diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 739afc0..d5b55a9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -49,3 +49,44 @@ jobs: with: version: ${{ matrix.version }} args: release --skip-publish --rm-dist + + signing: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: + - ubuntu-latest + - macOS-latest + - windows-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Unshallow + run: git fetch --prune --unshallow + - + name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: 1.13 + - + name: Import GPG key + id: import_gpg + uses: crazy-max/ghaction-import-gpg@v1 + env: + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY_TEST }} + PASSPHRASE: ${{ secrets.PASSPHRASE_TEST }} + - + name: Check + uses: ./ + with: + version: latest + args: -f .goreleaser-signing.yml check --debug + - + name: GoReleaser + uses: ./ + with: + version: latest + args: -f .goreleaser-signing.yml release --skip-publish --rm-dist diff --git a/.goreleaser-signing.yml b/.goreleaser-signing.yml new file mode 100644 index 0000000..91995cf --- /dev/null +++ b/.goreleaser-signing.yml @@ -0,0 +1,40 @@ +env: + - GO111MODULE=on + - GOPROXY=https://goproxy.io + +before: + hooks: + - go mod download + +builds: + - + env: + - CGO_ENABLED=0 + goos: + - darwin + - linux + - windows + goarch: + - 386 + - amd64 + +archives: + - + replacements: + 386: i386 + amd64: x86_64 + format_overrides: + - goos: windows + format: zip + files: + - LICENSE + - README.md + - CHANGELOG.md + +checksum: + name_template: 'checksums.txt' + +signs: + - + artifacts: checksum + args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"] diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 0000000..23d88a8 --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,35 @@ +env: + - GO111MODULE=on + - GOPROXY=https://goproxy.io + +before: + hooks: + - go mod download + +builds: + - + env: + - CGO_ENABLED=0 + goos: + - darwin + - linux + - windows + goarch: + - 386 + - amd64 + +archives: + - + replacements: + 386: i386 + amd64: x86_64 + format_overrides: + - goos: windows + format: zip + files: + - LICENSE + - README.md + - CHANGELOG.md + +checksum: + name_template: 'checksums.txt' diff --git a/README.md b/README.md index f9ea1ed..e7af6be 100644 --- a/README.md +++ b/README.md @@ -11,12 +11,24 @@

---- +___ ![GoRelease Action](.github/goreleaser-action.png) +* [Usage](#usage) + * [Workflow](#workflow) + * [Run on new tag](#run-on-new-tag) + * [Signing](#signing) +* [Customizing](#customizing) + * [inputs](#inputs) + * [environment variables](#environment-variables) +* [Limitation](#limitation) +* [License](#license) + ## Usage +### Workflow + ```yaml name: goreleaser @@ -45,13 +57,14 @@ jobs: with: version: latest args: release --rm-dist - key: ${{ secrets.YOUR_PRIVATE_KEY }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ``` > **IMPORTANT**: note the `Unshallow` step. It is required for the changelog to work correctly. +### Run on new tag + If you want to run GoReleaser only on new tag, you can use this event: ```yaml @@ -71,13 +84,43 @@ Or with a condition on GoReleaser step: with: version: latest args: release --rm-dist - key: ${{ secrets.YOUR_PRIVATE_KEY }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ``` > For detailed instructions please follow GitHub Actions [workflow syntax](https://help.github.com/en/articles/workflow-syntax-for-github-actions#About-yaml-syntax-for-workflows). +### Signing + +If [signing is enabled](https://goreleaser.com/customization/#Signing) in your GoReleaser configuration, you can use the [Import GPG](https://github.com/crazy-max/ghaction-import-gpg) GitHub Action along with this one: + +```yaml + - + name: Import GPG key + id: import_gpg + uses: crazy-max/ghaction-import-gpg@v1 + env: + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + PASSPHRASE: ${{ secrets.PASSPHRASE }} + - + name: Run GoReleaser + uses: goreleaser/goreleaser-action@v1 + with: + version: latest + args: release --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} +``` + +Reference the fingerprint in your signing configuration using the `GPG_FINGERPRINT` envrionment variable: + +```yaml +signs: + - artifacts: checksum + args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"] +``` + ## Customizing ### inputs @@ -88,7 +131,6 @@ Following inputs can be used as `step.with` keys |---------------|---------|-----------|-------------------------------------------| | `version` | String | `latest` | GoReleaser version. Example: `v0.117.0` | | `args` | String | | Arguments to pass to GoReleaser | -| `key` | String | | Private key to import | | `workdir` | String | `.` | Working directory (below repository root) | ### environment variables @@ -115,24 +157,10 @@ secret named `GH_PAT`, the step will look like this: with: version: latest args: release --rm-dist - key: ${{ secrets.YOUR_PRIVATE_KEY }} env: GITHUB_TOKEN: ${{ secrets.GH_PAT }} ``` -## Signing - -If signing is enabled in your GoReleaser configuration, populate the `key` input with your private key -and reference the key in your signing configuration, e.g. - -```yaml -signs: - - artifacts: checksum - args: ["--batch", "-u", "", "--output", "${signature}", "--detach-sign", "${artifact}"] -``` - -This feature is currently only compatible when using the default `gpg` command and a private key without a passphrase. - ## License MIT. See `LICENSE` for more details. diff --git a/action.yml b/action.yml index e27e7f7..acb2397 100644 --- a/action.yml +++ b/action.yml @@ -12,8 +12,6 @@ inputs: default: 'latest' args: description: 'Arguments to pass to GoReleaser' - key: - description: 'Private key to import' workdir: description: 'Working directory (below repository root)' default: '.' diff --git a/dist/index.js b/dist/index.js index 3071837..ac9f76c 100644 --- a/dist/index.js +++ b/dist/index.js @@ -1281,13 +1281,11 @@ const git = __importStar(__webpack_require__(453)); const installer = __importStar(__webpack_require__(749)); const core = __importStar(__webpack_require__(470)); const exec = __importStar(__webpack_require__(986)); -const fs = __importStar(__webpack_require__(747)); function run() { return __awaiter(this, void 0, void 0, function* () { try { const version = core.getInput('version') || 'latest'; const args = core.getInput('args'); - const key = core.getInput('key'); const workdir = core.getInput('workdir') || '.'; const goreleaser = yield installer.getGoReleaser(version); const commit = yield git.getShortCommit(); @@ -1309,12 +1307,6 @@ function run() { core.info(`✅ ${tag} tag found for commit ${commit}`); } } - if (key) { - core.info('🔑 Importing signing key...'); - let path = `${process.env.HOME}/key.asc`; - fs.writeFileSync(path, key, { mode: 0o600 }); - yield exec.exec('gpg', ['--import', path]); - } core.info('🏃 Running GoReleaser...'); yield exec.exec(`${goreleaser} ${args}${snapshot}`); } diff --git a/src/main.ts b/src/main.ts index 29bce57..fb86d15 100644 --- a/src/main.ts +++ b/src/main.ts @@ -2,13 +2,11 @@ import * as git from './git'; import * as installer from './installer'; import * as core from '@actions/core'; import * as exec from '@actions/exec'; -import * as fs from 'fs'; async function run(): Promise { try { const version = core.getInput('version') || 'latest'; const args = core.getInput('args'); - const key = core.getInput('key'); const workdir = core.getInput('workdir') || '.'; const goreleaser = await installer.getGoReleaser(version); @@ -33,13 +31,6 @@ async function run(): Promise { } } - if (key) { - core.info('🔑 Importing signing key...'); - let path = `${process.env.HOME}/key.asc`; - fs.writeFileSync(path, key, {mode: 0o600}); - await exec.exec('gpg', ['--import', path]); - } - core.info('🏃 Running GoReleaser...'); await exec.exec(`${goreleaser} ${args}${snapshot}`); } catch (error) {