Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CLI-2823] Add chocolatey to goreleaser config #2365

Draft
wants to merge 21 commits into
base: main
Choose a base branch
from
Draft

[CLI-2823] Add chocolatey to goreleaser config #2365

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
b8faf55
Add Chocolatey to the goreleaser config file
sgagniere Oct 12, 2023
f1f3959
small changes
sgagniere Oct 19, 2023
7f04ea9
Merge branch 'main' of github.com:confluentinc/cli into cli-2823
sgagniere Oct 19, 2023
e1c3122
add missing entry
sgagniere Oct 19, 2023
a2d1eeb
change comment
sgagniere Oct 20, 2023
ede4a2a
temporarily hardcode true for because goreleaser check reports an er…
sgagniere Oct 20, 2023
a0c9f3f
Merge branch 'main' into cli-2823
brianstrauch Dec 5, 2023
9be35c3
Merge branch 'main' of github.com:confluentinc/cli into cli-2823
sgagniere Dec 15, 2023
f98f0c4
Rearrange pre and post hooks
sgagniere Dec 26, 2023
dc29d94
some prep for building choco packages in docker
sgagniere Dec 26, 2023
f92d854
move windows builds outside of the main goreleaser file
sgagniere Dec 27, 2023
91ebd77
forgot to remove archive-chocolatey
sgagniere Dec 27, 2023
e365ba3
install choco in the windows builder docker image
sgagniere Dec 27, 2023
4bc9aea
fix typo
sgagniere Dec 27, 2023
d1be0cc
Add signing certificate to .gitignore
sgagniere Dec 27, 2023
cb3c9e0
move osslsigncode into the windows builder base image
sgagniere Dec 27, 2023
6f5ebd2
Can't sign in place with osslsigncode in Docker for some reason
sgagniere Dec 27, 2023
c872a56
Hide windows signing certificate in Docker using secrets feature
sgagniere Dec 28, 2023
8b640cd
Add chocolateys block to goreleaser-windows
sgagniere Dec 28, 2023
bb3affb
typo fix and add .dockerignore
sgagniere Dec 28, 2023
6282f3b
don't package the chocolatey version of windows twice
sgagniere Dec 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions .goreleaser-windows.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
project_name: confluent

dist: prebuilt

builds:
- id: confluent-windows-amd64
binary: confluent
main: cmd/confluent/main.go
ldflags:
- -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -buildmode=exe
gcflags:
- all=-trimpath={{.Env.HOME}}/git
asmflags:
- all=-trimpath={{.Env.HOME}}/git
env:
- CGO_ENABLED=1
- CC=x86_64-w64-mingw32-gcc
- CXX=x86_64-w64-mingw32-g++
- CGO_LDFLAGS=${CGO_LDFLAGS} -static
goos:
- windows
goarch:
- amd64
hooks:
post:
- cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }}
- id: confluent-windows-amd64-disableupdates
binary: confluent
main: cmd/confluent/main.go
ldflags:
- -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -X main.disableUpdates=true -buildmode=exe
gcflags:
- all=-trimpath={{.Env.HOME}}/git
asmflags:
- all=-trimpath={{.Env.HOME}}/git
env:
- CGO_ENABLED=1
- CC=x86_64-w64-mingw32-gcc
- CXX=x86_64-w64-mingw32-g++
- CGO_LDFLAGS=${CGO_LDFLAGS} -static
goos:
- windows
goarch:
- amd64
hooks:
post:
- cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }}

release:
disable: true

archives:
- format: binary
92 changes: 15 additions & 77 deletions .goreleaser.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,58 +153,25 @@ builds:
prebuilt:
path: "prebuilt/confluent-{{ .Os }}-{{ .Arch }}-disableupdates_{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/confluent"
- id: confluent-windows-amd64
binary: confluent
main: cmd/confluent/main.go
ldflags:
- -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -buildmode=exe
gcflags:
- all=-trimpath={{.Env.HOME}}/git
asmflags:
- all=-trimpath={{.Env.HOME}}/git
env:
- CGO_ENABLED=1
- CC=x86_64-w64-mingw32-gcc
- CXX=x86_64-w64-mingw32-g++
- CGO_LDFLAGS=${CGO_LDFLAGS} -static
builder: prebuilt
goos:
- windows
goarch:
- amd64
hooks:
pre:
- cmd: az login
- cmd: az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEVCodeSigningCertificate2 --subscription cc-prod --vault-name CLICodeSigningKeyVault --encoding base64
- cmd: xattr -dr com.apple.quarantine ./lib/osslsigncode
post:
- cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }}
- cmd: rm CLIEVCodeSigningCertificate2.pfx
- id: confluent-windows-amd64-chocolatey
binary: confluent
main: cmd/confluent/main.go
ldflags:
- -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -X main.disableUpdates=true -buildmode=exe
gcflags:
- all=-trimpath={{.Env.HOME}}/git
asmflags:
- all=-trimpath={{.Env.HOME}}/git
env:
- CGO_ENABLED=1
- CC=x86_64-w64-mingw32-gcc
- CXX=x86_64-w64-mingw32-g++
- CGO_LDFLAGS=${CGO_LDFLAGS} -static
goamd64:
- v1
prebuilt:
path: "prebuilt/confluent-{{ .Os }}-{{ .Arch }}_{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/confluent.exe"
- id: confluent-windows-amd64-disableupdates
builder: prebuilt
goos:
- windows
goarch:
- amd64
hooks:
# TODO: We might have to convert some of these to global before/after hooks since we'll now have multiple Windows binaries w/ different ldflags
pre:
- cmd: az login
- cmd: az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEVCodeSigningCertificate2 --subscription cc-prod --vault-name CLICodeSigningKeyVault --encoding base64
- cmd: xattr -dr com.apple.quarantine ./lib/osslsigncode
post:
- cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }}
- cmd: rm CLIEVCodeSigningCertificate2.pfx
goamd64:
- v1
prebuilt:
path: "prebuilt/confluent-{{ .Os }}-{{ .Arch }}-disableupdates_{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/confluent.exe"

archives:
- id: archive
Expand Down Expand Up @@ -238,17 +205,11 @@ archives:
- confluent-darwin-amd64-disableupdates
- confluent-darwin-arm64-disableupdates
- confluent-linux-disableupdates
- confluent-windows-amd64-disableupdates
name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}_disableupdates"
wrap_in_directory: "{{ .ProjectName }}"
files:
- LICENSE
- legal/**/*
- id: archive-chocolatey
# TODO: Check naming requirements for Chocolatey
format: zip
builds:
- confluent-windows-amd64-chocolatey
name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}_chocolatey"
format_overrides:
- goos: windows
format: zip
wrap_in_directory: "{{ .ProjectName }}"
files:
- LICENSE
Expand Down Expand Up @@ -349,26 +310,3 @@ brews:
description: CLI for Confluent Cloud and Confluent Platform
skip_upload: "{{ .Env.DRY_RUN }}"
test: system "#{bin}/confluent version"

chocolateys:
# TODO: Check naming requirements for Chocolatey
- name: confluent
ids:
- archive-chocolatey
owners: confluentinc
title: Confluent CLI
authors: Confluent Inc.
project_url: https://docs.confluent.io/confluent-cli/current/overview.html
url_template: "https://s3-us-west-2.amazonaws.com/confluent.cloud/confluent-cli/archives/{{ .Version }}/{{ .ArtifactName }}"
copyright: 2023 Confluent Inc.
license_url: https://github.com/confluentinc/cli/blob/main/LICENSE
require_license_acceptance: false
project_source_url: https://github.com/confluentinc/cli
bug_tracker_url: https://github.com/confluentinc/cli/issues
summary: CLI for Confluent Cloud and Confluent Platform
description: CLI for Confluent Cloud and Confluent Platform
release_notes: https://docs.confluent.io/confluent-cli/current/release-notes.html
# TODO
api_key: "{{ .Env.CHOCOLATEY_API_KEY }}"
source_repo: "https://push.chocolatey.org/"
skip_publish: true
15 changes: 15 additions & 0 deletions docker/Dockerfile_windows_amd64
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
FROM --platform=linux/amd64 ubuntu:jammy-20231211.1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we have other Dockerfiles like this one. Let's make sure they're all using the same ubuntu version?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't, unfortunately.

The other Ubuntu image doesn't have a new enough version of mingw-w64 to be able to cross compile for Windows.

This Ubuntu image has glibc version 2.35, which is too high for cross compiling Linux arm64 without a breaking change.


COPY . /cli/

RUN apt update && apt -y install make sudo

RUN sudo apt -y install git wget build-essential mingw-w64

RUN export GO_VERSION=$(cat /cli/.go-version) && \
wget "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" && \
sudo tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz"

ENV PATH=${PATH}:/usr/local/go/bin:/root/go/bin

RUN cd /cli && make gorelease-windows-amd64
5 changes: 5 additions & 0 deletions mk-files/release.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,11 @@ else
GOEXPERIMENT=boringcrypto goreleaser release --clean --config .goreleaser-linux-arm64.yml
endif

.PHONY: gorelease-windows-amd64
gorelease-windows-amd64:
go install github.com/goreleaser/goreleaser@$(GORELEASER_VERSION) && \
GOEXPERIMENT=boringcrypto goreleaser release --clean --config .goreleaser-windows.yml

# This builds the Darwin, Windows and Linux binaries using goreleaser on the host computer. Goreleaser takes care of uploading the resulting binaries/archives/checksums to S3.
.PHONY: gorelease
gorelease:
Expand Down
21 changes: 21 additions & 0 deletions scripts/build_windows.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
#!/bin/bash

function cleanup {
shred --force --remove --zero --iterations=10 CLIEVCodeSigningCertificate2.pfx
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably not the end of the world if we don't do this since the CI machines get reset between runs.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True, but I'm writing this so far on the assumption that we might be releasing before we fully switch to the CI.

rm -rf vendor
}
trap cleanup EXIT

trap "exit 1" ERR

az login
az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEVCodeSigningCertificate2 --subscription cc-prod --vault-name CLICodeSigningKeyVault --encoding base64
xattr -dr com.apple.quarantine ./lib/osslsigncode

go mod vendor

# Build windows/amd64
docker build . --file ./docker/Dockerfile_windows_amd64 --tag cli-windows-amd64-builder-image
docker container create --name cli-windows-amd64-builder cli-windows-amd64-builder-image
docker container cp cli-windows-amd64-builder:/cli/prebuilt/. ./prebuilt/
docker container rm cli-windows-amd64-builder