Ibotta · onyxraven · May 18, 2023 · May 12, 2023 · May 14, 2023 · May 15, 2023
@@ -4,9 +4,10 @@
 
 This is a single top-level namespace filled with packages. Each directory is potentially a package. Binary builds are done on packages with a main subpackage.
 
-## Install Golang 
+## Install Golang
+
+### Using asdf or rtx
 
-### Using asdf-vm
 We utilize a `.go-version` file that can be used by [asdf-vm](https://github.com/kennyp/asdf-golang) like so:
 
 ```bash
@@ -24,13 +25,6 @@ cd /path/to/sopstool/repository/
 goenv install
 ```
 
-### Using gimme
-[gimme](https://github.com/travis-ci/gimme) uses `eval` in a simple way:
-
-```bash
-eval "$(gimme 1.17)"
-```
-
 ### From the developers
 
 You can download and install the Golang [directly from the website](https://go.dev/dl/).
@@ -126,10 +120,6 @@ Summary: Given a version number **MAJOR**.**MINOR**.**PATCH**, increment the:
 
 ## Patterns
 
-### Godownloader
-
-We used to use [godownloader](https://github.com/goreleaser/godownloader) to generate the installer scripts. This is deprecated now, but the majority of the scripts used have not changed in a while. Any fixes will need to be by-hand.
-
 ### Common third-party modules in use
 
 - cobra

@@ -29,6 +29,9 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
+      - name: Set up Syft
+        uses: anchore/sbom-action/download-syft@v0
+
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
@@ -62,6 +65,6 @@ jobs:
         env:
           # this needs push access to the tap
           GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
-      - name: upload other artifacts
-        shell: bash
-        run: scripts/deploy
+
+      - name: Push Docker
+        run: scripts/deploy-docker --push
@@ -26,6 +26,9 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
+      - name: Set up Syft
+        uses: anchore/sbom-action/download-syft@v0
+
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
@@ -47,3 +50,6 @@ jobs:
           distribution: goreleaser
           version: latest
           args: release --clean --snapshot --skip-publish
+
+      - name: Test Docker
+        run: scripts/deploy-docker
@@ -5,4 +5,5 @@ sopstool
 c.out
 *.cover
 .idea
-.vscode
+.vscode
+bin
@@ -1,3 +1,5 @@
+report_sizes: true
+
 # Build customization
 builds:
   - env:
@@ -6,32 +8,41 @@ builds:
     goos:
       - darwin
       - linux
+      - windows
     goarch:
       - amd64
       - arm64
+    goarm:
+      - ""
+    goamd64:
+      - ""
+
+universal_binaries:
+  - id: sopstool
+    # Whether to remove the previous single-arch binaries from the artifact list.
+    # If left as false, your end release might have both several macOS archives:
+    # amd64, arm64 and all.
+    replace: true
 
 archives:
   - id: newzips
     name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}"
+    format_overrides:
+      - goos: windows
+        format: zip
 
 checksum:
-  # You can change the name of the checksums file.
-  # This is parsed with the Go template engine and the following variables
-  # are available:
-  # - ProjectName
-  # - Tag
-  # - Version (Git tag without `v` prefix)
-  # - Env (environment variables)
   # Default is `{{ .ProjectName }}_{{ .Version }}_checksums.txt`.
   name_template: "{{ .ProjectName }}_checksums.txt"
 
+sboms:
+  - artifacts: binary
+    documents: ["{{ .Binary }}_{{ .Os }}_{{ .Arch }}.sbom"]
+
 nfpms:
   - id: default
     # You can change the file name of the package.
-    #
-    # Default: `{{ .PackageName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}`
     file_name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}"
-    # file_name_template: "{{ .ProjectName }}_{{ .Os }}"
     vendor: Ibotta
     homepage: https://github.com/Ibotta/sopstool
     maintainer: Ibotta <[email protected]>
@@ -41,6 +52,7 @@ nfpms:
     formats:
       - deb
       - rpm
+      - apk
     # Packages your package depends on.
     dependencies:
       - sops
@@ -81,73 +93,15 @@ blobs:
     bucket: oss-pkg.ibotta.com
     # AWS Region to use.
     region: us-east-1
-    # path inside the bucket.
-    # This is parsed with the Go template engine and the following variables
-    # are available:
-    # - ProjectName
-    # - Tag
-    # - Version (Git tag without `v` prefix)
-    # There is also a template function "time" that takes a Go time format
-    # string to insert a formated timestamp into the release name.
-    # Default is `{{ .ProjectName }}/{{ .Tag }}`
-    # folder:
+    # Default: '{{ .ProjectName }}/{{ .Tag }}'
+    folder: "{{ .ProjectName }}/{{ .Tag }}"
   - provider: s3
     bucket: oss-pkg.ibotta.com
     region: us-east-1
     folder: "{{ .ProjectName }}"
-
-dockers:
-  - id: amd64image
-    goos: linux
-    # GOARCH of the built binary that should be used.
-    goarch: amd64
-    # GOARM of the built binary that should be used.
-    goarm: ""
-    # Name templates of the built binaries that should be used.
-    ids:
-      - sopstool
-    # Templates of the Docker image names.
-    image_templates:
-      - "ibotta/{{ .ProjectName }}:latest"
-      - "ibotta/{{ .ProjectName }}:{{ .Version }}"
-      - "ibotta/{{ .ProjectName }}:{{ .Tag }}"
-      - "ibotta/{{ .ProjectName }}:v{{ .Major }}"
-      - "ibotta/{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}"
-      - "ibotta/{{ .ProjectName }}:latest-amd64"
-      - "ibotta/{{ .ProjectName }}:{{ .Version }}-amd64"
-      - "ibotta/{{ .ProjectName }}:{{ .Tag }}-amd64"
-      - "ibotta/{{ .ProjectName }}:v{{ .Major }}-amd64"
-      - "ibotta/{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}-amd64"
-      - "ghcr.io/ibotta/{{ .ProjectName }}:latest"
-      - "ghcr.io/ibotta/{{ .ProjectName }}:{{ .Version }}"
-      - "ghcr.io/ibotta/{{ .ProjectName }}:{{ .Tag }}"
-      - "ghcr.io/ibotta/{{ .ProjectName }}:v{{ .Major }}"
-      - "ghcr.io/ibotta/{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}"
-      - "ghcr.io/ibotta/{{ .ProjectName }}:latest-amd64"
-      - "ghcr.io/ibotta/{{ .ProjectName }}:{{ .Version }}-amd64"
-      - "ghcr.io/ibotta/{{ .ProjectName }}:{{ .Tag }}-amd64"
-      - "ghcr.io/ibotta/{{ .ProjectName }}:v{{ .Major }}-amd64"
-      - "ghcr.io/ibotta/{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}-amd64"
-    # Skips the docker push. Could be useful if you also do draft releases.
-    # If set to auto, the release will not be pushed to the docker repository
-    # in case there is an indicator for prerelease in the tag e.g. v1.0.0-rc1
-    # Defaults to false.
-    skip_push: false
-    # Path to the Dockerfile (from the project root).
-    dockerfile: Dockerfile
-    # Template of the docker build flags.
-    build_flag_templates:
-      - "--label=org.label-schema.schema-version=1.0"
-      - "--label=org.label-schema.version={{.Version}}"
-      - "--label=org.label-schema.name={{.ProjectName}}"
-    # If your Dockerfile copies files other than the binary itself,
-    # you should list them here as well.
-    # Note that goreleaser will create the same structure inside the temporary
-    # folder, so if you add `foo/bar.json` here, on your Dockerfile you can
-    # `COPY foo/bar.json /whatever.json`.
-    # Also note that the paths here are relative to the folder in which
-    # goreleaser is being run.
-    # This field does not support wildcards, you can add an entire folder here
-    # and use wildcards when you `COPY`/`ADD` in your Dockerfile.
     extra_files:
-      - sopsinstall.sh
+      - glob: ./*install.sh
+
+publishers:
+  - name: deploy-sops
+    cmd: ./scripts/deploy-sops
@@ -1,8 +1,14 @@
 FROM alpine:latest as build
+ARG TARGETARCH
+
 RUN apk --update add ca-certificates
 
+# download appropriate sops (script gets latest)
 COPY sopsinstall.sh /tmp/sopsinstall.sh
-RUN sh /tmp/sopsinstall.sh -b /usr/local/bin
+RUN sh /tmp/sopsinstall.sh -b /usr/local/bin -a $TARGETARCH
+
+# grab appropriate sopstool binary from dist
+COPY dist/sopstool_linux_$TARGETARCH/sopstool /usr/local/bin/sopstool
 
 ##########
 
@@ -13,7 +19,7 @@ COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certifica
 # get sops
 COPY --from=build usr/local/bin/sops /usr/local/bin/sops
 # get sopstool
-COPY sopstool /usr/local/bin/sopstool
+COPY --from=build usr/local/bin/sopstool /usr/local/bin/sopstool
 
 WORKDIR /work
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,4 +5,5 @@ sopstool @@
     c.out
     *.cover
     .idea
-    .vscode
+    .vscode
+    bin