Compare commits
2 Commits
main
...
v0.0.1-tes
| Author | SHA1 | Date | |
|---|---|---|---|
|
a9f441933b | ||
|
|
60d15d8173 |
@@ -2,29 +2,48 @@
|
||||
|
||||
project_name: pulumi-docker-build
|
||||
builds:
|
||||
- dir: provider
|
||||
env:
|
||||
- CGO_ENABLED=0
|
||||
- GO111MODULE=on
|
||||
goos:
|
||||
- darwin
|
||||
- windows
|
||||
- linux
|
||||
goarch:
|
||||
- amd64
|
||||
- arm64
|
||||
ignore: []
|
||||
main: ./cmd/pulumi-resource-docker-build/
|
||||
ldflags:
|
||||
- -s
|
||||
- -w
|
||||
- -X
|
||||
github.com/pulumi/pulumi-docker-build/provider/pkg/version.Version={{.Tag}}
|
||||
- -X github.com/pulumi/pulumi-docker-build/provider.Version={{.Tag}}
|
||||
binary: pulumi-resource-docker-build
|
||||
- dir: provider
|
||||
env:
|
||||
- CGO_ENABLED=0
|
||||
- GO111MODULE=on
|
||||
goos:
|
||||
- darwin
|
||||
- linux
|
||||
goarch:
|
||||
- amd64
|
||||
- arm64
|
||||
ignore: []
|
||||
main: ./cmd/pulumi-resource-docker-build/
|
||||
ldflags:
|
||||
- -s
|
||||
- -w
|
||||
- -X github.com/pulumi/pulumi-docker-build/provider/pkg/version.Version={{.Tag}}
|
||||
- -X github.com/pulumi/pulumi-docker-build/provider.Version={{.Tag}}
|
||||
binary: pulumi-resource-docker-build
|
||||
id: build-provider
|
||||
- dir: provider
|
||||
env:
|
||||
- CGO_ENABLED=0
|
||||
- GO111MODULE=on
|
||||
goos:
|
||||
- windows
|
||||
goarch:
|
||||
- amd64
|
||||
- arm64
|
||||
ignore: []
|
||||
main: ./cmd/pulumi-resource-docker-build/
|
||||
ldflags:
|
||||
- -s
|
||||
- -w
|
||||
- -X github.com/pulumi/pulumi-docker-build/provider/pkg/version.Version={{.Tag}}
|
||||
- -X github.com/pulumi/pulumi-docker-build/provider.Version={{.Tag}}
|
||||
binary: pulumi-resource-docker-build
|
||||
id: build-provider-sign-windows
|
||||
hooks:
|
||||
post: make sign-windows-exe-{{ .Arch }}
|
||||
archives:
|
||||
- name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}"
|
||||
id: archive
|
||||
- name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}"
|
||||
id: archive
|
||||
snapshot:
|
||||
name_template: "{{ .Tag }}-SNAPSHOT"
|
||||
changelog:
|
||||
@@ -32,9 +51,9 @@ changelog:
|
||||
release:
|
||||
disable: true
|
||||
blobs:
|
||||
- provider: s3
|
||||
region: us-west-2
|
||||
bucket: get.pulumi.com
|
||||
folder: releases/plugins/
|
||||
ids:
|
||||
- archive
|
||||
- provider: s3
|
||||
region: us-west-2
|
||||
bucket: get.pulumi.com
|
||||
folder: releases/plugins/
|
||||
ids:
|
||||
- archive
|
||||
|
||||
@@ -2,29 +2,48 @@
|
||||
|
||||
project_name: pulumi-docker-build
|
||||
builds:
|
||||
- dir: provider
|
||||
env:
|
||||
- CGO_ENABLED=0
|
||||
- GO111MODULE=on
|
||||
goos:
|
||||
- darwin
|
||||
- windows
|
||||
- linux
|
||||
goarch:
|
||||
- amd64
|
||||
- arm64
|
||||
ignore: []
|
||||
main: ./cmd/pulumi-resource-docker-build/
|
||||
ldflags:
|
||||
- -s
|
||||
- -w
|
||||
- -X
|
||||
github.com/pulumi/pulumi-docker-build/provider/pkg/version.Version={{.Tag}}
|
||||
- -X github.com/pulumi/pulumi-docker-build/provider.Version={{.Tag}}
|
||||
binary: pulumi-resource-docker-build
|
||||
- dir: provider
|
||||
env:
|
||||
- CGO_ENABLED=0
|
||||
- GO111MODULE=on
|
||||
goos:
|
||||
- darwin
|
||||
- linux
|
||||
goarch:
|
||||
- amd64
|
||||
- arm64
|
||||
ignore: []
|
||||
main: ./cmd/pulumi-resource-docker-build/
|
||||
ldflags:
|
||||
- -s
|
||||
- -w
|
||||
- -X github.com/pulumi/pulumi-docker-build/provider/pkg/version.Version={{.Tag}}
|
||||
- -X github.com/pulumi/pulumi-docker-build/provider.Version={{.Tag}}
|
||||
binary: pulumi-resource-docker-build
|
||||
id: build-provider
|
||||
- dir: provider
|
||||
env:
|
||||
- CGO_ENABLED=0
|
||||
- GO111MODULE=on
|
||||
goos:
|
||||
- windows
|
||||
goarch:
|
||||
- amd64
|
||||
- arm64
|
||||
ignore: []
|
||||
main: ./cmd/pulumi-resource-docker-build/
|
||||
ldflags:
|
||||
- -s
|
||||
- -w
|
||||
- -X github.com/pulumi/pulumi-docker-build/provider/pkg/version.Version={{.Tag}}
|
||||
- -X github.com/pulumi/pulumi-docker-build/provider.Version={{.Tag}}
|
||||
binary: pulumi-resource-docker-build
|
||||
id: build-provider-sign-windows
|
||||
hooks:
|
||||
post: make sign-windows-exe-{{ .Arch }}
|
||||
archives:
|
||||
- name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}"
|
||||
id: archive
|
||||
- name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}"
|
||||
id: archive
|
||||
snapshot:
|
||||
name_template: "{{ .Tag }}-SNAPSHOT"
|
||||
changelog:
|
||||
@@ -32,9 +51,9 @@ changelog:
|
||||
release:
|
||||
disable: false
|
||||
blobs:
|
||||
- provider: s3
|
||||
region: us-west-2
|
||||
bucket: get.pulumi.com
|
||||
folder: releases/plugins/
|
||||
ids:
|
||||
- archive
|
||||
- provider: s3
|
||||
region: us-west-2
|
||||
bucket: get.pulumi.com
|
||||
folder: releases/plugins/
|
||||
ids:
|
||||
- archive
|
||||
|
||||
43
Makefile
43
Makefile
@@ -259,3 +259,46 @@ sdk/java: $(PULUMI) bin/${PROVIDER}
|
||||
docs: $(shell find docs/yaml -type f) $(shell find ./provider/internal/embed -name '*.md') ${SCHEMA_PATH}
|
||||
go generate docs/generate.go
|
||||
@touch docs
|
||||
|
||||
# Set these variables to enable signing of the windows binary
|
||||
AZURE_SIGNING_CLIENT_ID ?=
|
||||
AZURE_SIGNING_CLIENT_SECRET ?=
|
||||
AZURE_SIGNING_TENANT_ID ?=
|
||||
AZURE_SIGNING_KEY_VAULT_URI ?=
|
||||
SKIP_SIGNING ?=
|
||||
|
||||
bin/jsign-6.0.jar:
|
||||
wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar --output-document=bin/jsign-6.0.jar
|
||||
|
||||
sign-windows-exe-amd64: GORELEASER_ARCH := amd64_v1
|
||||
sign-windows-exe-arm64: GORELEASER_ARCH := arm64
|
||||
|
||||
sign-windows-exe-%: bin/jsign-6.0.jar
|
||||
@# Only sign windows binary if fully configured.
|
||||
@# Test variables set by joining with | between and looking for || showing at least one variable is empty.
|
||||
@# Move the binary to a temporary location and sign it there to avoid the target being up-to-date if signing fails.
|
||||
@set -e; \
|
||||
if [[ "${SKIP_SIGNING}" != "true" ]]; then \
|
||||
if [[ "|${AZURE_SIGNING_CLIENT_ID}|${AZURE_SIGNING_CLIENT_SECRET}|${AZURE_SIGNING_TENANT_ID}|${AZURE_SIGNING_KEY_VAULT_URI}|" == *"||"* ]]; then \
|
||||
echo "Can't sign windows binaries as required configuration not set: AZURE_SIGNING_CLIENT_ID, AZURE_SIGNING_CLIENT_SECRET, AZURE_SIGNING_TENANT_ID, AZURE_SIGNING_KEY_VAULT_URI"; \
|
||||
echo "To rebuild with signing delete the unsigned windows exe file and rebuild with the fixed configuration"; \
|
||||
if [[ "${CI}" == "true" ]]; then exit 1; fi; \
|
||||
else \
|
||||
file=dist/pulumi-docker-build_windows_${GORELEASER_ARCH}/pulumi-resource-docker-build.exe; \
|
||||
mv $${file} $${file}.unsigned; \
|
||||
az login --service-principal \
|
||||
--username "${AZURE_SIGNING_CLIENT_ID}" \
|
||||
--password "${AZURE_SIGNING_CLIENT_SECRET}" \
|
||||
--tenant "${AZURE_SIGNING_TENANT_ID}" \
|
||||
--output none; \
|
||||
ACCESS_TOKEN=$$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken); \
|
||||
java -jar bin/jsign-6.0.jar \
|
||||
--storetype AZUREKEYVAULT \
|
||||
--keystore "PulumiCodeSigning" \
|
||||
--url "${AZURE_SIGNING_KEY_VAULT_URI}" \
|
||||
--storepass "$${ACCESS_TOKEN}" \
|
||||
$${file}.unsigned; \
|
||||
mv $${file}.unsigned $${file}; \
|
||||
az logout; \
|
||||
fi; \
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user