[CLI-2823] Add chocolatey to goreleaser config #2365
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -156,7 +156,7 @@ builds: | |
| binary: confluent | ||
| main: cmd/confluent/main.go | ||
| ldflags: | ||
| - -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -buildmode=exe | ||
| gcflags: | ||
| - all=-trimpath={{.Env.HOME}}/git | ||
| asmflags: | ||
|
|
@@ -178,6 +178,33 @@ builds: | |
| post: | ||
| - cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} | ||
| - cmd: rm CLIEVCodeSigningCertificate2.pfx | ||
| - id: confluent-windows-amd64-chocolatey | ||
| binary: confluent | ||
| main: cmd/confluent/main.go | ||
| ldflags: | ||
| - -s -w -X main.version={{.Version}} -X main.commit={{.ShortCommit}} -X main.date={{.Date}} -X main.disableUpdates=true -buildmode=exe | ||
| gcflags: | ||
| - all=-trimpath={{.Env.HOME}}/git | ||
| asmflags: | ||
| - all=-trimpath={{.Env.HOME}}/git | ||
| env: | ||
| - CGO_ENABLED=1 | ||
| - CC=x86_64-w64-mingw32-gcc | ||
| - CXX=x86_64-w64-mingw32-g++ | ||
| - CGO_LDFLAGS=${CGO_LDFLAGS} -static | ||
| goos: | ||
| - windows | ||
| goarch: | ||
| - amd64 | ||
| hooks: | ||
| # TODO: We might have to convert some of these to global before/after hooks since we'll now have multiple Windows binaries w/ different ldflags | ||
|
There was a problem hiding this comment. Agreed, let's try to avoid running There was a problem hiding this comment. (and I guess we only need to download the signing secret once, too) There was a problem hiding this comment. Aside from just the annoyance of two popups, I actually discovered a pretty annoying thing when I was testing this: if you log in w/ one of the tabs and close out the other, goreleaser just blocks on that pre-hook. Converting it into a global For the downloading, we have some options. What I tried is downloading to two separate files so that the removal post hook doesn't remove the file before the other build's post hook can sign with it. This works, although it's a bit clunky carrying two copies of the signing file with different names. The other option is to download the file in the global There was a problem hiding this comment.
👍 |
||
| pre: | ||
| - cmd: az login | ||
| - cmd: az keyvault secret download --file CLIEVCodeSigningCertificate2.pfx --name CLIEVCodeSigningCertificate2 --subscription cc-prod --vault-name CLICodeSigningKeyVault --encoding base64 | ||
| - cmd: xattr -dr com.apple.quarantine ./lib/osslsigncode | ||
| post: | ||
| - cmd: ./lib/osslsigncode sign -n "Confluent CLI" -i "https://confluent.io" -pkcs12 CLIEVCodeSigningCertificate2.pfx -in {{ .Path }} -out {{ .Path }} | ||
| - cmd: rm CLIEVCodeSigningCertificate2.pfx | ||
|
|
||
| archives: | ||
| - id: archive | ||
|
|
@@ -216,6 +243,16 @@ archives: | |
| files: | ||
| - LICENSE | ||
| - legal/**/* | ||
| - id: archive-chocolatey | ||
| # TODO: Check naming requirements for Chocolatey | ||
| format: zip | ||
| builds: | ||
| - confluent-windows-amd64-chocolatey | ||
| name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}_chocolatey" | ||
| wrap_in_directory: "{{ .ProjectName }}" | ||
| files: | ||
| - LICENSE | ||
| - legal/**/* | ||
| - id: binary | ||
| format: binary | ||
| builds: | ||
|
|
@@ -284,6 +321,7 @@ blobs: | |
| - archive | ||
| - archive-alpine | ||
| - archive-homebrew | ||
| - archive-chocolatey | ||
brianstrauch marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| provider: s3 | ||
| bucket: confluent.cloud | ||
| region: us-west-2 | ||
|
|
@@ -308,4 +346,27 @@ brews: | |
| homepage: https://docs.confluent.io/confluent-cli/current/overview.html | ||
| description: CLI for Confluent Cloud and Confluent Platform | ||
| skip_upload: "{{ .Env.DRY_RUN }}" | ||
| test: system "#{bin}/confluent version" | ||
|
|
||
| chocolateys: | ||
| # TODO: Check naming requirements for Chocolatey | ||
| - name: confluent | ||
| ids: | ||
| - archive-chocolatey | ||
| owners: confluentinc | ||
| title: Confluent CLI | ||
| authors: Confluent Inc. | ||
| project_url: https://docs.confluent.io/confluent-cli/current/overview.html | ||
| url_template: "https://s3-us-west-2.amazonaws.com/confluent.cloud/confluent-cli/archives/{{ .Version }}/{{ .ArtifactName }}" | ||
| copyright: 2023 Confluent Inc. | ||
| license_url: https://github.com/confluentinc/cli/blob/main/LICENSE | ||
| require_license_acceptance: false | ||
| project_source_url: https://github.com/confluentinc/cli | ||
| bug_tracker_url: https://github.com/confluentinc/cli/issues | ||
| summary: CLI for Confluent Cloud and Confluent Platform | ||
| description: CLI for Confluent Cloud and Confluent Platform | ||
| release_notes: https://docs.confluent.io/confluent-cli/current/release-notes.html | ||
| # TODO | ||
| api_key: "{{ .Env.CHOCOLATEY_API_KEY }}" | ||
|
There was a problem hiding this comment. Should we be reading this directly from There was a problem hiding this comment. Yeah if we do end up using the chocolatey repo, that's what we'll do. This is just a "don't forget this" placeholder. Actually, no matter which repo we end up using we'll need a corresponding api-key, so we'll be likely be storing and reading it from |
||
| source_repo: "https://push.chocolatey.org/" | ||
| skip_publish: true | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We might want to come up with a more generic name, i.e.
confluent-windows-amd64-disableupdatesin case we want to supportscoop(or other Windows package managers) in the future. We should probably consider doing the same for the linux/darwin builds too.