huoxue1
/
goreleaser-action
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove key input and use Import GPG GitHub Action instead

This commit is contained in:
CrazyMax 2020-05-10 16:02:05 +02:00
parent b965206285
commit f3c3945401
No known key found for this signature in database
GPG Key ID: 3248E46B6BB8C7F7
7 changed files with 162 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
.github/workflows/ci.yaml vendored
View File

@ -49,3 +49,44 @@ jobs:
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
args: release --skip-publish --rm-dist args: release --skip-publish --rm-dist
signing:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- macOS-latest
- windows-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Unshallow
run: git fetch --prune --unshallow
-
name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.13
-
name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v1
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY_TEST }}
PASSPHRASE: ${{ secrets.PASSPHRASE_TEST }}
-
name: Check
uses: ./
with:
version: latest
args: -f .goreleaser-signing.yml check --debug
-
name: GoReleaser
uses: ./
with:
version: latest
args: -f .goreleaser-signing.yml release --skip-publish --rm-dist

40
.goreleaser-signing.yml Normal file
View File

@ -0,0 +1,40 @@
env:
- GO111MODULE=on
- GOPROXY=https://goproxy.io
before:
hooks:
- go mod download
builds:
-
env:
- CGO_ENABLED=0
goos:
- darwin
- linux
- windows
goarch:
- 386
- amd64
archives:
-
replacements:
386: i386
amd64: x86_64
format_overrides:
- goos: windows
format: zip
files:
- LICENSE
- README.md
- CHANGELOG.md
checksum:
name_template: 'checksums.txt'
signs:
-
artifacts: checksum
args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]

35
.goreleaser.yml Normal file
View File

@ -0,0 +1,35 @@
env:
- GO111MODULE=on
- GOPROXY=https://goproxy.io
before:
hooks:
- go mod download
builds:
-
env:
- CGO_ENABLED=0
goos:
- darwin
- linux
- windows
goarch:
- 386
- amd64
archives:
-
replacements:
386: i386
amd64: x86_64
format_overrides:
- goos: windows
format: zip
files:
- LICENSE
- README.md
- CHANGELOG.md
checksum:
name_template: 'checksums.txt'

64
README.md
View File

@ -11,12 +11,24 @@
</p> </p>
</p> </p>
--- ___
![GoRelease Action](.github/goreleaser-action.png) ![GoRelease Action](.github/goreleaser-action.png)
* [Usage](#usage)
* [Workflow](#workflow)
* [Run on new tag](#run-on-new-tag)
* [Signing](#signing)
* [Customizing](#customizing)
* [inputs](#inputs)
* [environment variables](#environment-variables)
* [Limitation](#limitation)
* [License](#license)
## Usage ## Usage
### Workflow
```yaml ```yaml
name: goreleaser name: goreleaser
@ -45,13 +57,14 @@ jobs:
with: with:
version: latest version: latest
args: release --rm-dist args: release --rm-dist
key: ${{ secrets.YOUR_PRIVATE_KEY }}
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
``` ```
> **IMPORTANT**: note the `Unshallow` step. It is required for the changelog to work correctly. > **IMPORTANT**: note the `Unshallow` step. It is required for the changelog to work correctly.
### Run on new tag
If you want to run GoReleaser only on new tag, you can use this event: If you want to run GoReleaser only on new tag, you can use this event:
```yaml ```yaml
@ -71,13 +84,43 @@ Or with a condition on GoReleaser step:
with: with:
version: latest version: latest
args: release --rm-dist args: release --rm-dist
key: ${{ secrets.YOUR_PRIVATE_KEY }}
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
``` ```
> For detailed instructions please follow GitHub Actions [workflow syntax](https://help.github.com/en/articles/workflow-syntax-for-github-actions#About-yaml-syntax-for-workflows). > For detailed instructions please follow GitHub Actions [workflow syntax](https://help.github.com/en/articles/workflow-syntax-for-github-actions#About-yaml-syntax-for-workflows).
### Signing
If [signing is enabled](https://goreleaser.com/customization/#Signing) in your GoReleaser configuration, you can use the [Import GPG](https://github.com/crazy-max/ghaction-import-gpg) GitHub Action along with this one:
```yaml
-
name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v1
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.PASSPHRASE }}
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v1
with:
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
```
Reference the fingerprint in your signing configuration using the `GPG_FINGERPRINT` envrionment variable:
```yaml
signs:
- artifacts: checksum
args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
```
## Customizing ## Customizing
### inputs ### inputs
@ -88,7 +131,6 @@ Following inputs can be used as `step.with` keys
|---------------|---------|-----------|-------------------------------------------| |---------------|---------|-----------|-------------------------------------------|
| `version` | String | `latest` | GoReleaser version. Example: `v0.117.0` | | `version` | String | `latest` | GoReleaser version. Example: `v0.117.0` |
| `args` | String | | Arguments to pass to GoReleaser | | `args` | String | | Arguments to pass to GoReleaser |
| `key` | String | | Private key to import |
| `workdir` | String | `.` | Working directory (below repository root) | | `workdir` | String | `.` | Working directory (below repository root) |
### environment variables ### environment variables
@ -115,24 +157,10 @@ secret named `GH_PAT`, the step will look like this:
with: with:
version: latest version: latest
args: release --rm-dist args: release --rm-dist
key: ${{ secrets.YOUR_PRIVATE_KEY }}
env: env:
GITHUB_TOKEN: ${{ secrets.GH_PAT }} GITHUB_TOKEN: ${{ secrets.GH_PAT }}
``` ```
## Signing
If signing is enabled in your GoReleaser configuration, populate the `key` input with your private key
and reference the key in your signing configuration, e.g.
```yaml
signs:
- artifacts: checksum
args: ["--batch", "-u", "<key id, fingerprint, email, ...>", "--output", "${signature}", "--detach-sign", "${artifact}"]
```
This feature is currently only compatible when using the default `gpg` command and a private key without a passphrase.
## License ## License
MIT. See `LICENSE` for more details. MIT. See `LICENSE` for more details.

2
action.yml
View File

@ -12,8 +12,6 @@ inputs:
default: 'latest' default: 'latest'
args: args:
description: 'Arguments to pass to GoReleaser' description: 'Arguments to pass to GoReleaser'
key:
description: 'Private key to import'
workdir: workdir:
description: 'Working directory (below repository root)' description: 'Working directory (below repository root)'
default: '.' default: '.'

8
dist/index.js generated vendored
View File

@ -1281,13 +1281,11 @@ const git = __importStar(__webpack_require__(453));
const installer = __importStar(__webpack_require__(749)); const installer = __importStar(__webpack_require__(749));
const core = __importStar(__webpack_require__(470)); const core = __importStar(__webpack_require__(470));
const exec = __importStar(__webpack_require__(986)); const exec = __importStar(__webpack_require__(986));
const fs = __importStar(__webpack_require__(747));
function run() { function run() {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
try { try {
const version = core.getInput('version') || 'latest'; const version = core.getInput('version') || 'latest';
const args = core.getInput('args'); const args = core.getInput('args');
const key = core.getInput('key');
const workdir = core.getInput('workdir') || '.'; const workdir = core.getInput('workdir') || '.';
const goreleaser = yield installer.getGoReleaser(version); const goreleaser = yield installer.getGoReleaser(version);
const commit = yield git.getShortCommit(); const commit = yield git.getShortCommit();
@ -1309,12 +1307,6 @@ function run() {
core.info(`${tag} tag found for commit ${commit}`); core.info(`${tag} tag found for commit ${commit}`);
} }
} }
if (key) {
core.info('🔑 Importing signing key...');
let path = `${process.env.HOME}/key.asc`;
fs.writeFileSync(path, key, { mode: 0o600 });
yield exec.exec('gpg', ['--import', path]);
}
core.info('🏃 Running GoReleaser...'); core.info('🏃 Running GoReleaser...');
yield exec.exec(`${goreleaser} ${args}${snapshot}`); yield exec.exec(`${goreleaser} ${args}${snapshot}`);
} }

9
src/main.ts
View File

@ -2,13 +2,11 @@ import * as git from './git';
import * as installer from './installer'; import * as installer from './installer';
import * as core from '@actions/core'; import * as core from '@actions/core';
import * as exec from '@actions/exec'; import * as exec from '@actions/exec';
import * as fs from 'fs';
async function run(): Promise<void> { async function run(): Promise<void> {
try { try {
const version = core.getInput('version') || 'latest'; const version = core.getInput('version') || 'latest';
const args = core.getInput('args'); const args = core.getInput('args');
const key = core.getInput('key');
const workdir = core.getInput('workdir') || '.'; const workdir = core.getInput('workdir') || '.';
const goreleaser = await installer.getGoReleaser(version); const goreleaser = await installer.getGoReleaser(version);
@ -33,13 +31,6 @@ async function run(): Promise<void> {
} }
} }
if (key) {
core.info('🔑 Importing signing key...');
let path = `${process.env.HOME}/key.asc`;
fs.writeFileSync(path, key, {mode: 0o600});
await exec.exec('gpg', ['--import', path]);
}
core.info('🏃 Running GoReleaser...'); core.info('🏃 Running GoReleaser...');
await exec.exec(`${goreleaser} ${args}${snapshot}`); await exec.exec(`${goreleaser} ${args}${snapshot}`);
} catch (error) { } catch (error) {