diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c9902955..bbd69400 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -33,6 +33,17 @@ jobs: - name: "Ensure docs are up-to-date" if: ${{ github.event_name == 'pull_request' }} run: ./scripts/check-docs.sh + continue-on-error: true + + - name: "Run go mod tidy" + if: ${{ github.event_name == 'pull_request' }} + run: go mod tidy + + - name: golangci-lint + uses: golangci/golangci-lint-action@v9 + with: + version: v2.7 + args: --config=golang-ci.yaml --allow-parallel-runners --timeout=5m - name: Lint run: make lint @@ -40,7 +51,6 @@ jobs: - name: Test run: make test - - name: Archive code coverage results uses: actions/upload-artifact@v4 with: diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 00000000..e5181587 --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,114 @@ +name: Publish + +on: + pull_request: + workflow_dispatch: + push: + tags: + - 'v0.*' + +env: + GO_VERSION: "1.25" + CODE_COVERAGE_FILE_NAME: "coverage.out" # must be the same as in Makefile + CODE_COVERAGE_ARTIFACT_NAME: "code-coverage" + +jobs: + config: + name: Check GoReleaser config + if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Check GoReleaser + uses: goreleaser/goreleaser-action@v6 + with: + args: check + + publish: + name: "Publish provider" + if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') + needs: config + runs-on: ubuntu-latest + permissions: + actions: read # Required to identify workflow run. + checks: write # Required to add status summary. + contents: read # Required to checkout repository. + pull-requests: write # Required to add PR comment. + steps: + - name: Install needed tools + run: | + apt-get -y -qq update + apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget + + - name: Checkout + uses: actions/checkout@v6 + + - name: Install Go ${{ env.GO_VERSION }} + uses: actions/setup-go@v6 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Install go tools + run: | + go install golang.org/x/tools/cmd/goimports@latest + go install github.com/hashicorp/terraform-plugin-codegen-framework/cmd/tfplugingen-framework@latest + go install github.com/hashicorp/terraform-plugin-codegen-openapi/cmd/tfplugingen-openapi@latest + + - uses: actions/setup-java@v5 + with: + distribution: 'temurin' # See 'Supported distributions' for available options + java-version: '21' + + - name: Run build pkg directory + run: | + go run cmd/main.go build + + - name: Set up s3cfg + run: | + cat <<'EOF' >> ~/.s3cfg + [default] + host_base = https://object.storage.eu01.onstackit.cloud + host_bucket = https://%(bucket).object.storage.eu01.onstackit.cloud + check_ssl_certificate = False + access_key = ${{ secrets.S3_ACCESS_KEY }} + secret_key = ${{ secrets.S3_SECRET_KEY }} + EOF + + - name: Import GPG key + run: | + gpg --import private.key + + - name: Run GoReleaser + id: goreleaser + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }} + uses: goreleaser/goreleaser-action@v6 + with: + args: release --skip publish --clean --snapshot + + - name: Prepare key file + run: | + echo $(echo ${{ secrets.KEY_FILE_B64 }} | base64 -d) >public_key.pem + + - name: Prepare provider directory structure + run: | + VERSION=$(jq -r .version < dist/metadata.json) + go run cmd/main.go \ + publish \ + --namespace=mhenselin \ + --providerName=stackitprivatepreview \ + --repoName=terraform-provider-stackitprivatepreview \ + --domain=tfregistry.sysops.stackit.rocks \ + --gpgFingerprint=${{ secrets.GPG_FINGERPRINT }} \ + --gpgPubKeyFile=public_key.pem \ + --version=${VERSION} + + - name: Publish provider to S3 + run: | + set -e + cd release/ + s3cmd put --recursive v1 s3://terraform-provider-privatepreview/ + s3cmd put --recursive .well-known s3://terraform-provider-privatepreview/