diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 37bd757..fd53343 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -28,10 +28,93 @@ jobs:
with:
go-version: 1.19
+ - name: Generate changelog
+ id: changelog
+ run: |
+ echo "tag-name=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
+ gh api repos/$GITHUB_REPOSITORY/releases/generate-notes \
+ -f tag_name="${GITHUB_REF#refs/tags/}" \
+ -f target_commitish=trunk \
+ -q .body > CHANGELOG.md
+ env:
+ GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+ - name: Install osslsigncode
+ run: sudo apt-get install -y osslsigncode
+
+ - name: Obtain signing cert
+ run: |
+ cert="$(mktemp -t cert.XXX)"
+ base64 -d <<<"$CERT_CONTENTS" > "$cert"
+ echo "CERT_FILE=$cert" >> $GITHUB_ENV
+ env:
+ CERT_CONTENTS: ${{ secrets.OSS_SIGNING_CERT }}
+
+ - name: Set env
+ run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v4
with:
- version: latest
- args: release --clean
+ version: ${{ env.RELEASE_VERSION }}
+ args: release --release-notes=CHANGELOG.md
env:
- GITHUB_TOKEN: ${{ secrets.PUBLISHER_TOKEN }}
+ GITHUB_TOKEN: ${{secrets.PUBLISHER_TOKEN}}
+ GORELEASER_CURRENT_TAG: ${{steps.changelog.outputs.tag-name}}
+
+ msi:
+ needs: goreleaser
+ runs-on: windows-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ - name: Download sail.exe
+ id: download_exe
+ shell: bash
+ run: |
+ hub release download "${GITHUB_REF#refs/tags/}" -i '*windows_amd64*.zip'
+ printf "zip=%s\n" *.zip >> $GITHUB_OUTPUT
+ unzip -o *.zip && rm -v *.zip
+ env:
+ GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+ - name: Prepare PATH
+ id: setupmsbuild
+ uses: microsoft/setup-msbuild@v1.3.1
+ - name: Build MSI
+ id: buildmsi
+ shell: bash
+ env:
+ ZIP_FILE: ${{ steps.download_exe.outputs.zip }}
+ MSBUILD_PATH: ${{ steps.setupmsbuild.outputs.msbuildPath }}
+ run: |
+ name="$(basename "$ZIP_FILE" ".zip")"
+ version="$(echo -e ${GITHUB_REF#refs/tags/v} | sed s/-.*$//)"
+ "${MSBUILD_PATH}\MSBuild.exe" ./build/windows/sail.wixproj -p:SourceDir="$PWD" -p:OutputPath="$PWD" -p:OutputName="$name" -p:ProductVersion="$version"
+ - name: Obtain signing cert
+ id: obtain_cert
+ shell: bash
+ run: |
+ base64 -d <<<"$CERT_CONTENTS" > ./cert.pfx
+ printf "cert-file=%s\n" ".\\cert.pfx" >> $GITHUB_OUTPUT
+ env:
+ CERT_CONTENTS: ${{ secrets.OSS_SIGNING_CERT }}
+ - name: Sign MSI
+ env:
+ CERT_FILE: ${{ steps.obtain_cert.outputs.cert-file }}
+ EXE_FILE: ${{ steps.buildmsi.outputs.msi }}
+ run: .\assets\signtool sign /d "SailPoint CLI" /f $env:CERT_FILE /fd sha256 /tr http://timestamp.digicert.com /v $env:EXE_FILE
+ - name: Upload MSI
+ shell: bash
+ run: |
+ tag_name="${GITHUB_REF#refs/tags/}"
+ hub release edit "$tag_name" -m "" -a "$MSI_FILE"
+ release_url="$(gh api repos/:owner/:repo/releases -q ".[]|select(.tag_name==\"${tag_name}\")|.url")"
+ publish_args=( -F draft=false )
+ if [[ $GITHUB_REF != *-* ]]; then
+ publish_args+=( -f discussion_category_name="$DISCUSSION_CATEGORY" )
+ fi
+ gh api -X PATCH "$release_url" "${publish_args[@]}"
+ env:
+ MSI_FILE: ${{ steps.buildmsi.outputs.msi }}
+ DISCUSSION_CATEGORY: General
+ GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 342f98c..0116963 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -1,19 +1,56 @@
project_name: sail
+
+release:
+ prerelease: auto
+ draft: true # we only publish after the Windows MSI gets uploaded
+ name_template: "SailPoint CLI {{.Version}}"
+
+before:
+ hooks:
+ - go mod tidy
+
builds:
- - env: [CGO_ENABLED=0]
- goos:
- - linux
- - windows
- - darwin
- goarch:
- - amd64
- - arm64
+ - <<: &build_defaults
+ binary: bin/gh
+ main: ./
+ id: macos
+ goos: [darwin]
+ goarch: [amd64, arm64]
+
+ - <<: *build_defaults
+ id: linux
+ goos: [linux]
+ goarch: [386, arm, amd64, arm64]
+ env:
+ - CGO_ENABLED=0
+
+ - <<: *build_defaults
+ id: windows
+ goos: [windows]
+ goarch: [386, amd64, arm64]
+ # hooks:
+ # post:
+ # - cmd: ./script/sign-windows-executable.sh '{{ .Path }}'
+ # output: false
archives:
- - format: tar.gz
- format_overrides:
- - goos: windows
- format: zip
+ - id: nix
+ builds: [macos, linux]
+ <<: &archive_defaults
+ name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
+ wrap_in_directory: true
+ replacements:
+ darwin: macOS
+ format: tar.gz
+ files:
+ - LICENSE
+ - id: windows
+ builds: [windows]
+ <<: *archive_defaults
+ wrap_in_directory: false
+ format: zip
+ files:
+ - LICENSE
dockers:
- image_templates:
@@ -32,3 +69,13 @@ brews:
commit_author:
name: colin-mckibben-sp
email: colin.mckibben@sailpoint.com
+
+nfpms:
+ - license: MIT
+ maintainer: SailPoint
+ homepage: https://github.com/sailpoint-oss/sailpoint-cli
+ bindir: /usr
+ description: The SailPoint Command Line Interface.
+ formats:
+ - deb
+ - rpm
diff --git a/Makefile b/Makefile
index ea3c911..ff96f0d 100644
--- a/Makefile
+++ b/Makefile
@@ -1,17 +1,22 @@
+.PHONY: clean
clean:
go clean ./...
+.PHONY: mocks
mocks:
# Ref: https://github.com/golang/mock
mockgen -source=client/client.go -destination=mocks/client.go -package=mocks
+.PHONY: test
test:
go test -v -count=1 ./...
+.PHONY: install
install:
go build -o /usr/local/bin/sail -buildvcs=false
+.PHONY: vhs
vhs:
find assets -name "*.tape" | xargs -n 1 vhs
-.PHONY: clean mocks test install vhs .docker/login .docker/build .docker/push
+.PHONY: .docker/login .docker/build .docker/push
diff --git a/assets/sign-windows-executable.sh b/assets/sign-windows-executable.sh
new file mode 100644
index 0000000..8a7aa2d
--- /dev/null
+++ b/assets/sign-windows-executable.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+set -e
+
+EXE="$1"
+
+if [ -z "$CERT_FILE" ]; then
+ echo "skipping Windows code-signing; CERT_FILE not set" >&2
+ exit 0
+fi
+
+if [ ! -f "$CERT_FILE" ]; then
+ echo "error Windows code-signing; file '$CERT_FILE' not found" >&2
+ exit 1
+fi
+
+osslsigncode sign -n "SailPoint CLI" -t http://timestamp.digicert.com \
+ -pkcs12 "$CERT_FILE" -h sha256 \
+ -in "$EXE" -out "$EXE"~
+
+mv "$EXE"~ "$EXE"
\ No newline at end of file
diff --git a/assets/signtool.exe b/assets/signtool.exe
new file mode 100644
index 0000000..1ecf3b3
Binary files /dev/null and b/assets/signtool.exe differ
diff --git a/build/windows/sail.wixproj b/build/windows/sail.wixproj
new file mode 100644
index 0000000..8301505
--- /dev/null
+++ b/build/windows/sail.wixproj
@@ -0,0 +1,39 @@
+
+
+
+ Release
+ x64
+ 0.1.0
+ $(MSBuildProjectName)
+ package
+ $([MSBuild]::NormalizeDirectory($(MSBuildProjectDirectory)\..\..))
+ $(RepoPath)bin\$(Platform)\
+ $(RepoPath)bin\obj\$(Platform)\
+
+ $(DefineConstants);
+ ProductVersion=$(ProductVersion);
+
+ ICE39
+ false
+
+ $(MSBuildExtensionsPath)\Microsoft\WiX\v3.x\Wix.targets
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/build/windows/sail.wxs b/build/windows/sail.wxs
new file mode 100644
index 0000000..1202226
--- /dev/null
+++ b/build/windows/sail.wxs
@@ -0,0 +1,87 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/build/windows/ui.wxs b/build/windows/ui.wxs
new file mode 100644
index 0000000..a54441b
--- /dev/null
+++ b/build/windows/ui.wxs
@@ -0,0 +1,72 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 1
+ "1"]]>
+
+ 1
+
+ NOT
+ Installed
+ Installed
+ AND PATCH
+
+ 1
+ 1
+ NOT WIXUI_DONTVALIDATEPATH
+ "1"]]>
+ WIXUI_DONTVALIDATEPATH OR WIXUI_INSTALLDIR_VALID="1"
+ 1
+ 1
+
+ NOT Installed
+ Installed AND NOT PATCH
+ Installed AND PATCH
+
+ 1
+
+ 1
+ 1
+ 1
+
+
+
+
+
+
+
\ No newline at end of file