Skip to content

Commit eba7ccc

Browse files
corylanouclaude
corylanou
and
claude
authored
feat: Implement GoReleaser for automated releases with binary signing (#732)
Co-authored-by: Claude <[email protected]>
1 parent d631b15 commit eba7ccc

File tree

5 files changed

+752
-0
lines changed

5 files changed

+752
-0
lines changed

.github/workflows/release.yml

Lines changed: 140 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,140 @@
1+
name: Release
2+
3+
on:
4+
push:
5+
tags:
6+
- 'v*'
7+
workflow_dispatch:
8+
inputs:
9+
tag:
10+
description: 'Release tag (e.g., v0.3.14)'
11+
required: true
12+
type: string
13+
14+
permissions:
15+
contents: write
16+
packages: write
17+
id-token: write
18+
19+
jobs:
20+
goreleaser:
21+
runs-on: ubuntu-latest
22+
steps:
23+
- name: Checkout
24+
uses: actions/checkout@v4
25+
with:
26+
fetch-depth: 0
27+
28+
- name: Set up Go
29+
uses: actions/setup-go@v5
30+
with:
31+
go-version-file: go.mod
32+
cache: true
33+
34+
- name: Install cross-compilers
35+
run: |
36+
sudo apt-get update
37+
sudo apt-get install -y gcc-aarch64-linux-gnu gcc-arm-linux-gnueabihf gcc-arm-linux-gnueabi
38+
39+
- name: Set up QEMU
40+
uses: docker/setup-qemu-action@v3
41+
42+
- name: Import GPG key
43+
if: ${{ env.GPG_PRIVATE_KEY != '' }}
44+
id: import_gpg
45+
uses: crazy-max/ghaction-import-gpg@v6
46+
with:
47+
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
48+
passphrase: ${{ secrets.GPG_PASSPHRASE }}
49+
50+
- name: Run GoReleaser
51+
uses: goreleaser/goreleaser-action@v6
52+
with:
53+
version: latest
54+
args: release --clean
55+
env:
56+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
57+
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
58+
HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
59+
60+
# Signing jobs - uncomment after setting up certificates (see issue #733)
61+
# Instructions: https://github.com/benbjohnson/litestream/issues/733
62+
#
63+
# macos-sign:
64+
# runs-on: macos-latest
65+
# needs: goreleaser
66+
# strategy:
67+
# matrix:
68+
# arch: [amd64, arm64]
69+
# steps:
70+
# - name: Checkout
71+
# uses: actions/checkout@v4
72+
#
73+
# - name: Set up Go
74+
# uses: actions/setup-go@v5
75+
# with:
76+
# go-version-file: go.mod
77+
#
78+
# - name: Download release artifacts
79+
# uses: actions/download-artifact@v4
80+
# with:
81+
# name: litestream-darwin-${{ matrix.arch }}
82+
# path: dist/
83+
#
84+
# - name: Import Apple Developer Certificate
85+
# env:
86+
# MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE_P12 }}
87+
# MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
88+
# run: |
89+
# echo "$MACOS_CERTIFICATE" | base64 --decode > certificate.p12
90+
# security create-keychain -p actions temp.keychain
91+
# security default-keychain -s temp.keychain
92+
# security unlock-keychain -p actions temp.keychain
93+
# security import certificate.p12 -k temp.keychain -P "$MACOS_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
94+
# security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k actions temp.keychain
95+
#
96+
# - name: Sign and Notarize
97+
# env:
98+
# APPLE_API_KEY: ${{ secrets.APPLE_API_KEY_P8 }}
99+
# APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
100+
# APPLE_API_ISSUER_ID: ${{ secrets.APPLE_API_ISSUER_ID }}
101+
# AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
102+
# run: |
103+
# gon etc/gon-${{ matrix.arch }}.hcl
104+
#
105+
# - name: Upload signed binary
106+
# env:
107+
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
108+
# run: |
109+
# gh release upload ${{ github.ref_name }} dist/litestream-*-darwin-${{ matrix.arch }}.zip
110+
#
111+
# windows-sign:
112+
# runs-on: windows-latest
113+
# needs: goreleaser
114+
# strategy:
115+
# matrix:
116+
# arch: [amd64, arm64]
117+
# steps:
118+
# - name: Checkout
119+
# uses: actions/checkout@v4
120+
#
121+
# - name: Download release artifacts
122+
# uses: actions/download-artifact@v4
123+
# with:
124+
# name: litestream-windows-${{ matrix.arch }}
125+
# path: dist/
126+
#
127+
# - name: Sign Windows binary
128+
# env:
129+
# WINDOWS_CERTIFICATE_PFX: ${{ secrets.WINDOWS_CERTIFICATE_PFX }}
130+
# WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
131+
# run: |
132+
# echo "$env:WINDOWS_CERTIFICATE_PFX" | base64 -d > cert.pfx
133+
# & signtool sign /f cert.pfx /p "$env:WINDOWS_CERTIFICATE_PASSWORD" /fd SHA256 /td SHA256 /tr http://timestamp.digicert.com dist\litestream.exe
134+
# Remove-Item cert.pfx
135+
#
136+
# - name: Upload signed binary
137+
# env:
138+
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
139+
# run: |
140+
# gh release upload ${{ github.ref_name }} dist\litestream-*-windows-${{ matrix.arch }}.zip

.goreleaser.yml

Lines changed: 170 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,170 @@
1+
version: 2
2+
3+
project_name: litestream
4+
5+
before:
6+
hooks:
7+
- go mod tidy
8+
9+
builds:
10+
- id: litestream
11+
main: ./cmd/litestream
12+
binary: litestream
13+
env:
14+
- CGO_ENABLED=0
15+
goos:
16+
- linux
17+
- darwin
18+
- windows
19+
goarch:
20+
- amd64
21+
- arm64
22+
- arm
23+
goarm:
24+
- "6"
25+
- "7"
26+
ldflags:
27+
- -s -w -X main.Version={{.Version}}
28+
ignore:
29+
- goos: windows
30+
goarch: arm
31+
- goos: darwin
32+
goarch: arm
33+
34+
archives:
35+
- id: main
36+
format: tar.gz
37+
format_overrides:
38+
- goos: windows
39+
format: zip
40+
name_template: >-
41+
{{ .ProjectName }}-
42+
{{- .Version }}-
43+
{{- .Os }}-
44+
{{- if eq .Arch "amd64" }}x86_64
45+
{{- else if eq .Arch "386" }}i386
46+
{{- else }}{{ .Arch }}{{ end }}
47+
{{- if .Arm }}v{{ .Arm }}{{ end }}
48+
files:
49+
- etc/litestream.yml
50+
- etc/litestream.service
51+
- README.md
52+
- LICENSE
53+
54+
nfpms:
55+
- vendor: Litestream
56+
homepage: https://litestream.io
57+
maintainer: Litestream Contributors <[email protected]>
58+
description: Streaming replication for SQLite databases
59+
license: Apache 2.0
60+
formats:
61+
- deb
62+
- rpm
63+
contents:
64+
- src: etc/litestream.yml
65+
dst: /etc/litestream.yml
66+
type: config
67+
- src: etc/litestream.service
68+
dst: /lib/systemd/system/litestream.service
69+
type: config
70+
bindir: /usr/bin
71+
file_name_template: >-
72+
{{ .ProjectName }}-
73+
{{- .Version }}-
74+
{{- .Os }}-
75+
{{- if eq .Arch "amd64" }}x86_64
76+
{{- else if eq .Arch "386" }}i386
77+
{{- else }}{{ .Arch }}{{ end }}
78+
{{- if .Arm }}v{{ .Arm }}{{ end }}
79+
80+
brews:
81+
- name: litestream
82+
homepage: https://litestream.io
83+
description: Streaming replication for SQLite databases
84+
license: Apache-2.0
85+
repository:
86+
owner: benbjohnson
87+
name: homebrew-litestream
88+
branch: main
89+
directory: Formula
90+
install: |
91+
bin.install "litestream"
92+
etc.install "etc/litestream.yml" => "litestream.yml"
93+
test: |
94+
system "#{bin}/litestream", "version"
95+
commit_author:
96+
name: goreleaser
97+
email: [email protected]
98+
99+
checksum:
100+
name_template: 'checksums.txt'
101+
algorithm: sha256
102+
103+
snapshot:
104+
version_template: "{{ .Tag }}-next"
105+
106+
changelog:
107+
sort: asc
108+
filters:
109+
exclude:
110+
- '^docs:'
111+
- '^test:'
112+
- '^chore:'
113+
- 'Merge pull request'
114+
- 'Merge branch'
115+
116+
release:
117+
github:
118+
owner: benbjohnson
119+
name: litestream
120+
draft: false
121+
prerelease: auto
122+
mode: replace
123+
header: |
124+
## Platform Support
125+
126+
⚠️ **Windows Notice**: Windows binaries are provided for convenience but Windows is NOT an officially supported platform. Use at your own risk. Community contributions for Windows improvements are welcome.
127+
128+
✅ **Supported Platforms**: Linux (amd64, arm64, armv6, armv7), macOS (amd64, arm64)
129+
130+
## Installation
131+
132+
### Homebrew (macOS and Linux)
133+
```bash
134+
brew tap benbjohnson/litestream
135+
brew install litestream
136+
```
137+
138+
### Debian/Ubuntu
139+
Download the `.deb` file for your architecture and install:
140+
```bash
141+
sudo dpkg -i litestream-*.deb
142+
```
143+
144+
### RPM-based systems
145+
Download the `.rpm` file for your architecture and install:
146+
```bash
147+
sudo rpm -i litestream-*.rpm
148+
```
149+
150+
### Binary installation
151+
Download the appropriate archive for your platform, extract, and move to your PATH.
152+
153+
# Signing configuration - uncomment after setting up certificates (see issue #733)
154+
# signs:
155+
# - id: macos
156+
# cmd: gon
157+
# args:
158+
# - "{{ .ProjectPath }}/gon-sign.hcl"
159+
# artifacts: archive
160+
# ids:
161+
# - main
162+
# signature: "${artifact}.zip"
163+
# output: true
164+
# env:
165+
# - APPLE_DEVELOPER_ID_APPLICATION={{ .Env.APPLE_DEVELOPER_ID }}
166+
# - APPLE_DEVELOPER_TEAM_ID={{ .Env.APPLE_TEAM_ID }}
167+
# - AC_PASSWORD={{ .Env.AC_PASSWORD }}
168+
169+
sboms:
170+
- artifacts: archive

0 commit comments

Comments
 (0)