diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml index 412c9e60..026cabdb 100644 --- a/.github/workflows/artifacts.yaml +++ b/.github/workflows/artifacts.yaml @@ -179,7 +179,7 @@ jobs: with: cond: ${{ inputs.release }} if_true: goreleaser release - if_false: goreleaser release --skip-publish --snapshot + if_false: goreleaser release --skip=publish --snapshot - name: Build run: nix develop --impure .#ci -c ${{ steps.build-command.outputs.value }} diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 554dfb9c..3b988a91 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -1,12 +1,17 @@ +version: 2 + +project_name: vault-env + dist: build/dist +before: + hooks: + - go mod tidy builds: - - main: . - env: + - env: - CGO_ENABLED=0 - flags: - - -trimpath - ldflags: "-s -w -X main.version={{ .Version }}" + ldflags: "-s -w -X main.Version={{ .Version }}" + main: . goos: - linux - darwin @@ -15,13 +20,18 @@ builds: - arm64 archives: - - name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}" - format_overrides: - - goos: windows - format: zip + - format: tar.gz + # this name template makes the OS and Arch compatible with the results of uname. + name_template: >- + {{ .ProjectName }}_ + {{- title .Os }}_ + {{- if eq .Arch "amd64" }}x86_64 + {{- else if eq .Arch "386" }}i386 + {{- else }}{{ .Arch }}{{ end }} + {{- if .Arm }}v{{ .Arm }}{{ end }} checksum: name_template: "checksums.txt" changelog: - skip: false + disable: true diff --git a/Makefile b/Makefile index 35916ec8..295c252e 100644 --- a/Makefile +++ b/Makefile @@ -35,7 +35,7 @@ container-image: ## Build container image .PHONY: binary-snapshot binary-snapshot: ## Build binary snapshot - $(GORELEASER_BIN) release --rm-dist --skip-publish --snapshot + VERSION=v${GORELEASER_VERSION} ${GORELEASER_BIN} release --clean --skip=publish --snapshot .PHONY: artifacts artifacts: container-image binary-snapshot @@ -84,7 +84,7 @@ deps: ## Install dependencies GOLANGCI_VERSION = 1.53.3 COSIGN_VERSION = 2.2.2 LICENSEI_VERSION = 0.8.0 -GORELEASER_VERSION = 1.18.2 +GORELEASER_VERSION = 2.0.0 # Dependency binaries GOLANGCI_LINT_BIN := golangci-lint @@ -127,4 +127,6 @@ bin/cosign: bin/goreleaser: - scripts/get-goreleaser.sh + @mkdir -p bin + curl -sfL https://goreleaser.com/static/run -o bin/goreleaser + @chmod +x bin/goreleaser diff --git a/flake.lock b/flake.lock index 7920d7f5..3886a2c5 100644 --- a/flake.lock +++ b/flake.lock @@ -39,11 +39,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1717245169, - "narHash": "sha256-+mW3rTBjGU8p1THJN0lX/Dd/8FbnF+3dB+mJuSaxewE=", + "lastModified": 1719228706, + "narHash": "sha256-9C9H8lguX/Bay1VzkuontOG7v0vLJVhEhtH6yRwi5fk=", "owner": "cachix", "repo": "devenv", - "rev": "c3f9f053c077c6f88a3de5276d9178c62baa3fc3", + "rev": "9dd2ea01c1ff9709826c098b589bb779ce85ab28", "type": "github" }, "original": { @@ -362,16 +362,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1717372969, - "narHash": "sha256-cyFuF5+g59NjOAkx7+oUrQfzzvWwzJvZTMTsl85JgJk=", + "lastModified": 1719223410, + "narHash": "sha256-jtIo8xR0Zp4SalIwmD+OdCwHF4l7OU6PD63UUK4ckt4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0fc0a545f5efbc7dbc3bbd6a2ec8280bff01d73e", + "rev": "efb39c6052f3ce51587cf19733f5f4e5d515aa13", "type": "github" }, "original": { "owner": "NixOS", - "ref": "master", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 7021947d..90e271da 100644 --- a/flake.nix +++ b/flake.nix @@ -2,8 +2,7 @@ description = "Go libraries for interacting with Hashicorp Vault"; inputs = { - # nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; - nixpkgs.url = "github:NixOS/nixpkgs/master"; + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; flake-parts.url = "github:hercules-ci/flake-parts"; devenv.url = "github:cachix/devenv"; }; @@ -40,16 +39,20 @@ packages = with pkgs; [ gnumake - # golangci-lint goreleaser + # golangci-lint + # TODO: remove once https://github.com/NixOS/nixpkgs/pull/254878 hits unstable + (golangci-lint.override (prev: { + buildGoModule = pkgs.buildGo121Module; + })) + kubectl yamllint hadolint ] ++ [ self'.packages.licensei - self'.packages.golangci-lint ]; env = { @@ -116,47 +119,6 @@ "-X github.com/hashicorp/vault/sdk/version.VersionPrerelease=" ]; }; - - golangci-lint = pkgs.buildGo121Module rec { - pname = "golangci-lint"; - version = "1.54.2"; - - src = pkgs.fetchFromGitHub { - owner = "golangci"; - repo = "golangci-lint"; - rev = "v${version}"; - hash = "sha256-7nbgiUrp7S7sXt7uFXX8NHYbIRLZZQcg+18IdwAZBfE="; - }; - - vendorHash = "sha256-IyH5lG2a4zjsg/MUonCUiAgMl4xx8zSflRyzNgk8MR0="; - - subPackages = [ "cmd/golangci-lint" ]; - - nativeBuildInputs = [ pkgs.installShellFiles ]; - - ldflags = [ - "-s" - "-w" - "-X main.version=${version}" - "-X main.commit=v${version}" - "-X main.date=19700101-00:00:00" - ]; - - postInstall = '' - for shell in bash zsh fish; do - HOME=$TMPDIR $out/bin/golangci-lint completion $shell > golangci-lint.$shell - installShellCompletion golangci-lint.$shell - done - ''; - - meta = with pkgs.lib; { - description = "Fast linters Runner for Go"; - homepage = "https://golangci-lint.run/"; - changelog = "https://github.com/golangci/golangci-lint/blob/v${version}/CHANGELOG.md"; - license = licenses.gpl3Plus; - maintainers = with maintainers; [ anpryl manveru mic92 ]; - }; - }; }; }; }; diff --git a/main.go b/main.go index 0cc4f47b..604eb82a 100644 --- a/main.go +++ b/main.go @@ -36,6 +36,8 @@ import ( "github.com/spf13/cast" ) +var Version = "dev" + // The special value for VAULT_ENV which marks that the login token needs to be passed through to the application // which was acquired during the new Vault client creation const vaultLogin = "vault:login" diff --git a/scripts/get-goreleaser.sh b/scripts/get-goreleaser.sh deleted file mode 100755 index 80d85bbe..00000000 --- a/scripts/get-goreleaser.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/usr/bin/env bash -set -e - -# Define the bin directory -BIN_DIR="bin" - -# Create the bin directory if it doesn't exist -mkdir -p "$BIN_DIR" - -if [[ "$VERSION" == *-pro ]]; then - DISTRIBUTION="pro" -fi - -if test "$DISTRIBUTION" = "pro"; then - echo "Using Pro distribution..." - RELEASES_URL="https://github.com/goreleaser/goreleaser-pro/releases" - FILE_BASENAME="goreleaser-pro" - LATEST="$(curl -sf https://goreleaser.com/static/latest-pro)" -else - echo "Using the OSS distribution..." - RELEASES_URL="https://github.com/goreleaser/goreleaser/releases" - FILE_BASENAME="goreleaser" - LATEST="$(curl -sf https://goreleaser.com/static/latest)" -fi - -test -z "$VERSION" && VERSION="$LATEST" - -test -z "$VERSION" && { - echo "Unable to get goreleaser version." >&2 - exit 1 -} - -if test "$DISTRIBUTION" = "pro" && [[ "$VERSION" != *-pro ]]; then - VERSION="$VERSION-pro" -fi - -TMP_DIR="$(mktemp -d)" -trap "rm -rf \"$TMP_DIR\"" EXIT INT TERM - -OS="$(uname -s)" -ARCH="$(uname -m)" -test "$ARCH" = "aarch64" && ARCH="arm64" -TAR_FILE="${FILE_BASENAME}_${OS}_${ARCH}.tar.gz" - -( - cd "$TMP_DIR" - echo "Downloading GoReleaser $VERSION..." - curl -sfLO "$RELEASES_URL/download/$VERSION/$TAR_FILE" - curl -sfLO "$RELEASES_URL/download/$VERSION/checksums.txt" - echo "Verifying checksums..." - sha256sum --ignore-missing --quiet --check checksums.txt - if command -v cosign >/dev/null 2>&1; then - echo "Verifying signatures..." - cosign verify-blob \ - --certificate-identity-regexp "https://github.com/goreleaser/goreleaser.*/.github/workflows/.*.yml@refs/tags/$VERSION" \ - --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \ - --cert "$RELEASES_URL/download/$VERSION/checksums.txt.pem" \ - --signature "$RELEASES_URL/download/$VERSION/checksums.txt.sig" \ - checksums.txt - else - echo "Could not verify signatures, cosign is not installed." - fi -) - -tar -xf "$TMP_DIR/$TAR_FILE" -C "$TMP_DIR" -mv "$TMP_DIR/goreleaser" "$BIN_DIR/"