Use Goreleaser, and publish arm64

Signed-off-by: peterdeme <[email protected]>
spacelift-io · Nov 25, 2023 · c193f39 · c193f39
1 parent 8d8dd75
commit c193f39
Show file tree

Hide file tree

Showing 11 changed files with 268 additions and 380 deletions.
diff --git a/.github/workflows/build-binary.yml b/.github/workflows/build-binary.yml
@@ -2,31 +2,33 @@ name: Build Binary
 
 on: { push: { branches-ignore: [main, production] } }
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
 jobs:
-  preprod-agent-deployment:
-    name: Build and upload agent
+  build-binary:
+    name: Build binary
     runs-on: ubuntu-latest
     container: golang:1.20
 
-    env:
-      BASE_NAME: spacelift-vcs-agent
-      BIN_DIR: build
-
     steps:
       - name: Check out repository code
         uses: actions/checkout@v4
 
-      - name: Mark source directory as safe. # This is some duct tape over the git version in the Go image complaining about this since one of the 1.19.x versions. Feel free to remove once it doesn't break the build anymore. See https://github.com/actions/runner/issues/2033 and https://github.com/actions/checkout/issues/760#issuecomment-1097797031
+      - name: Mark source directory as safe.
         run: git config --global --add safe.directory $GITHUB_WORKSPACE
 
       - name: parse short SHA
         id: vars
         run: |
           echo ::set-output name=sha::$(git rev-parse --short=8 ${{ github.sha }})
 
-      - name: Build Spacelift VCS Agent
-        run: go build -a -tags netgo -ldflags "-s -w -extldflags '-static' -X main.VERSION=$SHORT_SHA -X main.BugsnagAPIKey=$BUGSNAG_API_KEY" -trimpath -o $BIN_DIR/$BASE_NAME ./cmd/spacelift-vcs-agent
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          version: latest
+          args: release --snapshot
         env:
           BUGSNAG_API_KEY: ${{ secrets.PREPROD_BUGSNAG_API_KEY }}
-          CGO_ENABLED: 0
           SHORT_SHA: ${{ steps.vars.outputs.sha }}
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -2,6 +2,10 @@ name: Linting
 
 on: { push: { branches-ignore: [main, production] } }
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
 jobs:
   linting:
     name: Lint the code

diff --git a/.github/workflows/preprod-deployment.yml b/.github/workflows/preprod-deployment.yml
@@ -1,176 +1,32 @@
 name: Preprod deployment
 
-on:
-  push: 
-    branches:
-      - main
+on: [push]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
 
 jobs:
   preprod-agent-deployment:
-    name: Build and upload agent
+    name: Build and upload VCS Agent
     runs-on: ubuntu-latest
-    outputs:
-      deployment_id: ${{ steps.deployment.outputs.deployment_id }}
-    container: golang:1.20
-    env:
-      BASE_NAME: spacelift-vcs-agent
-      BIN_DIR: build
     permissions:
       id-token: write
       contents: read
-      deployments: write
 
     steps:
       - name: Check out repository code
         uses: actions/checkout@v4
 
-      - name: Mark source directory as safe. # This is some duct tape over the git version in the Go image complaining about this since one of the 1.19.x versions. Feel free to remove once it doesn't break the build anymore. See https://github.com/actions/runner/issues/2033 and https://github.com/actions/checkout/issues/760#issuecomment-1097797031
-        run: git config --global --add safe.directory $GITHUB_WORKSPACE
-
-      - uses: chrnorm/deployment-action@releases/v1
-        name: Create GitHub deployment
-        if: ${{ github.ref == 'refs/heads/main' }}
-        id: deployment
-        with:
-          token: "${{ github.token }}"
-          target_url: https://downloads.spacelift.dev/spacelift-vcs-agent
-          environment: preprod/vcs-agent
-
-      - name: parse short SHA
-        id: vars
-        run: |
-          echo ::set-output name=sha::$(git rev-parse --short=8 ${{ github.sha }})
-
-      - name: Build Spacelift VCS Agent
-        run: go build -a -tags netgo -ldflags "-s -w -extldflags '-static' -X main.VERSION=$SHORT_SHA -X main.BugsnagAPIKey=$BUGSNAG_API_KEY" -trimpath -o $BIN_DIR/$BASE_NAME ./cmd/spacelift-vcs-agent
-        env:
-          BUGSNAG_API_KEY: ${{ secrets.PREPROD_BUGSNAG_API_KEY }}
-          CGO_ENABLED: 0
-          SHORT_SHA: ${{ steps.vars.outputs.sha }}
-
-      - name: Install dependencies
-        run: |
-          apt-get update -y
-          apt-get install -y awscli zip
-
-      - name: Import the PGP key
-        run: |
-          echo ${GPG_KEY_BASE64} | base64 -d > spacelift.gpg
-          gpg --import \
-            --passphrase=$GPG_PASSPHRASE \
-            --pinentry-mode=loopback \
-            spacelift.gpg
-          rm spacelift.gpg
-        env:
-          GPG_KEY_BASE64: ${{ secrets.GPG_KEY_BASE64 }}
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-
-      - name: Sign Spacelift VCS Agent Binary
-        run: ./scripts/sign.sh $BIN_DIR $BASE_NAME
-        env:
-          GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-          SHORT_SHA: ${{ steps.vars.outputs.sha }}
-
-      - name: Verify Checksum Spacelift VCS Agent Binary
-        run: ./scripts/verify.sh $BIN_DIR $BASE_NAME
-        env:
-          SHORT_SHA: ${{ steps.vars.outputs.sha }}
-
-      - name: Upload the VCS Agent binary
-        uses: actions/upload-artifact@v3
-        with:
-          name: vcs-agent-binary
-          path: build/
-          retention-days: 1
-
-      - name: Update deployment status (failure)
-        uses: chrnorm/deployment-status@releases/v1
-        if: failure() && ${{ github.ref == 'refs/heads/main' }}
-        with:
-          token: "${{ github.token }}"
-          target_url: https://downloads.spacelift.dev/spacelift-vcs-agent
-          state: "failure"
-          deployment_id: ${{ steps.deployment.outputs.deployment_id }}
-
-  publish-preprod-agent-deployment:
-    name: Upload VCS agent binary and container image
-    needs: ["preprod-agent-deployment"]
-    runs-on: ubuntu-latest
-
-    env:
-      BIN_DIR: build
-    permissions:
-      id-token: write
-      contents: read
-      deployments: write
-
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v4
-
-      - name: Download the VCS Agent binary
-        uses: actions/download-artifact@v3
-        with:
-          name: vcs-agent-binary
-          path: ./build
-
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        if: ${{ github.ref == 'refs/heads/main' }}
-        with:
-          aws-region: eu-west-1
-          role-to-assume: ${{ secrets.PREPROD_AWS_ROLE_TO_ASSUME }}
-          role-duration-seconds: 900
-
-      - name: Upload the VCS Agent binary to downloads.spacelift.dev
-        if: ${{ github.ref == 'refs/heads/main' }}
-        run: >-
-          aws s3 sync
-          ${BIN_DIR} s3://${{ secrets.PREPROD_AWS_S3_BUCKET }}/
-          --no-progress
-
-      - name: Invalidate downloads.spacelift.dev cache
-        if: ${{ github.ref == 'refs/heads/main' }}
-        run: >-
-          aws cloudfront create-invalidation
-          --distribution-id ${{ secrets.PREPROD_DISTRIBUTION }}
-          --paths "/*"
-
-      - name: Log in to Amazon public ECR
-        if: ${{ github.ref == 'refs/heads/main' }}
-        run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
-
-    # This will be needed in the future for adding multi architecture build support
-    #  - name: Set up QEMU
-    #    uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Build and push the image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          platforms: linux/amd64
-          push: ${{ github.ref == 'refs/heads/main' }}
-          tags: |
-            ${{ secrets.PREPROD_PUBLIC_VCS_AGENT_ECR_REPOSITORY_URL }}:latest
-
-      - name: Update deployment status (success)
-        uses: chrnorm/deployment-status@releases/v1        
-        if: success() && ${{ github.ref == 'refs/heads/main' }}
-        with:
-          token: "${{ github.token }}"
-          target_url: https://downloads.spacelift.dev/spacelift-vcs-agent
-          state: "success"
-          deployment_id: ${{ needs.preprod-agent-deployment.outputs.deployment_id }}
-
-      - name: Update deployment status (failure)
-        uses: chrnorm/deployment-status@releases/v1
-        if: failure() && ${{ github.ref == 'refs/heads/main' }}
-        with:
-          token: "${{ github.token }}"
-          target_url: https://downloads.spacelift.dev/spacelift-vcs-agent
-          state: "failure"
-          deployment_id: ${{ needs.preprod-agent-deployment.outputs.deployment_id }}
+      - name: Publish binary & Docker image
+        uses: ./.github/workflows/publish
+        with:
+          aws_role_to_assume: ${{ secrets.PREPROD_AWS_ROLE_TO_ASSUME }}
+          ecr_repository_url: ${{ secrets.PREPROD_PUBLIC_VCS_AGENT_ECR_REPOSITORY_URL }}
+          aws_bucket: ${{ secrets.PREPROD_AWS_S3_BUCKET }}
+          cloudfront_distribution: ${{ secrets.PREPROD_DISTRIBUTION }}
+          bugsnag_api_key: ${{ secrets.PREPROD_BUGSNAG_API_KEY }}
+          gpg_key_id: ${{ secrets.GPG_KEY_ID }}
+          gpg_base64_key: ${{ secrets.GPG_KEY_BASE64 }}
+          gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}