diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..87f50795 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,151 @@ +name: build + +# We now default to running this workflow on every push to every branch. +# This provides fast feedback when build issues occur, so they can be +# fixed prior to being merged to the main branch. +# +# If you want to opt out of this, and only run the build on certain branches +# please refer to the documentation on branch filtering here: +# +# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore +# +#on: [workflow_dispatch, push] + +# By dispatch only in development +on: [workflow_dispatch] + +env: + PKG_NAME: "terraform-provider-null" + +jobs: + get-go-version: + # Inspired by envconsul -- https://github.com/hashicorp/envconsul/blob/bcb270fdc53e1273b3010d51c02fcf2e67d830d0/.github/workflows/build.yml#L18 + name: "Determine Go toolchain version" + runs-on: ubuntu-latest + outputs: + go-version: ${{ steps.get-go-version.outputs.go-version }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + with: + go-version-file: 'go.mod' + - name: Determine Go version + id: get-go-version + run: | + echo "Building with Go $(go env GOVERSION | tr -d 'go')" + echo "go-version=$(go env GOVERSION | tr -d 'go')" >> "$GITHUB_OUTPUT" + + set-product-version: + runs-on: ubuntu-latest + outputs: + product-version: ${{ steps.set-product-version.outputs.product-version }} + product-base-version: ${{ steps.set-product-version.outputs.base-product-version }} + product-prerelease-version: ${{ steps.set-product-version.outputs.prerelease-product-version }} + product-minor-version: ${{ steps.set-product-version.outputs.minor-product-version }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Set Product version + id: set-product-version + uses: hashicorp/actions-set-product-version@v2 + + generate-metadata-file: + needs: set-product-version + runs-on: ubuntu-latest + outputs: + filepath: ${{ steps.generate-metadata-file.outputs.filepath }} + steps: + - name: "Checkout directory" + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Generate metadata file + id: generate-metadata-file + uses: hashicorp/actions-generate-metadata@v1 + with: + version: ${{ needs.set-product-version.outputs.product-version }} + product: ${{ env.PKG_NAME }} + repositoryOwner: "hashicorp" + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + with: + name: metadata.json + path: ${{ steps.generate-metadata-file.outputs.filepath }} + + build-other: + needs: + - get-go-version + - set-product-version + runs-on: ubuntu-latest + strategy: + fail-fast: false # recommended during development + matrix: + goos: [freebsd, windows, linux] + goarch: ["386", "amd64", "arm", "arm64"] + exclude: + - goos: freebsd + goarch: arm64 + - goos: windows + goarch: arm64 + - goos: windows + goarch: arm + + name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: hashicorp/actions-go-build@v1 + env: + CGO_ENABLED: 0 + BASE_VERSION: ${{ needs.set-product-version.outputs.product-base-version }} + PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.product-prerelease-version}} + METADATA_VERSION: ${{ env.METADATA }} + with: + bin_name: "${{ env.PKG_NAME }}_v${{ needs.set-product-version.outputs.product-version }}_x5" + product_name: ${{ env.PKG_NAME }} + product_version: ${{ needs.set-product-version.outputs.product-version }} + go_version: ${{ needs.get-go-version.outputs.go-version }} + os: ${{ matrix.goos }} + arch: ${{ matrix.goarch }} + reproducible: report + instructions: | + go build \ + -o "$BIN_PATH" \ + -trimpath \ + -buildvcs=false \ + -ldflags "-s -w -X 'main.Version=${{ needs.set-product-version.outputs.product-version }}'" + cp LICENSE "$TARGET_DIR/LICENSE.txt" + + build-darwin: + needs: + - get-go-version + - set-product-version + runs-on: macos-latest + strategy: + matrix: + goos: [darwin] + goarch: ["amd64", "arm64"] + fail-fast: true + name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build + env: + GOOS: ${{ matrix.goos }} + GOARCH: ${{ matrix.goarch }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: hashicorp/actions-go-build@v1 + env: + CGO_ENABLED: 0 + BASE_VERSION: ${{ needs.set-product-version.outputs.product-base-version }} + PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.product-prerelease-version}} + METADATA_VERSION: ${{ env.METADATA }} + with: + bin_name: "${{ env.PKG_NAME }}_v${{ needs.set-product-version.outputs.product-version }}_x5" + product_name: ${{ env.PKG_NAME }} + product_version: ${{ needs.set-product-version.outputs.product-version }} + go_version: ${{ needs.get-go-version.outputs.go-version }} + os: ${{ matrix.goos }} + arch: ${{ matrix.goarch }} + reproducible: report + instructions: | + go build \ + -o "$BIN_PATH" \ + -trimpath \ + -buildvcs=false \ + -ldflags "-s -w -X 'main.Version=${{ needs.set-product-version.outputs.product-version }}'" + cp LICENSE "$TARGET_DIR/LICENSE.txt" + diff --git a/.release/ci.hcl b/.release/ci.hcl new file mode 100644 index 00000000..03b0dc84 --- /dev/null +++ b/.release/ci.hcl @@ -0,0 +1,89 @@ +# Reference: https://github.com/hashicorp/crt-core-helloworld/blob/main/.release/ci.hcl (private repository) + +schema = "2" + +project "terraform-provider-null" { + // team is currently unused and has no meaning + // but is required to be non-empty by CRT orchestator + team = "_UNUSED_" + + slack { + notification_channel = "C02BASDVCDT" // #feed-terraform-sdk + } + + github { + organization = "hashicorp" + repository = "terraform-provider-null" + release_branches = ["main", "release/**"] + } +} + +event "merge { +} + +event "build" { + action "build" { + depends = ["merge"] + + organization = "hashicorp" + repository = "terraform-provider-null" + workflow = "build" + } +} + +event "prepare" { + # `prepare` is the Common Release Tooling (CRT) artifact processing workflow. + # It prepares artifacts for potential promotion to staging and production. + # For example, it scans and signs artifacts. + + depends = ["build"] + + action "prepare" { + organization = "hashicorp" + repository = "crt-workflows-common" + workflow = "prepare" + depends = ["build"] + } + + notification { + on = "fail" + } +} + +event "trigger-staging" { +} + +event "promote-staging" { + action "promote-staging" { + organization = "hashicorp" + repository = "crt-workflows-common" + workflow = "promote-staging" + depends = null + config = "oss-release-metadata.hcl" + } + + depends = ["trigger-staging"] + + notification { + on = "always" + } +} + +event "trigger-production" { +} + +event "promote-production" { + action "promote-production" { + organization = "hashicorp" + repository = "crt-workflows-common" + workflow = "promote-production" + depends = null + config = "" + } + + depends = ["trigger-production"] + + notification { + on = "always" + } +} diff --git a/.release/oss-release-metadata.hcl b/.release/oss-release-metadata.hcl new file mode 100644 index 00000000..7f3f5541 --- /dev/null +++ b/.release/oss-release-metadata.hcl @@ -0,0 +1,4 @@ +url_source_repository = "https://github.com/hashicorp/terraform-provider-null" +url_project_website = "https://registry.terraform.io/providers/hashicorp/null" +url_license = "https://github.com/hashicorp/terraform-provider-null/blob/main/LICENSE" +url_release_notes = "https://github.com/hashicorp/terraform-provider-null/blob/main/CHANGELOG.md" diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl new file mode 100644 index 00000000..708112df --- /dev/null +++ b/.release/security-scan.hcl @@ -0,0 +1,11 @@ +# Reference: https://github.com/hashicorp/security-scanner/blob/main/CONFIG.md#binary (private repository) + +binary { + secrets { + all = true + } + go_modules = true + osv = true + oss_index = false + nvd = false +} diff --git a/.release/terraform-provider-null-artifacts.hcl b/.release/terraform-provider-null-artifacts.hcl new file mode 100644 index 00000000..f587a230 --- /dev/null +++ b/.release/terraform-provider-null-artifacts.hcl @@ -0,0 +1,16 @@ +schema = 1 +artifacts { + zip = [ + "terraform-provider-null_${version}_darwin_amd64.zip", + "terraform-provider-null_${version}_darwin_arm64.zip", + "terraform-provider-null_${version}_freebsd_386.zip", + "terraform-provider-null_${version}_freebsd_amd64.zip", + "terraform-provider-null_${version}_freebsd_arm.zip", + "terraform-provider-null_${version}_linux_386.zip", + "terraform-provider-null_${version}_linux_amd64.zip", + "terraform-provider-null_${version}_linux_arm.zip", + "terraform-provider-null_${version}_linux_arm64.zip", + "terraform-provider-null_${version}_windows_386.zip", + "terraform-provider-null_${version}_windows_amd64.zip", + ] +} diff --git a/version/VERSION b/version/VERSION new file mode 100644 index 00000000..dcc54c11 --- /dev/null +++ b/version/VERSION @@ -0,0 +1 @@ +3.2.4-dev