Skip to content

Commit

Permalink
Use Goreleaser, and publish arm64
Browse files Browse the repository at this point in the history
Signed-off-by: peterdeme <[email protected]>
  • Loading branch information
peterdeme committed Nov 25, 2023
1 parent 8d8dd75 commit dbf38ec
Show file tree
Hide file tree
Showing 11 changed files with 361 additions and 214 deletions.
22 changes: 12 additions & 10 deletions .github/workflows/build-binary.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,31 +2,33 @@ name: Build Binary

on: { push: { branches-ignore: [main, production] } }

concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true

jobs:
preprod-agent-deployment:
name: Build and upload agent
build-binary:
name: Build binary
runs-on: ubuntu-latest
container: golang:1.20

env:
BASE_NAME: spacelift-vcs-agent
BIN_DIR: build

steps:
- name: Check out repository code
uses: actions/checkout@v4

- name: Mark source directory as safe. # This is some duct tape over the git version in the Go image complaining about this since one of the 1.19.x versions. Feel free to remove once it doesn't break the build anymore. See https://github.com/actions/runner/issues/2033 and https://github.com/actions/checkout/issues/760#issuecomment-1097797031
- name: Mark source directory as safe.
run: git config --global --add safe.directory $GITHUB_WORKSPACE

- name: parse short SHA
id: vars
run: |
echo ::set-output name=sha::$(git rev-parse --short=8 ${{ github.sha }})
- name: Build Spacelift VCS Agent
run: go build -a -tags netgo -ldflags "-s -w -extldflags '-static' -X main.VERSION=$SHORT_SHA -X main.BugsnagAPIKey=$BUGSNAG_API_KEY" -trimpath -o $BIN_DIR/$BASE_NAME ./cmd/spacelift-vcs-agent
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
with:
version: latest
args: release --snapshot
env:
BUGSNAG_API_KEY: ${{ secrets.PREPROD_BUGSNAG_API_KEY }}
CGO_ENABLED: 0
SHORT_SHA: ${{ steps.vars.outputs.sha }}
4 changes: 4 additions & 0 deletions .github/workflows/linting.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ name: Linting

on: { push: { branches-ignore: [main, production] } }

concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true

jobs:
linting:
name: Lint the code
Expand Down
281 changes: 124 additions & 157 deletions .github/workflows/preprod-deployment.yml
Original file line number Diff line number Diff line change
@@ -1,20 +1,15 @@
name: Preprod deployment

on:
push:
branches:
- main
on: [push]

concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true

jobs:
preprod-agent-deployment:
name: Build and upload agent
runs-on: ubuntu-latest
outputs:
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
container: golang:1.20
env:
BASE_NAME: spacelift-vcs-agent
BIN_DIR: build
permissions:
id-token: write
contents: read
Expand All @@ -24,153 +19,125 @@ jobs:
- name: Check out repository code
uses: actions/checkout@v4

- name: Mark source directory as safe. # This is some duct tape over the git version in the Go image complaining about this since one of the 1.19.x versions. Feel free to remove once it doesn't break the build anymore. See https://github.com/actions/runner/issues/2033 and https://github.com/actions/checkout/issues/760#issuecomment-1097797031
- name: Mark source directory as safe.
run: git config --global --add safe.directory $GITHUB_WORKSPACE

- uses: chrnorm/deployment-action@releases/v1
name: Create GitHub deployment
if: ${{ github.ref == 'refs/heads/main' }}
id: deployment
with:
token: "${{ github.token }}"
target_url: https://downloads.spacelift.dev/spacelift-vcs-agent
environment: preprod/vcs-agent

- name: parse short SHA
id: vars
run: |
echo ::set-output name=sha::$(git rev-parse --short=8 ${{ github.sha }})
- name: Build Spacelift VCS Agent
run: go build -a -tags netgo -ldflags "-s -w -extldflags '-static' -X main.VERSION=$SHORT_SHA -X main.BugsnagAPIKey=$BUGSNAG_API_KEY" -trimpath -o $BIN_DIR/$BASE_NAME ./cmd/spacelift-vcs-agent
env:
BUGSNAG_API_KEY: ${{ secrets.PREPROD_BUGSNAG_API_KEY }}
CGO_ENABLED: 0
SHORT_SHA: ${{ steps.vars.outputs.sha }}

- name: Install dependencies
run: |
apt-get update -y
apt-get install -y awscli zip
- name: Import the PGP key
run: |
echo ${GPG_KEY_BASE64} | base64 -d > spacelift.gpg
gpg --import \
--passphrase=$GPG_PASSPHRASE \
--pinentry-mode=loopback \
spacelift.gpg
rm spacelift.gpg
env:
GPG_KEY_BASE64: ${{ secrets.GPG_KEY_BASE64 }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

- name: Sign Spacelift VCS Agent Binary
run: ./scripts/sign.sh $BIN_DIR $BASE_NAME
env:
GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
SHORT_SHA: ${{ steps.vars.outputs.sha }}

- name: Verify Checksum Spacelift VCS Agent Binary
run: ./scripts/verify.sh $BIN_DIR $BASE_NAME
env:
SHORT_SHA: ${{ steps.vars.outputs.sha }}

- name: Upload the VCS Agent binary
uses: actions/upload-artifact@v3
with:
name: vcs-agent-binary
path: build/
retention-days: 1

- name: Update deployment status (failure)
uses: chrnorm/deployment-status@releases/v1
if: failure() && ${{ github.ref == 'refs/heads/main' }}
with:
token: "${{ github.token }}"
target_url: https://downloads.spacelift.dev/spacelift-vcs-agent
state: "failure"
deployment_id: ${{ steps.deployment.outputs.deployment_id }}

publish-preprod-agent-deployment:
name: Upload VCS agent binary and container image
needs: ["preprod-agent-deployment"]
runs-on: ubuntu-latest

env:
BIN_DIR: build
permissions:
id-token: write
contents: read
deployments: write

steps:
- name: Check out repository code
uses: actions/checkout@v4

- name: Download the VCS Agent binary
uses: actions/download-artifact@v3
with:
name: vcs-agent-binary
path: ./build

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
if: ${{ github.ref == 'refs/heads/main' }}
with:
aws-region: eu-west-1
role-to-assume: ${{ secrets.PREPROD_AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 900

- name: Upload the VCS Agent binary to downloads.spacelift.dev
if: ${{ github.ref == 'refs/heads/main' }}
run: >-
aws s3 sync
${BIN_DIR} s3://${{ secrets.PREPROD_AWS_S3_BUCKET }}/
--no-progress
- name: Invalidate downloads.spacelift.dev cache
if: ${{ github.ref == 'refs/heads/main' }}
run: >-
aws cloudfront create-invalidation
--distribution-id ${{ secrets.PREPROD_DISTRIBUTION }}
--paths "/*"
- name: Log in to Amazon public ECR
if: ${{ github.ref == 'refs/heads/main' }}
run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws

# This will be needed in the future for adding multi architecture build support
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build and push the image
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64
push: ${{ github.ref == 'refs/heads/main' }}
tags: |
${{ secrets.PREPROD_PUBLIC_VCS_AGENT_ECR_REPOSITORY_URL }}:latest
- name: Update deployment status (success)
uses: chrnorm/deployment-status@releases/v1
if: success() && ${{ github.ref == 'refs/heads/main' }}
with:
token: "${{ github.token }}"
target_url: https://downloads.spacelift.dev/spacelift-vcs-agent
state: "success"
deployment_id: ${{ needs.preprod-agent-deployment.outputs.deployment_id }}

- name: Update deployment status (failure)
uses: chrnorm/deployment-status@releases/v1
if: failure() && ${{ github.ref == 'refs/heads/main' }}
- name: Run workflow
uses: ./.github/workflows/publish
with:
token: "${{ github.token }}"
target_url: https://downloads.spacelift.dev/spacelift-vcs-agent
state: "failure"
deployment_id: ${{ needs.preprod-agent-deployment.outputs.deployment_id }}
aws_role_to_assume: ${{ secrets.PREPROD_AWS_ROLE_TO_ASSUME }}
ecr_repository_url: ${{ secrets.PREPROD_PUBLIC_VCS_AGENT_ECR_REPOSITORY_URL }}
aws_bucket: ${{ secrets.PREPROD_AWS_S3_BUCKET }}
cloudfront_distribution: ${{ secrets.PREPROD_DISTRIBUTION }}
bugsnag_api_key: ${{ secrets.PREPROD_BUGSNAG_API_KEY }}
gpg_key_id: ${{ secrets.GPG_KEY_ID }}
gpg_base64_key: ${{ secrets.GPG_KEY_BASE64 }}
gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
github_token: ${{ secrets.GITHUB_TOKEN }}
current_ref: ${{ github.ref }}

# - name: Setup Go
# uses: actions/setup-go@v4
# with: { go-version: "1.20" }

# - name: Parse short SHA
# id: vars
# run: echo "sha=$(git rev-parse --short=8 ${{ github.sha }})" >> $GITHUB_OUTPUT

# - name: Fake tag for GoReleaser
# if: ${{ github.ref == 'refs/heads/main' }}
# run: git tag -a v0.0.0

# - name: Run GoReleaser
# uses: goreleaser/goreleaser-action@v5
# with:
# version: latest
# args: release --snapshot=${{ github.ref != 'refs/heads/main' }}
# env:
# BUGSNAG_API_KEY: ${{ secrets.PREPROD_BUGSNAG_API_KEY }}
# SHORT_SHA: ${{ steps.vars.outputs.sha }}

# - name: Import the PGP key
# run: |
# echo ${GPG_KEY_BASE64} | base64 -d > spacelift.gpg
# gpg --import \
# --passphrase=$GPG_PASSPHRASE \
# --pinentry-mode=loopback \
# spacelift.gpg
# rm spacelift.gpg
# env:
# GPG_KEY_BASE64: ${{ secrets.GPG_KEY_BASE64 }}
# GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

# - name: Sign Spacelift VCS Agent Binary
# run: |
# chmod 755 ./dist/vcs-agent_linux_amd64_v1/spacelift-vcs-agent
# ./scripts/sign.sh ./dist/vcs-agent_linux_amd64_v1 spacelift-vcs-agent
# ./scripts/verify.sh ./dist/vcs-agent_linux_amd64_v1 spacelift-vcs-agent

# chmod 755 ./dist/vcs-agent_linux_arm64/spacelift-vcs-agent
# ./scripts/sign.sh ./dist/vcs-agent_linux_arm64 spacelift-vcs-agent
# ./scripts/verify.sh ./dist/vcs-agent_linux_arm64 spacelift-vcs-agent
# env:
# GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
# GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

# - name: Configure AWS credentials
# uses: aws-actions/configure-aws-credentials@v4
# if: ${{ github.ref == 'refs/heads/main' }}
# with:
# aws-region: eu-west-1
# role-to-assume: ${{ secrets.PREPROD_AWS_ROLE_TO_ASSUME }}
# role-duration-seconds: 900

# - name: Put the binaries to the right place
# run: |
# mkdir -p build
# cp dist/vcs-agent_linux_amd64_v1/spacelift-vcs-agent build/spacelift-vcs-agent
# cp dist/vcs-agent_linux_amd64_v1/spacelift-vcs-agent_SHA256SUMS build/spacelift-vcs-agent_SHA256SUMS
# cp dist/vcs-agent_linux_amd64_v1/spacelift-vcs-agent_SHA256SUMS.sig build/spacelift-vcs-agent_SHA256SUMS.sig

# cp dist/vcs-agent_linux_amd64_v1/spacelift-vcs-agent build/spacelift-vcs-agent-x86_64
# cp dist/vcs-agent_linux_amd64_v1/spacelift-vcs-agent_SHA256SUMS build/spacelift-vcs-agent-x86_64_SHA256SUMS
# cp dist/vcs-agent_linux_amd64_v1/spacelift-vcs-agent_SHA256SUMS.sig build/spacelift-vcs-agent-x86_64_SHA256SUMS.sig

# cp dist/vcs-agent_linux_arm64/spacelift-vcs-agent build/spacelift-vcs-agent-aarch64
# cp dist/vcs-agent_linux_arm64/spacelift-vcs-agent_SHA256SUMS build/spacelift-vcs-agent-aarch64_SHA256SUMS
# cp dist/vcs-agent_linux_arm64/spacelift-vcs-agent_SHA256SUMS.sig build/spacelift-vcs-agent-aarch64_SHA256SUMS.sig

# # For easier visibility, here's the list of files we're uploading:
# ls -l build

# - name: Upload the VCS Agent binaries to downloads.spacelift.dev
# if: ${{ github.ref == 'refs/heads/main' }}
# run: >-
# aws s3 sync
# build/ s3://${{ secrets.PREPROD_AWS_S3_BUCKET }}

# - name: Invalidate downloads.spacelift.dev cache
# if: ${{ github.ref == 'refs/heads/main' }}
# run: >-
# aws cloudfront create-invalidation
# --distribution-id ${{ secrets.PREPROD_DISTRIBUTION }}
# --paths "/*"

# - name: Log in to Amazon public ECR
# if: ${{ github.ref == 'refs/heads/main' }}
# run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws

# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v3

# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3
# with:
# platforms: linux/amd64,linux/arm64

# - name: Build and push the image
# uses: docker/build-push-action@v5
# with:
# context: .
# platforms: linux/amd64,linux/arm64
# push: ${{ github.ref == 'refs/heads/main' }}
# tags: |
# ${{ secrets.PREPROD_PUBLIC_VCS_AGENT_ECR_REPOSITORY_URL }}:latest
2 changes: 1 addition & 1 deletion .github/workflows/prod-deployment.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
- name: Check out repository code
uses: actions/checkout@v4

- name: Mark source directory as safe. # This is some duct tape over the git version in the Go image complaining about this since one of the 1.19.x versions. Feel free to remove once it doesn't break the build anymore. See https://github.com/actions/runner/issues/2033 and https://github.com/actions/checkout/issues/760#issuecomment-1097797031
- name: Mark source directory as safe.
run: git config --global --add safe.directory $GITHUB_WORKSPACE

- uses: chrnorm/deployment-action@releases/v1
Expand Down
Loading

0 comments on commit dbf38ec

Please sign in to comment.