Skip to content

Create a binary for releases #59

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jaxxstorm wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Create a binary for releases #59

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions .github/dependabot.yml
View file
Open in desktop

This file was deleted.

142 changes: 142 additions & 0 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
name: Build and Release gitops-pusher

on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
gitops_pusher_commit:
description: 'Tailscale gitops-pusher commit hash'
required: true
default: '66aa77416744037baec93206ae212012a2314f83'
tag_name:
description: 'Release tag name'
required: true
default: 'v1.0.0'

jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
goos: [linux]
goarch: [amd64]

steps:
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.22.4

- name: Set commit hash
id: commit
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
echo "hash=${{ github.event.inputs.gitops_pusher_commit }}" >> $GITHUB_OUTPUT
else
echo "hash=66aa77416744037baec93206ae212012a2314f83" >> $GITHUB_OUTPUT
fi

- name: Build binary
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
CGO_ENABLED: 0
run: |
COMMIT_HASH="${{ steps.commit.outputs.hash }}"
BINARY_NAME="gitops-pusher-${{ matrix.goos }}-${{ matrix.goarch }}"

if [ "${{ matrix.goos }}" = "windows" ]; then
BINARY_NAME="${BINARY_NAME}.exe"
fi

echo "Building for ${{ matrix.goos }}/${{ matrix.goarch }}"

# Create a temporary directory for the build
mkdir -p /tmp/gitops-pusher-build
cd /tmp/gitops-pusher-build

# Initialize a new Go module and enable module mode
go mod init temp-build
go env -w GO111MODULE=on

# Install the specific version of gitops-pusher
GOBIN="${GITHUB_WORKSPACE}" go install "tailscale.com/cmd/gitops-pusher@${COMMIT_HASH}"

# Rename the binary to include platform info
mv "${GITHUB_WORKSPACE}/gitops-pusher" "${GITHUB_WORKSPACE}/${BINARY_NAME}"

# Make executable (for non-Windows)
if [ "${{ matrix.goos }}" != "windows" ]; then
chmod +x "${GITHUB_WORKSPACE}/${BINARY_NAME}"
fi

echo "BINARY_NAME=${BINARY_NAME}" >> $GITHUB_ENV

- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: ${{ env.BINARY_NAME }}
path: ${{ env.BINARY_NAME }}

release:
needs: build
runs-on: ubuntu-latest
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch'

steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: ./binaries

- name: Set release tag
id: tag
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
echo "tag=${{ github.event.inputs.tag_name }}" >> $GITHUB_OUTPUT
else
echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
fi

- name: Create checksums
run: |
cd binaries
find . -type f -name "gitops-pusher-*" -exec sha256sum {} \; > ../checksums.txt
cd ..
echo "Checksums created:"
cat checksums.txt

- name: Create release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ steps.tag.outputs.tag }}
name: gitops-pusher ${{ steps.tag.outputs.tag }}
body: |
## gitops-pusher Binary Release

Pre-compiled binaries for Tailscale's gitops-pusher tool.

**Commit:** ${{ steps.commit.outputs.hash || '66aa77416744037baec93206ae212012a2314f83' }}

### Usage
Download the appropriate binary for your platform and use it in your workflows:

```yaml
- name: Download gitops-pusher
run: |
wget https://github.com/${{ github.repository }}/releases/download/${{ steps.tag.outputs.tag }}/gitops-pusher-linux-amd64
chmod +x gitops-pusher-linux-amd64
./gitops-pusher-linux-amd64 --policy-file=policy.hujson test
```

### Checksums
See `checksums.txt` for file verification.
files: |
binaries/*/gitops-pusher-*
checksums.txt
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
22 changes: 15 additions & 7 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,10 @@ inputs:
action:
description: "Action to take (test/apply)"
required: true
gitops-pusher-version:
description: "Version of gitops-pusher to use"
required: false
default: "latest"
runs:
using: "composite"
steps:
Expand All @@ -33,14 +37,18 @@ runs:
if: ${{ inputs['api-key'] != '' && inputs['oauth-secret'] != '' }}
shell: bash
run: |
echo "::error title=⛔ error hint::only one of API Key or OAuth secret should be specified.
echo "::error title=⛔ error hint::only one of API Key or OAuth secret should be specified."
exit 1
- uses: actions/setup-go@v5
- name: Install gitops-pusher
uses: jaxxstorm/action-install-gh-release@v1.12.0
with:
go-version: 1.22.4
cache: false

- name: Gitops pusher
repo: ${{ github.repository }}
tag: ${{ inputs.gitops-pusher-version }}
binaries-location: binaries
rename-to: gitops-pusher
chmod: 0755
file: gitops-pusher-linux-amd64
- name: Run gitops-pusher
shell: bash
env:
# gitops-pusher will use OAUTH_ID and OAUTH_SECRET if non-empty,
Expand All @@ -49,4 +57,4 @@ runs:
TS_OAUTH_SECRET: "${{ inputs.oauth-secret }}"
TS_API_KEY: "${{ inputs.api-key }}"
TS_TAILNET: "${{ inputs.tailnet }}"
run: go run tailscale.com/cmd/gitops-pusher@66aa77416744037baec93206ae212012a2314f83 "--policy-file=${{ inputs.policy-file }}" "${{ inputs.action }}"
run: gitops-pusher "--policy-file=${{ inputs.policy-file }}" "${{ inputs.action }}"