Common Release Tooling onboarding (#397)

hashicorp · Feb 12, 2025 · 6ea86aa · 6ea86aa
1 parent 70fd6b0
commit 6ea86aa
Show file tree

Hide file tree

Showing 6 changed files with 272 additions and 0 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,151 @@
+name: build
+
+# We now default to running this workflow on every push to every branch.
+# This provides fast feedback when build issues occur, so they can be
+# fixed prior to being merged to the main branch.
+#
+# If you want to opt out of this, and only run the build on certain branches
+# please refer to the documentation on branch filtering here:
+#
+#   https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore
+#
+#on: [workflow_dispatch, push]
+
+# By dispatch only in development
+on: [workflow_dispatch]
+
+env:
+  PKG_NAME: "terraform-provider-null"
+
+jobs:
+  get-go-version:
+    # Inspired by envconsul -- https://github.com/hashicorp/envconsul/blob/bcb270fdc53e1273b3010d51c02fcf2e67d830d0/.github/workflows/build.yml#L18
+    name: "Determine Go toolchain version"
+    runs-on: ubuntu-latest
+    outputs:
+      go-version: ${{ steps.get-go-version.outputs.go-version }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        with:
+          go-version-file: 'go.mod'
+      - name: Determine Go version
+        id: get-go-version
+        run: |
+          echo "Building with Go $(go env GOVERSION | tr -d 'go')"
+          echo "go-version=$(go env GOVERSION | tr -d 'go')" >> "$GITHUB_OUTPUT"
+
+  set-product-version:
+    runs-on: ubuntu-latest
+    outputs:
+      product-version: ${{ steps.set-product-version.outputs.product-version }}
+      product-base-version: ${{ steps.set-product-version.outputs.base-product-version }}
+      product-prerelease-version: ${{ steps.set-product-version.outputs.prerelease-product-version }}
+      product-minor-version: ${{ steps.set-product-version.outputs.minor-product-version }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Set Product version
+        id: set-product-version
+        uses: hashicorp/actions-set-product-version@v2
+
+  generate-metadata-file:
+    needs: set-product-version
+    runs-on: ubuntu-latest
+    outputs:
+      filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
+    steps:
+      - name: "Checkout directory"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Generate metadata file
+        id: generate-metadata-file
+        uses: hashicorp/actions-generate-metadata@v1
+        with:
+          version: ${{ needs.set-product-version.outputs.product-version }}
+          product: ${{ env.PKG_NAME }}
+          repositoryOwner: "hashicorp"
+      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: metadata.json
+          path: ${{ steps.generate-metadata-file.outputs.filepath }}
+
+  build-other:
+    needs:
+      - get-go-version
+      - set-product-version
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false # recommended during development
+      matrix:
+        goos: [freebsd, windows, linux]
+        goarch: ["386", "amd64", "arm", "arm64"]
+        exclude:
+          - goos: freebsd
+            goarch: arm64
+          - goos: windows
+            goarch: arm64
+          - goos: windows
+            goarch: arm
+
+    name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: hashicorp/actions-go-build@v1
+        env:
+          CGO_ENABLED: 0
+          BASE_VERSION: ${{ needs.set-product-version.outputs.product-base-version }}
+          PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.product-prerelease-version}}
+          METADATA_VERSION: ${{ env.METADATA }}
+        with:
+          bin_name: "${{ env.PKG_NAME }}_v${{ needs.set-product-version.outputs.product-version }}_x5"
+          product_name: ${{ env.PKG_NAME }}
+          product_version: ${{ needs.set-product-version.outputs.product-version }}
+          go_version: ${{ needs.get-go-version.outputs.go-version }}
+          os: ${{ matrix.goos }}
+          arch: ${{ matrix.goarch }}
+          reproducible: report
+          instructions: |
+            go build \
+              -o "$BIN_PATH" \
+              -trimpath \
+              -buildvcs=false \
+              -ldflags "-s -w -X 'main.Version=${{ needs.set-product-version.outputs.product-version }}'"
+            cp LICENSE "$TARGET_DIR/LICENSE.txt"
+
+  build-darwin:
+    needs:
+      - get-go-version
+      - set-product-version
+    runs-on: macos-latest
+    strategy:
+      matrix:
+        goos: [darwin]
+        goarch: ["amd64", "arm64"]
+      fail-fast: true
+    name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build
+    env:
+      GOOS: ${{ matrix.goos }}
+      GOARCH: ${{ matrix.goarch }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: hashicorp/actions-go-build@v1
+        env:
+          CGO_ENABLED: 0
+          BASE_VERSION: ${{ needs.set-product-version.outputs.product-base-version }}
+          PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.product-prerelease-version}}
+          METADATA_VERSION: ${{ env.METADATA }}
+        with:
+          bin_name: "${{ env.PKG_NAME }}_v${{ needs.set-product-version.outputs.product-version }}_x5"
+          product_name: ${{ env.PKG_NAME }}
+          product_version: ${{ needs.set-product-version.outputs.product-version }}
+          go_version: ${{ needs.get-go-version.outputs.go-version }}
+          os: ${{ matrix.goos }}
+          arch: ${{ matrix.goarch }}
+          reproducible: report
+          instructions: |
+            go build \
+              -o "$BIN_PATH" \
+              -trimpath \
+              -buildvcs=false \
+              -ldflags "-s -w -X 'main.Version=${{ needs.set-product-version.outputs.product-version }}'"
+            cp LICENSE "$TARGET_DIR/LICENSE.txt"
+
diff --git a/.release/ci.hcl b/.release/ci.hcl
@@ -0,0 +1,89 @@
+# Reference: https://github.com/hashicorp/crt-core-helloworld/blob/main/.release/ci.hcl (private repository)
+
+schema = "2"
+
+project "terraform-provider-null" {
+  // team is currently unused and has no meaning
+  // but is required to be non-empty by CRT orchestator
+  team = "_UNUSED_"
+
+  slack {
+    notification_channel = "C02BASDVCDT" // #feed-terraform-sdk
+  }
+
+  github {
+    organization     = "hashicorp"
+    repository       = "terraform-provider-null"
+    release_branches = ["main", "release/**"]
+  }
+}
+
+event "merge {
+}
+
+event "build" {
+  action "build" {
+    depends = ["merge"]
+
+    organization = "hashicorp"
+    repository   = "terraform-provider-null"
+    workflow     = "build"
+  }
+}
+
+event "prepare" {
+  # `prepare` is the Common Release Tooling (CRT) artifact processing workflow.
+  # It prepares artifacts for potential promotion to staging and production.
+  # For example, it scans and signs artifacts.
+
+  depends = ["build"]
+
+  action "prepare" {
+    organization = "hashicorp"
+    repository   = "crt-workflows-common"
+    workflow     = "prepare"
+    depends      = ["build"]
+  }
+
+  notification {
+    on = "fail"
+  }
+}
+
+event "trigger-staging" {
+}
+
+event "promote-staging" {
+  action "promote-staging" {
+    organization = "hashicorp"
+    repository   = "crt-workflows-common"
+    workflow     = "promote-staging"
+    depends      = null
+    config       = "oss-release-metadata.hcl"
+  }
+
+  depends = ["trigger-staging"]
+
+  notification {
+    on = "always"
+  }
+}
+
+event "trigger-production" {
+}
+
+event "promote-production" {
+  action "promote-production" {
+    organization = "hashicorp"
+    repository   = "crt-workflows-common"
+    workflow     = "promote-production"
+    depends      = null
+    config       = ""
+  }
+
+  depends = ["trigger-production"]
+
+  notification {
+    on = "always"
+  }
+}
diff --git a/.release/oss-release-metadata.hcl b/.release/oss-release-metadata.hcl
@@ -0,0 +1,4 @@
+url_source_repository         = "https://github.com/hashicorp/terraform-provider-null"
+url_project_website           = "https://registry.terraform.io/providers/hashicorp/null"
+url_license                   = "https://github.com/hashicorp/terraform-provider-null/blob/main/LICENSE"
+url_release_notes             = "https://github.com/hashicorp/terraform-provider-null/blob/main/CHANGELOG.md"
diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
@@ -0,0 +1,11 @@
+# Reference: https://github.com/hashicorp/security-scanner/blob/main/CONFIG.md#binary (private repository)
+
+binary {
+  secrets {
+    all = true
+  }
+  go_modules   = true
+  osv          = true
+  oss_index    = false
+  nvd          = false
+}
diff --git a/.release/terraform-provider-null-artifacts.hcl b/.release/terraform-provider-null-artifacts.hcl
@@ -0,0 +1,16 @@
+schema = 1
+artifacts {
+  zip = [
+    "terraform-provider-null_${version}_darwin_amd64.zip",
+    "terraform-provider-null_${version}_darwin_arm64.zip",
+    "terraform-provider-null_${version}_freebsd_386.zip",
+    "terraform-provider-null_${version}_freebsd_amd64.zip",
+    "terraform-provider-null_${version}_freebsd_arm.zip",
+    "terraform-provider-null_${version}_linux_386.zip",
+    "terraform-provider-null_${version}_linux_amd64.zip",
+    "terraform-provider-null_${version}_linux_arm.zip",
+    "terraform-provider-null_${version}_linux_arm64.zip",
+    "terraform-provider-null_${version}_windows_386.zip",
+    "terraform-provider-null_${version}_windows_amd64.zip",
+  ]
+}
diff --git a/version/VERSION b/version/VERSION
@@ -0,0 +1 @@
+3.2.4-dev