From 5de2065b0175e5f0d6aa28a0e03ecb5de05aa5a5 Mon Sep 17 00:00:00 2001 From: Raúl Benencia Date: Fri, 5 Jun 2026 21:26:44 -0300 Subject: Add release workflow with reproducible builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds .github/workflows/release.yml triggered on v* tags. Builds linux/amd64 and linux/arm64 with -trimpath, CGO_ENABLED=0, and SOURCE_DATE_EPOCH set from the tag commit — the three flags required for Debian-compatible reproducible Go builds. Uploads binaries and a sha256sums.txt to the GitHub Release via softprops/action-gh-release. Wires a version variable in main.go (defaulting to "dev") that is stamped at build time via -ldflags "-X main.version=". The Makefile gains the same flags for local builds (VERSION ?= dev). --- .github/workflows/release.yml | 35 +++++++++++++++++++++++++++++++++++ Makefile | 12 +++++++----- main.go | 3 +++ 3 files changed, 45 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..c5100f8 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,35 @@ +name: Release + +on: + push: + tags: ["v*"] + +jobs: + release: + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + + - name: Build binaries + env: + VERSION: ${{ github.ref_name }} + run: | + SOURCE_DATE_EPOCH=$(git log -1 --format=%ct) + mkdir -p dist + for GOARCH in amd64 arm64; do + CGO_ENABLED=0 GOOS=linux GOARCH=$GOARCH SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH \ + go build -trimpath \ + -ldflags="-s -w -X main.version=${VERSION}" \ + -o dist/shoelaces-linux-${GOARCH} . + done + cd dist && sha256sum * > sha256sums.txt + + - uses: softprops/action-gh-release@v2 + with: + files: dist/* diff --git a/Makefile b/Makefile index 438452c..9d9d33c 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,7 @@ GO = go SCDOC = scdoc -LDFLAGS = "-s -w" +VERSION ?= dev +LDFLAGS = "-s -w -X main.version=$(VERSION)" pkgs = $(shell $(GO) list ./... | grep -v /vendor/) @@ -19,13 +20,14 @@ shoelaces.8: docs: shoelaces.8 test: fmt - $(GO) test -v $(pkgs) && \ - ./test/integ-test/integ_test.py -vv + $(GO) test -v $(pkgs) && \ + ./test/integ-test/integ_test.py -vv .PHONY: all clean docs binaries: linux windows linux: - GOOS=linux ${GO} build -o bin/shoelaces -ldflags ${LDFLAGS} + SOURCE_DATE_EPOCH=$(shell git log -1 --format=%ct) \ + CGO_ENABLED=0 GOOS=linux ${GO} build -trimpath -o bin/shoelaces -ldflags ${LDFLAGS} windows: - GOOS=windows ${GO} build -o bin/shoelaces.exe -ldflags ${LDFLAGS} + CGO_ENABLED=0 GOOS=windows ${GO} build -trimpath -o bin/shoelaces.exe -ldflags ${LDFLAGS} diff --git a/main.go b/main.go index 60c25b7..95fd16e 100644 --- a/main.go +++ b/main.go @@ -23,10 +23,13 @@ import ( "github.com/thousandeyes/shoelaces/internal/router" ) +var version = "dev" + func main() { env := environment.New() app := handlers.MiddlewareChain(env, router.ShoelacesRouter(env)) + env.Logger.Info("starting", "component", "main", "version", version) env.Logger.Info("listening", "component", "main", "transport", "http", "addr", env.BindAddr) env.Logger.Error("server exited", "component", "main", "err", http.ListenAndServe(env.BindAddr, app)) -- cgit v1.2.3