From 7f9ee480bbdc84f828112fa7ced91b558faa6a42 Mon Sep 17 00:00:00 2001
From: Harrison <harrisonaffel@gmail.com>
Date: Thu, 23 May 2024 10:23:53 -0400
Subject: [PATCH] Github Action Migration (#1351)

---
 .drone.yml                         | 75 ------------------------------
 .github/workflows/pre-release.yaml | 50 ++++++++++++++++++++
 .github/workflows/release.yaml     | 50 ++++++++++++++++++++
 GNUmakefile                        | 12 +----
 4 files changed, 101 insertions(+), 86 deletions(-)
 delete mode 100644 .drone.yml
 create mode 100644 .github/workflows/pre-release.yaml
 create mode 100644 .github/workflows/release.yaml

diff --git a/.drone.yml b/.drone.yml
deleted file mode 100644
index 55842de2..00000000
--- a/.drone.yml
+++ /dev/null
@@ -1,75 +0,0 @@
----
-kind: pipeline
-name: default
-
-steps:
-- name: build
-  image: docker:20.10.17-dind
-  environment:
-    GOPATH: /go
-    PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/go/bin
-  commands:
-  - /usr/local/bin/dockerd-entrypoint.sh &
-  - apk add -U bash make gcc musl-dev git wget go curl 
-  - mkdir -p /go/src/github.com/rancher
-  - ln -s /drone/src /go/src/github.com/rancher/terraform-provider-rancher2
-  - cd /go/src/github.com/rancher/terraform-provider-rancher2
-  - make docker-build
-  - make docker-testacc
-  - kill %1
-  privileged: true
-
-- name: build-all-binaries
-  image: golang:1.19.4
-  environment:
-    CROSS: 1
-    VERSION: ${DRONE_TAG}
-  commands:
-  - apt-get update
-  - apt-get install -y xz-utils zip rsync jq curl ca-certificates
-  - mkdir -p /go/src/github.com/rancher
-  - ln -s /drone/src /go/src/github.com/rancher/terraform-provider-rancher2
-  - cd /go/src/github.com/rancher/terraform-provider-rancher2
-  - make build-rancher
-  - make package-rancher
-  when:
-    event: tag
-
-- name: gpg_sign_release  
-  image: plugins/gpgsign
-  settings:
-    key:
-      from_secret: gpg_key
-    passphrase:
-      from_secret: gpg_passphrase
-    files:
-      - dist/artifacts/${DRONE_TAG}/terraform-provider-rancher2_*_SHA256SUMS
-    detach_sign: true
-    armor: false
-  when:
-    event: tag
-
-- name: github_binary_prerelease
-  image: plugins/github-release
-  settings:
-    prerelease: true
-    files:
-    - dist/artifacts/${DRONE_TAG}/terraform-provider-rancher2_*
-    api_key: 
-      from_secret: github_token
-  when:
-    event: tag
-    ref:
-      include: [ refs/tags/*rc* ]
-
-- name: github_binary_release
-  image: plugins/github-release
-  settings:
-    files:
-    - dist/artifacts/${DRONE_TAG}/terraform-provider-rancher2_*
-    api_key: 
-      from_secret: github_token
-  when:
-    event: tag
-    ref:
-      exclude: [ refs/tags/*rc* ]
\ No newline at end of file
diff --git a/.github/workflows/pre-release.yaml b/.github/workflows/pre-release.yaml
new file mode 100644
index 00000000..ed569aae
--- /dev/null
+++ b/.github/workflows/pre-release.yaml
@@ -0,0 +1,50 @@
+name: Prerelease
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: build binaries
+        env:
+          CROSS: 1
+          VERSION: ${{ github.ref_name }}
+        run: |
+          make build-rancher
+
+      - name: package
+        run: |
+          make package-rancher
+
+      - name: retrieve GPG Credentials
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/${{ github.repository }}/key/app-credentials passphrase | GPG_PASSPHRASE ;
+            secret/data/github/repo/${{ github.repository }}/key/app-credentials privateKey | GPG_KEY
+
+      - name: sign shasum
+        env:
+          GPG_KEY: ${{ env.GPG_KEY }}
+          GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
+        run: |
+          echo "Importing gpg key"
+          echo -n "${{ env.GPG_KEY }}" | base64 --decode | gpg --import --batch > /dev/null          
+          echo "signing SHASUM file"
+          VERSION_NO_V=$(echo ${{ github.ref_name }} | sed "s/^[v|V]//")
+          SHASUM_FILE=dist/artifacts/${{ github.ref_name }}/terraform-provider-rancher2_"$VERSION_NO_V"_SHA256SUMS
+          echo ${{ env.GPG_PASSPHRASE }} | gpg --detach-sig --pinentry-mode loopback --passphrase-fd 0 --output "$SHASUM_FILE".sig --sign "$SHASUM_FILE"
+
+      - name: GH release
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh release create ${{ github.ref_name }} --prerelease --verify-tag --generate-notes ./dist/artifacts/${{ github.ref_name }}/*
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 00000000..19e35f7f
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,50 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: build binaries
+        env:
+          CROSS: 1
+          VERSION: ${{ github.ref_name }}
+        run: |
+          make build-rancher
+
+      - name: package
+        run: |
+          make package-rancher
+
+      - name: retrieve GPG Credentials
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/${{ github.repository }}/key/app-credentials passphrase | GPG_PASSPHRASE ;
+            secret/data/github/repo/${{ github.repository }}/key/app-credentials privateKey | GPG_KEY
+
+      - name: sign shasum
+        env:
+          GPG_KEY: ${{ env.GPG_KEY }}
+          GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
+        run: |
+          echo "Importing gpg key"
+          echo -n "${{ env.GPG_KEY }}" | base64 --decode | gpg --import --batch > /dev/null          
+          echo "signing SHASUM file"
+          VERSION_NO_V=$(echo ${{ github.ref_name }} | sed "s/^[v|V]//")
+          SHASUM_FILE=dist/artifacts/${{ github.ref_name }}/terraform-provider-rancher2_"$VERSION_NO_V"_SHA256SUMS
+          echo ${{ env.GPG_PASSPHRASE }} | gpg --detach-sig --pinentry-mode loopback --passphrase-fd 0 --output "$SHASUM_FILE".sig --sign "$SHASUM_FILE"
+
+      - name: GH release
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh release create ${{ github.ref_name }} --verify-tag --generate-notes ./dist/artifacts/${{ github.ref_name }}/*
diff --git a/GNUmakefile b/GNUmakefile
index ce30c814..39e256c0 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -16,7 +16,7 @@ build-rancher: validate-rancher
 
 validate-rancher: validate test
 
-validate: fmtcheck lint vet
+validate: fmtcheck vet
 
 package-rancher: 
 	@sh -c "'$(CURDIR)/scripts/gopackage.sh'"
@@ -47,16 +47,6 @@ vet:
 		echo "fix them if necessary, before submitting the code for review."; \
 	fi
 
-lint:
-	@echo "==> Checking that code complies with golint requirements..."
-	@GO111MODULE=off go get -u golang.org/x/lint/golint
-	@if [ -n "$$(golint $$(go list ./...) | grep -v 'should have comment.*or be unexported' | tee /dev/stderr)" ]; then \
-		echo ""; \
-		echo "golint found style issues. Please check the reported issues"; \
-		echo "and fix them if necessary before submitting the code for review."; \
-    	exit 1; \
-	fi
-
 bin:
 	go build -o $(PROVIDER_NAME)