Merge pull request #16 from conjurinc/automated-release

Automated releases for Conjur preflight CLI

Author: micahlee

.github/workflows/ci.yml

@@ -14,3 +14,5 @@ build_ca_certificate
 conjur-preflight
 # Exclude binary entrypoint
 !cmd/conjur-preflight
+VERSION
+!pkg/version

.gitignore

@@ -7,6 +7,7 @@ before:
     - go mod tidy
     # you may remove this if you don't need go generate
     - go generate ./...
+
 builds:
   - main: ./cmd/conjur-preflight
     binary: conjur-preflight
@@ -28,6 +29,8 @@ builds:
     ldflags:
       - -w
       - -X "github.com/cyberark/conjur-preflight/pkg/version.Tag={{ .ShortCommit }}"
+      - -X "github.com/cyberark/conjur-preflight/pkg/version.Version={{ .Env.VERSION }}"
+      - -X "github.com/cyberark/conjur-preflight/pkg/version.BuildNumber={{ .Env.BUILD_NUMBER }}"
     hooks:
       post:
         # Copy the binary out into the <dist> path, and give the copy the name we
@@ -41,16 +44,16 @@ archives:
       - CHANGELOG.md
       - LICENSE
       - README.md
-    name_template: "{{.ProjectName}}_{{.Version}}_{{.Os}}_{{.Arch}}"
+    name_template: "{{.ProjectName}}_{{.Env.VERSION}}_{{.Os}}_{{.Arch}}"
     wrap_in_directory: true
 
 checksum:
   name_template: "SHA256SUMS.txt"
 
 nfpms:
   - bindir: /usr/bin
-    description: CyberArk Conjur Enteprise Preflight Qualification Tool
-    file_name_template: "{{.ProjectName}}_{{.Version}}_{{.Arch}}"
+    description: CyberArk Conjur Enterprise Preflight Qualification Tool
+    file_name_template: "{{.ProjectName}}_{{.Env.VERSION}}_{{.Arch}}"
     formats:
       - deb
       - rpm
@@ -66,7 +69,12 @@ release:
   disable: true
   draft: true
   extra_files:
+    - glob: NOTICES.txt
     - glob: CHANGELOG.md
     - glob: LICENSE
-    - glob: README.md
     - glob: dist/binaries
+
+# Changelog management and publishing is handled by Jenkins-based release
+# automation
+changelog:
+  skip: true

.goreleaser.yml

@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Nothing should go in this section, please add to the latest unreleased version
   (and update the corresponding date), or add a new version.
 
-## [0.1.0] - 2022-12-09
+## [0.1.0] - 2022-12-12
+
+### Added
+- Initial reports for CPU, memory, disk space, and OS version.
+  [conjurinc/conjur-preflight#14](https://github.com/conjurinc/conjur-preflight/pull/14)
 
 [Unreleased]: https://github.com/cyberark/conjur/compare/v0.0.0...HEAD

CHANGELOG.md

@@ -1,4 +1,4 @@
-FROM golang:1.17-alpine
+FROM golang:1.19-alpine
 LABEL MAINTAINER CyberArk Software Ltd.
 LABEL id="conjur-preflight-junit-processor"
 
@@ -13,6 +13,6 @@ RUN apk add -u curl \
 
 # gocov converts native coverage output to gocov's JSON interchange format
 # gocov-xml converts gocov format to XML for use with Jenkins/Cobertura
-RUN go get -u github.com/jstemmer/go-junit-report && \
-    go get github.com/axw/gocov/gocov && \
-    go get github.com/AlekSi/gocov-xml
+RUN go install github.com/jstemmer/go-junit-report@latest && \
+    go install github.com/axw/gocov/gocov@latest && \
+    go install github.com/AlekSi/gocov-xml@latest

Dockerfile.junit

@@ -1,5 +1,22 @@
 #!/usr/bin/env groovy
 
+// Automated release, promotion and dependencies
+properties([
+  // Include the automated release parameters for the build
+  release.addParams(),
+])
+
+// Performs release promotion.  No other stages will be run
+if (params.MODE == "PROMOTE") {
+  release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
+    // Any assets from sourceVersion Github release are available in assetDirectory
+    // Any version number updates from sourceVersion to targetVersion occur here
+    // Any publishing of targetVersion artifacts occur here
+    // Anything added to assetDirectory will be attached to the Github Release
+  }
+  return
+}
+
 pipeline {
   agent { label 'executor-v2' }
 
@@ -9,20 +26,46 @@ pipeline {
     timeout(time: 2, unit: 'HOURS')
   }
 
+  triggers {
+    cron(getDailyCronString())
+  }
+
   environment {
     // Sets the MODE to the specified or autocalculated value as appropriate
     MODE = release.canonicalizeMode()
   }
 
   stages {
-    stage('Validate') {
-      parallel {
-        stage('Changelog') {
-          steps { sh './bin/parse_changelog' }
+    // Aborts any builds triggered by another project that wouldn't include any changes
+    stage ("Skip build if triggering job didn't create a release") {
+      when {
+        expression {
+          MODE == "SKIP"
+        }
+      }
+      steps {
+        script {
+          currentBuild.result = 'ABORTED'
+          error("Aborting build because this build was triggered from upstream, but no release was built")
         }
       }
     }
 
+    // Generates a VERSION file based on the current build number and latest version in CHANGELOG.md
+    stage('Validate Changelog and set version') {
+      steps {
+        sh './bin/parse_changelog'
+        updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
+      }
+    }
+
+    stage('Get latest upstream dependencies') {
+      steps {
+        updateGoDependencies('${WORKSPACE}/go.mod')
+      }
+    }
+
+
     stage('Run Unit Tests') {
       steps {
         sh './bin/test_unit'
@@ -44,5 +87,34 @@ pipeline {
           ccCoverage("gocov", "--prefix github.com/conjurinc/conjur-preflight")
       }
     }
+
+    stage('Release') {
+      when {
+        expression {
+          MODE == "RELEASE"
+        }
+      }
+
+      steps {
+        // Build release artifacts
+        sh "bin/build_release"
+
+        release { billOfMaterialsDirectory, assetDirectory, toolsDirectory ->
+          // Publish release artifacts to all the appropriate locations
+          // Copy any artifacts to assetDirectory to attach them to the Github release
+
+          // Create Go application SBOM using the go.mod version for the golang container image
+          sh """go-bom --tools "${toolsDirectory}" --go-mod ./go.mod --image "golang" --main "cmd/conjur-preflight/" --output "${billOfMaterialsDirectory}/go-app-bom.json" """
+          // Create Go module SBOM
+          sh """go-bom --tools "${toolsDirectory}" --go-mod ./go.mod --image "golang" --output "${billOfMaterialsDirectory}/go-mod-bom.json" """
+
+          // Add goreleaser artifacts to release
+          sh """cp dist/*.tar.gz "${assetDirectory}" """
+          sh """cp dist/*.rpm "${assetDirectory}" """
+          sh """cp dist/*.deb "${assetDirectory}" """
+          sh """cp "dist/SHA256SUMS.txt" "${assetDirectory}" """
+        }
+      }
+    }
   }
 }

Jenkinsfile

@@ -2,7 +2,8 @@ build:
 	go build -o ./dev/tmp/ ./cmd/conjur-preflight
 
 test:
-	go test -count=1 -coverprofile=c.out -v ./...
+	go test -count=1 -coverpkg=./... -coverprofile=c.out -v ./...
+	go tool cover -func c.out
 
 install:
 	go install ./cmd/conjur-preflight

Makefile

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+set -e
+
+REPO_ROOT="$(git rev-parse --show-toplevel)"
+
+VERSION=$(<"${REPO_ROOT}/VERSION")
+
+# Remove Jenkins build number from VERSION
+VERSION="${VERSION/-*/}"
+
+
+GORELEASER_IMAGE="goreleaser/goreleaser:latest"
+
+main() {
+  build_release
+}
+
+build_release() {
+  echo "Building release ${VERSION} (${BUILD_NUMBER})..."
+  docker run \
+    --rm \
+    --env VERSION="${VERSION}" \
+    --env BUILD_NUMBER="${BUILD_NUMBER}" \
+    --volume "${PWD}/:/conjur-preflight/" \
+    --workdir "/conjur-preflight" \
+    "${GORELEASER_IMAGE}" \
+      --skip-validate \
+      --snapshot \
+      --rm-dist
+  echo "Release built. Artifacts can be found in dist/"
+}
+
+main "$@"

NOTICES.txt

@@ -24,6 +24,8 @@ function run_unit_tests() {
   docker run --rm -t \
              --volume "$PWD"/:/conjur-preflight/test/ \
              conjur-preflight-test-runner:latest \
+             -count=1 \
+             -coverpkg=./... \
              -coverprofile="./test/c.out" \
              ./... \
              | tee -a "$junit_output_file"