-
Notifications
You must be signed in to change notification settings - Fork 6
179 lines (150 loc) · 6.73 KB
/
release-go.yml
File metadata and controls
179 lines (150 loc) · 6.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
name: Release Go Package
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
tag:
description: 'Release tag (e.g., v1.1.0)'
required: true
type: string
dry_run:
description: 'Dry run (skip actual publish)'
required: false
type: boolean
default: false
permissions:
contents: write
packages: write
jobs:
release-go:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v4
with:
go-version: '1.21'
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('go/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Install dependencies
run: |
cd go
go mod download
go mod verify
- name: Run tests
run: |
cd go
go test -v -race ./...
- name: Run linting
run: |
cd go
go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
golangci-lint run
- name: Run security checks
run: |
cd go
go install github.com/securego/gosec/v2/cmd/gosec@latest
gosec -exclude-dir=examples -exclude-dir=cmd ./pkg/... ./internal/... ./tests/...
- name: Build CLI tools
run: |
cd go
make build
- name: Test CLI tools
run: |
cd go
# Test keygen
./bin/schemapin-keygen --help
# Test signing and verification
./bin/schemapin-keygen --developer "Test Developer" --contact "[email protected]" --prefix test_key
echo '{"name": "test", "type": "object"}' > test_schema.json
./bin/schemapin-sign --key test_key_private.pem --schema test_schema.json --output signed_schema.json
./bin/schemapin-verify --schema signed_schema.json --public-key test_key_public.pem
- name: Cross-compile binaries
run: |
cd go
mkdir -p dist
# Build for multiple platforms
GOOS=linux GOARCH=amd64 go build -o dist/schemapin-keygen-linux-amd64 ./cmd/schemapin-keygen
GOOS=linux GOARCH=arm64 go build -o dist/schemapin-keygen-linux-arm64 ./cmd/schemapin-keygen
GOOS=darwin GOARCH=amd64 go build -o dist/schemapin-keygen-darwin-amd64 ./cmd/schemapin-keygen
GOOS=darwin GOARCH=arm64 go build -o dist/schemapin-keygen-darwin-arm64 ./cmd/schemapin-keygen
GOOS=windows GOARCH=amd64 go build -o dist/schemapin-keygen-windows-amd64.exe ./cmd/schemapin-keygen
GOOS=linux GOARCH=amd64 go build -o dist/schemapin-sign-linux-amd64 ./cmd/schemapin-sign
GOOS=linux GOARCH=arm64 go build -o dist/schemapin-sign-linux-arm64 ./cmd/schemapin-sign
GOOS=darwin GOARCH=amd64 go build -o dist/schemapin-sign-darwin-amd64 ./cmd/schemapin-sign
GOOS=darwin GOARCH=arm64 go build -o dist/schemapin-sign-darwin-arm64 ./cmd/schemapin-sign
GOOS=windows GOARCH=amd64 go build -o dist/schemapin-sign-windows-amd64.exe ./cmd/schemapin-sign
GOOS=linux GOARCH=amd64 go build -o dist/schemapin-verify-linux-amd64 ./cmd/schemapin-verify
GOOS=linux GOARCH=arm64 go build -o dist/schemapin-verify-linux-arm64 ./cmd/schemapin-verify
GOOS=darwin GOARCH=amd64 go build -o dist/schemapin-verify-darwin-amd64 ./cmd/schemapin-verify
GOOS=darwin GOARCH=arm64 go build -o dist/schemapin-verify-darwin-arm64 ./cmd/schemapin-verify
GOOS=windows GOARCH=amd64 go build -o dist/schemapin-verify-windows-amd64.exe ./cmd/schemapin-verify
- name: Create release archives
run: |
cd go/dist
# Create archives for each platform
tar -czf schemapin-go-linux-amd64.tar.gz schemapin-*-linux-amd64
tar -czf schemapin-go-linux-arm64.tar.gz schemapin-*-linux-arm64
tar -czf schemapin-go-darwin-amd64.tar.gz schemapin-*-darwin-amd64
tar -czf schemapin-go-darwin-arm64.tar.gz schemapin-*-darwin-arm64
zip schemapin-go-windows-amd64.zip schemapin-*-windows-amd64.exe
- name: Generate checksums
run: |
cd go/dist
sha256sum *.tar.gz *.zip > checksums.txt
- name: Create GitHub Release
if: ${{ github.event.inputs.dry_run != 'true' && startsWith(github.ref, 'refs/tags/') }}
run: |
PRERELEASE=""
if [[ "${{ github.ref_name }}" == *"alpha"* ]] || [[ "${{ github.ref_name }}" == *"beta"* ]] || [[ "${{ github.ref_name }}" == *"rc"* ]]; then
PRERELEASE="--prerelease"
fi
if gh release view ${{ github.ref_name }} &>/dev/null; then
echo "GitHub Release ${{ github.ref_name }} already exists, uploading assets"
gh release upload ${{ github.ref_name }} \
go/dist/*.tar.gz go/dist/*.zip go/dist/checksums.txt \
--clobber
else
gh release create ${{ github.ref_name }} \
--title "Release ${{ github.ref_name }}" \
--notes "## Go Package Release
SchemaPin Go implementation with CLI tools.
### Installation
#### Using Go Install
\`\`\`bash
go install github.com/ThirdKeyAi/schemapin/go/cmd/...@${{ github.ref_name }}
\`\`\`
#### Binary Downloads
Download pre-built binaries for your platform:
- Linux (amd64): [schemapin-go-linux-amd64.tar.gz](https://github.com/thirdkey/schemapin/releases/download/${{ github.ref_name }}/schemapin-go-linux-amd64.tar.gz)
- Linux (arm64): [schemapin-go-linux-arm64.tar.gz](https://github.com/thirdkey/schemapin/releases/download/${{ github.ref_name }}/schemapin-go-linux-arm64.tar.gz)
- macOS (amd64): [schemapin-go-darwin-amd64.tar.gz](https://github.com/thirdkey/schemapin/releases/download/${{ github.ref_name }}/schemapin-go-darwin-amd64.tar.gz)
- macOS (arm64): [schemapin-go-darwin-arm64.tar.gz](https://github.com/thirdkey/schemapin/releases/download/${{ github.ref_name }}/schemapin-go-darwin-arm64.tar.gz)
- Windows (amd64): [schemapin-go-windows-amd64.zip](https://github.com/thirdkey/schemapin/releases/download/${{ github.ref_name }}/schemapin-go-windows-amd64.zip)
### CLI Tools
\`\`\`bash
schemapin-keygen --help
schemapin-sign --help
schemapin-verify --help
\`\`\`
### Changes
See [CHANGELOG.md](./CHANGELOG.md) for details." \
go/dist/*.tar.gz go/dist/*.zip go/dist/checksums.txt \
$PRERELEASE
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# No additional secrets required for Go releases
# Binaries are distributed via GitHub releases