ci: Add Terraform Registry release procedure (#42)

.github/workflows/release.yml

@@ -1,79 +1,43 @@
+# This GitHub action can publish assets for release when a tag is created.
+# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
+#
+# This uses an action (paultyng/ghaction-import-gpg) that assumes you set your 
+# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
+# secret. If you would rather own your own GPG handling, please fork this action
+# or use an alternative one for key handling.
+#
+# You will need to pass the `--batch` flag to `gpg` in your signing step 
+# in `goreleaser` to indicate this is being used in a non-interactive mode.
+#
+name: Release Provider
 on:
   push:
     tags:
       - 'v*'
-
-name: Release provider
-
 jobs:
-  create-release:
-    name: Create release
+  goreleaser:
     runs-on: ubuntu-latest
-    outputs:
-      upload_url: ${{ steps.create_release.outputs.upload_url }}
     steps:
-      - name: Create Release
-        id: create_release
-        uses: actions/create-release@v1
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Unshallow
+        run: git fetch --prune --unshallow
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.14
+      - name: Import GPG key
+        id: import_gpg
+        uses: paultyng/[email protected]
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          PASSPHRASE: ${{ secrets.PASSPHRASE }}
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
         with:
-          tag_name: ${{ github.ref }}
-          release_name: ${{ github.ref }}
-          draft: true
-          prerelease: false
-          body: |
-            ### Major Changes
-            ### Minor Changes
-            ### Bug Fixes
-
-  build:
-    name: Build provider
-    runs-on: ubuntu-latest
-    needs: [create-release]
-    strategy:
-      matrix:
-        include:
-          - os: darwin
-            arch: amd64
-          - os: freebsd
-            arch: 386
-          - os: freebsd
-            arch: amd64
-          - os: freebsd
-            arch: arm
-          - os: linux
-            arch: 386
-          - os: linux
-            arch: amd64
-          - os: linux
-            arch: arm
-          - os: openbsd
-            arch: 386
-          - os: openbsd
-            arch: amd64
-          - os: solaris
-            arch: amd64
-          - os: windows
-            arch: 386
-          - os: windows
-            arch: amd64
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-
-      - name: Build project
-        run: |
-          VERSION=$([ -z "`git tag -l --contains HEAD`" ] && git rev-parse --short HEAD || git tag -l --contains HEAD)
-          GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} go build -o terraform-provider-sysdig_$VERSION
-          tar -czf "terraform-provider-sysdig-${{ matrix.os }}-${{ matrix.arch }}.tar.gz" terraform-provider-sysdig_$VERSION --remove-files
-
-      - name: Upload Release Asset
-        uses: actions/upload-release-asset@v1
+          version: latest
+          args: release --rm-dist
         env:
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ needs.create-release.outputs.upload_url }}
-          asset_path: ./terraform-provider-sysdig-${{ matrix.os }}-${{ matrix.arch }}.tar.gz
-          asset_name: terraform-provider-sysdig-${{ matrix.os }}-${{ matrix.arch }}.tar.gz
-          asset_content_type: application/tar+gzip
+

.goreleaser.yml

@@ -0,0 +1,55 @@
+# Visit https://goreleaser.com for documentation on how to customize this
+# behavior.
+before:
+  hooks:
+    # this is just an example and not a requirement for provider building/publishing
+    - go mod tidy
+builds:
+  - env:
+      # goreleaser does not work with CGO, it could also complicate
+      # usage by users in CI/CD systems like Terraform Cloud where
+      # they are unable to install libraries.
+      - CGO_ENABLED=0
+    mod_timestamp: '{{ .CommitTimestamp }}'
+    flags:
+      - -trimpath
+    ldflags:
+      - '-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}'
+    goos:
+      - freebsd
+      - windows
+      - linux
+      - darwin
+    goarch:
+      - amd64
+      - '386'
+      - arm
+      - arm64
+    ignore:
+      - goos: darwin
+        goarch: '386'
+    binary: '{{ .ProjectName }}_v{{ .Version }}'
+archives:
+  - format: zip
+    name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
+checksum:
+  name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
+  algorithm: sha256
+signs:
+  - artifacts: checksum
+    args:
+      # if you are using this is a GitHub action or some other automated pipeline, you 
+      # need to pass the batch flag to indicate its not interactive.
+      - "--batch"
+      - "--local-user"
+      - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key
+      - "--output"
+      - "${signature}"
+      - "--detach-sign"
+      - "${artifact}"
+release:
+# If you want to manually examine the release before its live, uncomment this line:
+# draft: true
+changelog:
+  skip: false
+