diff --git a/.copywrite.hcl b/.copywrite.hcl index 46a9311a..7f4aa311 100644 --- a/.copywrite.hcl +++ b/.copywrite.hcl @@ -24,9 +24,6 @@ project { # golangci-lint tooling configuration ".golangci.yml", - # GoReleaser tooling configuration - ".goreleaser.yml", - # Release Engineering tooling configuration ".release/*.hcl", ] diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index f56dd161..00000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Release - -on: - workflow_dispatch: - inputs: - versionNumber: - description: 'Release version number (v#.#.#)' - type: string - required: true - -permissions: - contents: read # Changelog commit operations use service account PAT - -jobs: - changelog-version: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.changelog-version.outputs.version }} - steps: - - id: changelog-version - run: echo "version=$(echo "${{ inputs.versionNumber }}" | cut -c 2-)" >> "$GITHUB_OUTPUT" - - changelog: - needs: changelog-version - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - fetch-depth: 0 - # Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations - # More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials - persist-credentials: false - - - name: Batch changes - uses: miniscruff/changie-action@6dcc2533cac0495148ed4046c438487e4dceaa23 # v2.0.0 - with: - version: latest - args: batch ${{ needs.changelog-version.outputs.version }} - - - name: Merge changes - uses: miniscruff/changie-action@6dcc2533cac0495148ed4046c438487e4dceaa23 # v2.0.0 - with: - version: latest - args: merge - - - name: Git push changelog - run: | - git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}" - git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}" - git add . - git commit -a -m "Update changelog" - git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" - - release-tag: - needs: changelog - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - fetch-depth: 0 - # Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job, - # to ensure we get the latest commit we use the ref for checkout: 'refs/heads/' - ref: ${{ github.ref }} - # Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations - # More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials - persist-credentials: false - - - name: Git push release tag - run: | - git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}" - git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}" - - git tag "${{ inputs.versionNumber }}" - git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" "${{ inputs.versionNumber }}" - - release-notes: - needs: [ changelog-version, changelog, release-tag ] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ inputs.versionNumber }} - fetch-depth: 0 - - - name: Generate Release Notes - run: | - cd .changes - sed -e "1{/# /d;}" -e "2{/^$/d;}" ${{ needs.changelog-version.outputs.version }}.md > release-notes.txt - - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: release-notes - path: ./.changes/release-notes.txt - retention-days: 1 - - terraform-provider-release: - name: 'Terraform Provider Release' - needs: [ release-notes ] - permissions: - contents: write # Needed for goreleaser to create GitHub release - issues: write # Needed for goreleaser to close associated milestone - uses: hashicorp/ghaction-terraform-provider-release/.github/workflows/hashicorp.yml@5f388ae147bcc1e1c34822571b2f2de40694c5d6 # v5.0.0 - secrets: - hc-releases-key-prod: '${{ secrets.HC_RELEASES_KEY_PROD }}' - hc-releases-key-staging: '${{ secrets.HC_RELEASES_KEY_STAGING }}' - hc-releases-github-token: '${{ secrets.HASHI_RELEASES_GITHUB_TOKEN }}' - hc-releases-terraform-registry-sync-token: '${{ secrets.TF_PROVIDER_RELEASE_TERRAFORM_REGISTRY_SYNC_TOKEN }}' - setup-signore-github-token: '${{ secrets.HASHI_SIGNORE_GITHUB_TOKEN }}' - signore-client-id: '${{ secrets.SIGNORE_CLIENT_ID }}' - signore-client-secret: '${{ secrets.SIGNORE_CLIENT_SECRET }}' - hc-releases-host-staging: '${{ secrets.HC_RELEASES_HOST_STAGING }}' - hc-releases-host-prod: '${{ secrets.HC_RELEASES_HOST_PROD }}' - with: - release-notes: true - setup-go-version-file: 'go.mod' - # Product Version (e.g. v1.2.3) - product-version: '${{ inputs.versionNumber }}' diff --git a/.goreleaser.yml b/.goreleaser.yml deleted file mode 100644 index a698397c..00000000 --- a/.goreleaser.yml +++ /dev/null @@ -1,79 +0,0 @@ -version: 2 -archives: - - files: - # Ensure only built binary and license file are archived - - src: 'LICENSE' - dst: 'LICENSE.txt' - format: zip - name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}' -before: - hooks: - - 'go mod download' -builds: - - # Binary naming only required for Terraform CLI 0.12 - binary: '{{ .ProjectName }}_v{{ .Version }}_x5' - env: - - CGO_ENABLED=0 - flags: - - -trimpath - goos: - - darwin - - freebsd - - linux - - windows - goarch: - - '386' - - amd64 - - arm - - arm64 - ignore: - - goarch: arm - goos: windows - - goarch: arm64 - goos: freebsd - - goarch: arm64 - goos: windows - ldflags: - - -s -w -X main.Version={{.Version}} - mod_timestamp: '{{ .CommitTimestamp }}' -checksum: - algorithm: sha256 - extra_files: - - glob: 'terraform-registry-manifest.json' - name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json' - name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS' -milestones: - - close: true -publishers: - - checksum: true - # Terraform CLI 0.10 - 0.11 perform discovery via HTTP headers on releases.hashicorp.com - # For providers which have existed since those CLI versions, exclude - # discovery by setting the protocol version headers to 5. - cmd: | - hc-releases upload -product {{ .ProjectName }} -version {{ .Version }} -file={{ .ArtifactPath }}={{ .ArtifactName }} -header=x-terraform-protocol-version=5 -header=x-terraform-protocol-versions=5.0 - env: - - HC_RELEASES_HOST={{ .Env.HC_RELEASES_HOST }} - - HC_RELEASES_KEY={{ .Env.HC_RELEASES_KEY }} - extra_files: - - glob: 'terraform-registry-manifest.json' - name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json' - name: upload - signature: true -release: - extra_files: - - glob: 'terraform-registry-manifest.json' - name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json' - ids: - - none -signs: - - args: ["sign", "--dearmor", "--file", "${artifact}", "--out", "${signature}"] - artifacts: checksum - cmd: signore - signature: ${artifact}.sig - - args: ["sign", "--dearmor", "--file", "${artifact}", "--out", "${signature}"] - artifacts: checksum - cmd: signore - id: key-id - signature: ${artifact}.72D7468F.sig -snapshot: - name_template: "{{ .Tag }}-next" diff --git a/README.md b/README.md index 0b6ce68a..281f558d 100644 --- a/README.md +++ b/README.md @@ -103,10 +103,13 @@ $ act pull_request ## Releasing -The release process is automated via GitHub Actions, and it's defined in the Workflow -[release.yml](./.github/workflows/release.yml). +The releasable builds are generated from the [build GH workflow](./.github/workflows/build.yml) and the release/promotion process +is completed via internal HashiCorp deployment tooling. Prior to release, the changelog should be updated in `main` with +the changie tool, example: -Each release is cut by pushing a [semantically versioned](https://semver.org/) tag to the default branch. +```sh +changie batch 2.7.2 && changie merge +``` ## License