64
   - image_templates:

diff --git a/magefiles/gen.go b/magefiles/gen.go
@@ -4,6 +4,7 @@ package main
 
 import (
 	"fmt"
+	"os"
 
 	"github.com/magefile/mage/mg"
 	"github.com/magefile/mage/sh"
@@ -29,3 +30,22 @@ func (Gen) Proto() error {
 	return RunSh("go", Tool())("run", "github.com/bufbuild/buf/cmd/buf",
 		"generate", "-o", "../pkg/proto", "../proto/internal", "--template", "../buf.gen.yaml")
 }
+
+func (Gen) Completions() error {
+	if err := RunSh("mkdir", WithDir("."))("-p", "./completions"); err != nil {
+		return err
+	}
+
+	for _, shell := range []string{"bash", "zsh", "fish"} {
+		f, err := os.Create("./completions/spicedb." + shell)
+		if err != nil {
+			return err
+		}
+		defer f.Close()
+
+		if err := RunSh("go", WithDir("."), WithStdout(f))("run", "./cmd/spicedb/main.go", "completion", shell); err != nil {
+			return err
+		}
+	}
+	return nil
+}