From 477c87aea92fbe5ab0a34bd89aa259034fa59ce7 Mon Sep 17 00:00:00 2001 From: Alex Clarke Date: Sun, 14 Sep 2025 18:00:38 -0600 Subject: [PATCH] ci: Full release attempt (GitHub, Choco, Homebrew, and Crates) --- .github/workflows/release.yml | 407 +++++++++++++--------------------- CHANGELOG.md | 32 --- Cargo.lock | 2 +- Cargo.toml | 2 +- 4 files changed, 156 insertions(+), 287 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 13c5722..3bd78e7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -151,7 +151,7 @@ jobs: Cargo.toml Cargo.lock - build-release-artifacts: + publish-github-release: name: build-release needs: [bump-version] runs-on: ${{ matrix.os }} @@ -361,256 +361,157 @@ jobs: overwrite: true -## TODO Uncomment for sure -####################### -## Post publish jobs ## -####################### + publish-chocolatey-package: + needs: [publish-github-release] + name: Publish Chocolatey Package + runs-on: windows-latest + steps: + - name: Check if actor is repository owner + if: ${{ github.actor != github.repository_owner && env.ACT != 'true' }} + run: | + echo "You are not authorized to run this workflow." + exit 1 -# publish-github-release: -# name: publish-github-release -# needs: [build-release-artifacts] -# runs-on: ubuntu-latest -# steps: -# - name: Check if actor is repository owner -# if: ${{ github.actor != github.repository_owner && env.ACT != 'true' }} -# run: | -# echo "You are not authorized to run this workflow." -# exit 1 -# -# - name: Checkout repository -# uses: actions/checkout@v3 -# with: -# fetch-depth: 0 -# -# - name: Download all artifacts -# uses: actions/download-artifact@v4 -# with: -# path: artifacts -# merge-multiple: true -# -# - name: Ensure repository is up-to-date -# if: env.ACT != 'true' -# run: | -# git fetch --all -# git pull -# -# - name: Set environment variables -# run: | -# release_version="$(cat ./artifacts/release-version)" -# echo "RELEASE_VERSION=$release_version" >> $GITHUB_ENV -# changelog_body="$(cat ./artifacts/changelog.md)" -# echo "changelog_body=$(cat artifacts/changelog.md)" >> $GITHUB_ENV -# -# - name: Validate release environment variables -# run: | -# echo "Release version: ${{ env.RELEASE_VERSION }}" -# echo "Changelog body: ${{ env.changelog_body }}" -# -# - name: Create a GitHub Release -# if: env.ACT != 'true' -# uses: softprops/action-gh-release@v1 -# env: -# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} -# with: -# files: | -# artifacts/gman-macos-arm64.tar.gz -# artifacts/gman-macos-arm64.sha256 -# artifacts/gman-macos.tar.gz -# artifacts/gman-macos.sha256 -# artifacts/gman-windows.tar.gz -# artifacts/gman-windows.sha256 -# artifacts/gman-windows-aarch64.tar.gz -# artifacts/gman-windows-aarch64.sha256 -# artifacts/gman-linux.tar.gz -# artifacts/gman-linux.sha256 -# artifacts/gman-linux-musl.tar.gz -# artifacts/gman-linux-musl.sha256 -# artifacts/gman-aarch64-gnu.tar.gz -# artifacts/gman-aarch64-gnu.sha256 -# artifacts/gman-aarch64-musl.tar.gz -# artifacts/gman-aarch64-musl.sha256 -# artifacts/gman-armv6-gnu.tar.gz -# artifacts/gman-armv6-gnu.sha256 -# artifacts/gman-armv6-musl.tar.gz -# artifacts/gman-armv6-musl.sha256 -# artifacts/gman-armv7-gnu.tar.gz -# artifacts/gman-armv7-gnu.sha256 -# artifacts/gman-armv7-musl.tar.gz -# artifacts/gman-armv7-musl.sha256 -# tag_name: v${{ env.RELEASE_VERSION }} -# name: "v${{ env.RELEASE_VERSION }}" -# body: ${{ env.changelog_body }} -# draft: false -# prerelease: false -# -# - name: Upload artifacts -# uses: actions/upload-artifact@v4 -# with: -# path: artifacts -# overwrite: true -# -# publish-chocolatey-package: -# needs: [publish-github-release] -# name: Publish Chocolatey Package -# runs-on: windows-latest -# steps: -# - name: Check if actor is repository owner -# if: ${{ github.actor != github.repository_owner && env.ACT != 'true' }} -# run: | -# echo "You are not authorized to run this workflow." -# exit 1 -# -# - name: Checkout repository -# uses: actions/checkout@v4 -# with: -# fetch-depth: 1 -# -# - name: Get release artifacts -# uses: actions/download-artifact@v4 -# with: -# path: artifacts -# merge-multiple: true -# -# - name: Set release assets and version -# shell: pwsh -# run: | -# # Read the first column from the SHA256 file -# $windows_sha = Get-Content ./artifacts/gman-windows.sha256 | ForEach-Object { $_.Split(' ')[0] } -# Add-Content -Path $env:GITHUB_ENV -Value "WINDOWS_SHA=$windows_sha" -# -# # Read the release version from the release-version file -# $release_version = Get-Content ./artifacts/release-version -# Add-Content -Path $env:GITHUB_ENV -Value "RELEASE_VERSION=$release_version" -# -# - name: Validate release environment variables -# run: | -# echo "Release SHA windows: ${{ env.WINDOWS_SHA }}" -# echo "Release version: ${{ env.RELEASE_VERSION }}" -# -# - name: Package and Publish package to Chocolatey -# if: env.ACT != 'true' -# run: | -# mkdir ./deployment/chocolatey/tools -# # Run packaging script -# python "./deployment/chocolatey/packager.py" ${{ env.RELEASE_VERSION }} "./deployment/chocolatey/gman.nuspec.template" "./deployment/chocolatey/gman.nuspec" ${{ env.WINDOWS_SHA }} -# python "./deployment/chocolatey/packager.py" ${{ env.RELEASE_VERSION }} "./deployment/chocolatey/chocolateyinstall.ps1.template" "./deployment/chocolatey/tools/chocolateyinstall.ps1" ${{ env.WINDOWS_SHA }} -# -# # Publish to Chocolatey -# cd ./deployment/chocolatey -# choco pack -# echo y | choco install gman -dv -s . -# $version = gman --version -# $version = $version -replace " ", "." -# choco push $version.nupkg -s https://push.chocolatey.org/ --api-key ${{ secrets.CHOCOLATEY_API_KEY }}; -# -# publish-homebrew-formula: -# needs: [publish-github-release] -# name: Update Homebrew formulas -# runs-on: ubuntu-latest -# steps: -# - name: Check if actor is repository owner -# if: ${{ github.actor != github.repository_owner && env.ACT != 'true' }} -# run: | -# echo "You are not authorized to run this workflow." -# exit 1 -# -# - name: Checkout repository -# uses: actions/checkout@v4 -# with: -# fetch-depth: 1 -# -# - name: Get release artifacts -# uses: actions/download-artifact@v4 -# with: -# path: artifacts -# merge-multiple: true -# -# - name: Set release assets and version -# shell: bash -# run: | -# # Set environment variables -# macos_sha="$(cat ./artifacts/gman-macos.sha256 | awk '{print $1}')" -# echo "MACOS_SHA=$macos_sha" >> $GITHUB_ENV -# macos_sha_arm="$(cat ./artifacts/gman-macos-arm64.sha256 | awk '{print $1}')" -# echo "MACOS_SHA_ARM=$macos_sha_arm" >> $GITHUB_ENV -# linux_sha="$(cat ./artifacts/gman-linux-musl.sha256 | awk '{print $1}')" -# echo "LINUX_SHA=$linux_sha" >> $GITHUB_ENV -# release_version="$(cat ./artifacts/release-version)" -# echo "RELEASE_VERSION=$release_version" >> $GITHUB_ENV -# -# - name: Validate release environment variables -# run: | -# echo "Release SHA macos: ${{ env.MACOS_SHA }}" -# echo "Release SHA macos-arm: ${{ env.MACOS_SHA_ARM }}" -# echo "Release SHA linux musl: ${{ env.LINUX_SHA }}" -# echo "Release version: ${{ env.RELEASE_VERSION }}" -# -# - name: Execute Homebrew packaging script -# if: env.ACT != 'true' -# run: | -# # run packaging script -# python "./deployment/homebrew/packager.py" ${{ env.RELEASE_VERSION }} "./deployment/homebrew/gman.rb.template" "./gman.rb" ${{ env.MACOS_SHA }} ${{ env.MACOS_SHA_ARM }} ${{ env.LINUX_SHA }} -# -# - name: Push changes to Homebrew tap -# if: env.ACT != 'true' -# env: -# TOKEN: ${{ secrets.GMAN_GITHUB_TOKEN }} -# run: | -# # push to Git -# git config --global user.name "Dark-Alex-17" -# git config --global user.email "alex.j.tusa@gmail.com" -# git clone https://Dark-Alex-17:${{ secrets.GMAN_GITHUB_TOKEN }}@github.com/Dark-Alex-17/homebrew-gman.git -# rm homebrew-gman/Formula/gman.rb -# cp gman.rb homebrew-gman/Formula -# cd homebrew-gman -# git add . -# git diff-index --quiet HEAD || git commit -am "Update formula for G-Man release ${{ env.RELEASE_VERSION }}" -# git push https://$TOKEN@github.com/Dark-Alex-17/homebrew-gman.git -# -# publish-crate: -# needs: publish-github-release -# name: Publish Crate -# runs-on: ubuntu-latest -# steps: -# - name: Check if actor is repository owner -# if: ${{ github.actor != github.repository_owner && env.ACT != 'true' }} -# run: | -# echo "You are not authorized to run this workflow." -# exit 1 -# -# - name: Checkout -# uses: actions/checkout@v4 -# with: -# fetch-depth: 0 -# -# - name: Get bumped Cargo files (Act) -# if: env.ACT == 'true' -# uses: actions/download-artifact@v4 -# with: -# name: bumped-cargo-files -# path: ${{ github.workspace }} -# -# - name: Ensure repository is up-to-date -# if: env.ACT != 'true' -# run: | -# git fetch --all -# git pull -# -# - uses: actions/cache@v3 -# name: Cache Cargo registry -# with: -# path: ~/.cargo/registry -# key: ${{ runner.os }}-cargo-registry-${{ hashFiles('Cargo.lock') }} -# -# - uses: actions/cache@v3 -# with: -# path: ~/.cargo/bin -# key: ${{ runner.os }}-cargo-bin-${{ hashFiles('.github/workflows/release.yml') }} -# -# - name: Install Rust stable -# uses: dtolnay/rust-toolchain@stable -# -# - uses: katyo/publish-crates@v2 -# if: env.ACT != 'true' -# with: -# registry-token: ${{ secrets.CARGO_REGISTRY_TOKEN }} + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Get release artifacts + uses: actions/download-artifact@v4 + with: + path: artifacts + merge-multiple: true + + - name: Set release assets and version + shell: pwsh + run: | + # Read the first column from the SHA256 file + $windows_sha = Get-Content ./artifacts/gman-x86_64-pc-windows-msvc.sha256 | ForEach-Object { $_.Split(' ')[0] } + Add-Content -Path $env:GITHUB_ENV -Value "WINDOWS_SHA=$windows_sha" + + # Read the release version from the release-version file + $release_version = Get-Content ./artifacts/release-version + Add-Content -Path $env:GITHUB_ENV -Value "RELEASE_VERSION=$release_version" + + - name: Validate release environment variables + run: | + echo "Release SHA windows: ${{ env.WINDOWS_SHA }}" + echo "Release version: ${{ env.RELEASE_VERSION }}" + + - name: Package and Publish package to Chocolatey + if: env.ACT != 'true' + run: | + mkdir ./deployment/chocolatey/tools + # Run packaging script + python "./deployment/chocolatey/packager.py" ${{ env.RELEASE_VERSION }} "./deployment/chocolatey/gman.nuspec.template" "./deployment/chocolatey/gman.nuspec" ${{ env.WINDOWS_SHA }} + python "./deployment/chocolatey/packager.py" ${{ env.RELEASE_VERSION }} "./deployment/chocolatey/chocolateyinstall.ps1.template" "./deployment/chocolatey/tools/chocolateyinstall.ps1" ${{ env.WINDOWS_SHA }} + + # Publish to Chocolatey + cd ./deployment/chocolatey + choco pack + echo y | choco install gman -dv -s . + $version = gman --version + $version = $version -replace " ", "." + choco push $version.nupkg -s https://push.chocolatey.org/ --api-key ${{ secrets.CHOCOLATEY_API_KEY }}; + + publish-homebrew-formula: + needs: [publish-github-release] + name: Update Homebrew formulas + runs-on: ubuntu-latest + steps: + - name: Check if actor is repository owner + if: ${{ github.actor != github.repository_owner && env.ACT != 'true' }} + run: | + echo "You are not authorized to run this workflow." + exit 1 + + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Get release artifacts + uses: actions/download-artifact@v4 + with: + path: artifacts + merge-multiple: true + + - name: Set release assets and version + shell: bash + run: | + # Set environment variables + macos_sha="$(cat ./artifacts/gman-x86_64-apple-darwin.sha256 | awk '{print $1}')" + echo "MACOS_SHA=$macos_sha" >> $GITHUB_ENV + macos_sha_arm="$(cat ./artifacts/gman-aarch64-apple-darwin.sha256 | awk '{print $1}')" + echo "MACOS_SHA_ARM=$macos_sha_arm" >> $GITHUB_ENV + linux_sha="$(cat ./artifacts/gman-x86_64-unknown-linux-musl.sha256 | awk '{print $1}')" + echo "LINUX_SHA=$linux_sha" >> $GITHUB_ENV + release_version="$(cat ./artifacts/release-version)" + echo "RELEASE_VERSION=$release_version" >> $GITHUB_ENV + + - name: Validate release environment variables + run: | + echo "Release SHA macos: ${{ env.MACOS_SHA }}" + echo "Release SHA macos-arm: ${{ env.MACOS_SHA_ARM }}" + echo "Release SHA linux musl: ${{ env.LINUX_SHA }}" + echo "Release version: ${{ env.RELEASE_VERSION }}" + + - name: Execute Homebrew packaging script + if: env.ACT != 'true' + run: | + # run packaging script + python "./deployment/homebrew/packager.py" ${{ env.RELEASE_VERSION }} "./deployment/homebrew/gman.rb.template" "./gman.rb" ${{ env.MACOS_SHA }} ${{ env.MACOS_SHA_ARM }} ${{ env.LINUX_SHA }} + + - name: Push changes to Homebrew tap + if: env.ACT != 'true' + env: + TOKEN: ${{ secrets.GMAN_GITHUB_TOKEN }} + run: | + # push to Git + git config --global user.name "Dark-Alex-17" + git config --global user.email "alex.j.tusa@gmail.com" + git clone https://Dark-Alex-17:${{ secrets.GMAN_GITHUB_TOKEN }}@github.com/Dark-Alex-17/homebrew-gman.git + rm homebrew-gman/Formula/gman.rb + cp gman.rb homebrew-gman/Formula + cd homebrew-gman + git add . + git diff-index --quiet HEAD || git commit -am "Update formula for G-Man release ${{ env.RELEASE_VERSION }}" + git push https://$TOKEN@github.com/Dark-Alex-17/homebrew-gman.git + + publish-crate: + needs: publish-github-release + name: Publish Crate + runs-on: ubuntu-latest + steps: + - name: Check if actor is repository owner + if: ${{ github.actor != github.repository_owner && env.ACT != 'true' }} + run: | + echo "You are not authorized to run this workflow." + exit 1 + + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Get bumped Cargo files (Act) + if: env.ACT == 'true' + uses: actions/download-artifact@v4 + with: + name: bumped-cargo-files + path: ${{ github.workspace }} + + - name: Ensure repository is up-to-date + if: env.ACT != 'true' + run: | + git fetch --all + git pull + + - name: Install Rust stable + uses: dtolnay/rust-toolchain@stable + + - uses: katyo/publish-crates@v2 + if: env.ACT != 'true' + with: + registry-token: ${{ secrets.CARGO_REGISTRY_TOKEN }} diff --git a/CHANGELOG.md b/CHANGELOG.md index c1e2912..da43d4e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,35 +8,3 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [0.0.1] - 2025-09-10 ### Other - -## v0.0.2 (2025-09-14) - -### Fix - -- Revert back hacky stuff so I can test with act now -- Attempting to use pre-generated bindgens for the aws-lc-sys library -- Install openSSL differently to make this work -- Address edge case for unknown_musl targets -- Install LLVM prereqs for release flow -- Updated the release flow to install the external bindgen-cli - -## v0.0.1 (2025-09-12) - -### Feat - -- Azure Key Vault support -- GCP Secret Manager support -- Full AWS SecretsManager support -- AWS Secrets Manager support -- Added two new flags to output where gman writes logs to and where it expects the config file to live - -### Fix - -- Made the vault file location more fault tolerant -- Attempting to maybe be a bit more explicit about config file handling to fix MacOS tests - -### Refactor - -- Refactor configuration structs directly into the provider definition to simplify validation, structs, and future extensions -- Made the creation of the log directories a bit more fault tolerant -- Renamed the provider field in a config file to type to make things a little easier to understand; also removed husky diff --git a/Cargo.lock b/Cargo.lock index 9b4adfa..2cc613c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1576,7 +1576,7 @@ checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" [[package]] name = "gman" -version = "0.0.2" +version = "0.0.1" dependencies = [ "anyhow", "argon2", diff --git a/Cargo.toml b/Cargo.toml index aefd9ab..46c4d95 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "gman" -version = "0.0.2" +version = "0.0.1" edition = "2024" authors = ["Alex Clarke "] description = "Universal secret management and injection tool"