From acd9d01fb1602fa9caa13d02cbdcb50bb941bbe5 Mon Sep 17 00:00:00 2001
From: Matthew Hartstonge <matt@mykro.co.nz>
Date: Sun, 22 Dec 2024 20:51:49 +1300
Subject: [PATCH 1/5] ci(.github/workflows): consolidate release workflow.

---
 .github/workflows/goreleaser.yml | 31 -------------------------------
 .github/workflows/release.yml    | 26 ++++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 31 deletions(-)
 delete mode 100644 .github/workflows/goreleaser.yml

diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
deleted file mode 100644
index e9d4f75..0000000
--- a/.github/workflows/goreleaser.yml
+++ /dev/null
@@ -1,31 +0,0 @@
-name: goreleaser
-
-on:
-  push:
-    tags:
-      - '*'
-
-permissions:
-  contents: write
-
-jobs:
-  goreleaser:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Go
-        uses: actions/setup-go@v5
-
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v6
-        with:
-          distribution: goreleaser
-          # 'latest', 'nightly', or a semver
-          version: '~> v2'
-          args: release --clean
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 19d1516..04e2ba9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,7 +12,33 @@ permissions:
 jobs:
   release-please:
     runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release-please.outputs.release_created }}
     steps:
       - uses: googleapis/release-please-action@v4
+        id: release-please
         with:
           token: ${{secrets.GITHUB_TOKEN}}
+
+  goreleaser:
+    runs-on: ubuntu-latest
+    needs: release-please
+    if: ${{ needs.release-please.outputs.release_created == 'true' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser
+          # 'latest', 'nightly', or a semver
+          version: '~> v2'
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file

From ddf767affd93421db9a503612adb2831d892ae34 Mon Sep 17 00:00:00 2001
From: Matthew Hartstonge <matt@mykro.co.nz>
Date: Sun, 22 Dec 2024 20:53:57 +1300
Subject: [PATCH 2/5] build(.goreleaser.yaml): use short commit hash.

---
 .goreleaser.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index b07d502..43a1cbc 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -23,7 +23,7 @@ builds:
         goarch: '386'
     # Custom ldflags.
     ldflags:
-      - -s -w -X main.AppVersion={{.Version}} -X main.AppCommit={{.Commit}} -X main.AppCommitDate={{.CommitDate}}
+      - '-s -w -X main.AppVersion={{.Version}} -X main.AppCommit={{.ShortCommit}} -X main.AppCommitDate={{.CommitDate}}'
     # Path to main.go file or main package.
     # Default: `.`.
     main: ./cmd/argon2

From 988c8fec2409ed091efe93ae9ab4d99da7b851f8 Mon Sep 17 00:00:00 2001
From: Matthew Hartstonge <matt@mykro.co.nz>
Date: Sun, 22 Dec 2024 21:04:44 +1300
Subject: [PATCH 3/5] fix(cmd/argon2): enable ldflags variable configuration.

---
 cmd/argon2/main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/argon2/main.go b/cmd/argon2/main.go
index d6a0f9e..1670a9d 100644
--- a/cmd/argon2/main.go
+++ b/cmd/argon2/main.go
@@ -10,7 +10,7 @@ import (
 	"github.com/matthewhartstonge/argon2"
 )
 
-const (
+var (
 	// AppName configures the binaries name.
 	AppName = "argon2"
 	// AppVersion outputs the binaries version.

From 0bf8bc5dbf63aec62c7d8e0c64eda3188f03d40e Mon Sep 17 00:00:00 2001
From: Matthew Hartstonge <matt@mykro.co.nz>
Date: Sun, 22 Dec 2024 23:41:14 +1300
Subject: [PATCH 4/5] ci(release-please-config.json): automate binary version
 setting based on tagged release.

---
 release-please-config.json | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/release-please-config.json b/release-please-config.json
index 5e58965..61496e9 100644
--- a/release-please-config.json
+++ b/release-please-config.json
@@ -7,7 +7,10 @@
       "bump-minor-pre-major": false,
       "bump-patch-for-minor-pre-major": false,
       "draft": false,
-      "prerelease": false
+      "prerelease": false,
+      "extra-files": [
+        "cmd/argon2/main.go"
+      ]
     }
   },
   "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json"

From 470fac9e34c6c18f0c1874d7344ea7eeaefe54c4 Mon Sep 17 00:00:00 2001
From: Matthew Hartstonge <matt@mykro.co.nz>
Date: Tue, 24 Dec 2024 06:34:34 +1300
Subject: [PATCH 5/5] ci(.github/workflows/release): enable notarising macOS
 binaries.

---
 .github/workflows/release.yml |  7 ++++++-
 .goreleaser.yaml              | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 04e2ba9..3fc7d7b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -41,4 +41,9 @@ jobs:
           version: '~> v2'
           args: release --clean
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          MACOS_SIGN_P12: ${{ secrets.MACOS_SIGN_P12}}
+          MACOS_SIGN_PASSWORD: ${{ secrets.MACOS_SIGN_PASSWORD}}
+          MACOS_NOTARY_ISSUER_ID: ${{ secrets.MACOS_NOTARY_ISSUER_ID}}
+          MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID}}
+          MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY}}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 43a1cbc..11c2a72 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -57,3 +57,35 @@ release:
     ---
 
     Released by [GoReleaser](https://github.com/goreleaser/goreleaser).
+
+notarize:
+  macos:
+    - # Whether this configuration is enabled or not.
+      enabled: true
+
+      # Before notarizing, we need to sign the binary.
+      # This block defines the configuration for doing so.
+      sign:
+        # The .p12 certificate file path or its base64'd contents.
+        certificate: "{{.Env.MACOS_SIGN_P12}}"
+
+        # The password to be used to open the certificate.
+        password: "{{.Env.MACOS_SIGN_PASSWORD}}"
+
+      # Then, we notarize the binaries.
+      notarize:
+        # The issuer ID.
+        # Its the UUID you see when creating the App Store Connect key.
+        issuer_id: "{{.Env.MACOS_NOTARY_ISSUER_ID}}"
+
+        # Key ID.
+        # You can see it in the list of App Store Connect Keys.
+        # It will also be in the ApiKey filename.
+        key_id: "{{.Env.MACOS_NOTARY_KEY_ID}}"
+
+        # The .p8 key file path or its base64'd contents.
+        key: "{{.Env.MACOS_NOTARY_KEY}}"
+
+        # Whether to wait for the notarization to finish.
+        # Not recommended, as it could take a really long time.
+        wait: false