deployment: publish with github actions and goreleaser (#586)

* Add release workflow

.github/Dockerfile-release

@@ -0,0 +1,9 @@
+FROM busybox:latest as build
+RUN touch /config.yaml
+
+FROM gcr.io/distroless/static
+WORKDIR /pomerium
+COPY pomerium* /bin/
+COPY --from=build /config.yaml /pomerium/config.yaml
+ENTRYPOINT [ "/bin/pomerium" ]
+CMD ["-config","/pomerium/config.yaml"]

.github/Dockerfile-release.arm32v6

@@ -0,0 +1,11 @@
+FROM busybox:latest as build
+RUN touch /config.yaml
+
+FROM arm32v7/alpine
+WORKDIR /pomerium
+COPY --from=multiarch/qemu-user-static /usr/bin/qemu-aarch64-static /usr/bin/
+RUN apk --no-cache add ca-certificates
+COPY pomerium* /bin/
+COPY --from=build /config.yaml /pomerium/config.yaml
+ENTRYPOINT [ "/bin/pomerium" ]
+CMD ["-config","/pomerium/config.yaml"]

.github/Dockerfile-release.arm32v7

@@ -0,0 +1,11 @@
+FROM busybox:latest as build
+RUN touch /config.yaml
+
+FROM arm32v7/alpine
+WORKDIR /pomerium
+COPY --from=multiarch/qemu-user-static /usr/bin/qemu-aarch64-static /usr/bin/
+RUN apk --no-cache add ca-certificates
+COPY pomerium* /bin/
+COPY --from=build /config.yaml /pomerium/config.yaml
+ENTRYPOINT [ "/bin/pomerium" ]
+CMD ["-config","/pomerium/config.yaml"]

.github/Dockerfile-release.arm64v8

@@ -0,0 +1,11 @@
+FROM busybox:latest as build
+RUN touch /config.yaml
+
+FROM arm64v8/alpine
+WORKDIR /pomerium
+COPY --from=multiarch/qemu-user-static /usr/bin/qemu-aarch64-static /usr/bin/
+RUN apk --no-cache add ca-certificates
+COPY pomerium* /bin/
+COPY --from=build /config.yaml /pomerium/config.yaml
+ENTRYPOINT [ "/bin/pomerium" ]
+CMD ["-config","/pomerium/config.yaml"]

.github/goreleaser.yaml

@@ -0,0 +1,166 @@
+project_name: pomerium
+
+release:
+  github:
+    owner: pomerium
+    name: pomerium
+  name_template: "v{{.Version}}"
+
+before:
+  hooks:
+    - go mod download
+
+builds:
+  - id: pomerium
+    main: cmd/pomerium/main.go
+    binary: pomerium
+    env:
+      - CGO_ENABLED=0
+    goarch:
+      - amd64
+      - arm
+      - arm64
+    goos:
+      - linux
+      - darwin
+      - windows
+      - freebsd
+    goarm:
+      - 6
+      - 7
+    ignore:
+      - goos: freebsd
+        goarch: arm64
+      - goos: freebsd
+        goarch: arm
+
+    ldflags:
+      - -s -w
+      - -X github.com/pomerium/pomerium/internal/version.Version={{.Version}}
+      - -X github.com/pomerium/pomerium/internal/version.GitCommit={{.ShortCommit}}
+      - -X github.com/pomerium/pomerium/internal/version.BuildMeta={{.Timestamp}}
+      - -X github.com/pomerium/pomerium/internal/version.ProjectName=pomerium
+      - -X github.com/pomerium/pomerium/internal/version.ProjectURL=https://wwww.pomerium.io
+
+  - id: pomerium-cli
+    main: cmd/pomerium-cli/cli.go
+    binary: pomerium-cli
+    env:
+      - CGO_ENABLED=0
+    goarch:
+      - amd64
+      - arm
+      - arm64
+    goos:
+      - linux
+      - darwin
+      - windows
+      - freebsd
+    goarm:
+      - 6
+      - 7
+    ignore:
+      - goos: freebsd
+        goarch: arm64
+      - goos: freebsd
+        goarch: arm
+
+    ldflags:
+      - -s -w
+      - -X github.com/pomerium/pomerium/internal/version.Version={{.Version}}
+      - -X github.com/pomerium/pomerium/internal/version.GitCommit={{.ShortCommit}}
+      - -X github.com/pomerium/pomerium/internal/version.BuildMeta={{.Timestamp}}
+      - -X github.com/pomerium/pomerium/internal/version.ProjectName=pomerium
+      - -X github.com/pomerium/pomerium/internal/version.ProjectURL=https://wwww.pomerium.io
+
+archives:
+  - name_template: "{{ .ProjectName }}-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
+    builds:
+      - pomerium
+      - pomerium-cli
+    files:
+      - none*
+    format_overrides:
+      - goos: windows
+        format: zip
+
+checksum:
+  name_template: "{{ .ProjectName }}_checksums.txt"
+
+snapshot:
+  name_template: "{{ .Tag }}+next"
+
+dockers:
+  - image_templates:
+      - "pomerium/pomerium:{{ .Tag }}"
+      - "pomerium/pomerium:latest"
+    dockerfile: .github/Dockerfile-release
+    binaries:
+      - pomerium
+      - pomerium-cli
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--label=repository=http://github.com/pomerium/pomerium"
+      - "--label=homepage=http://www.pomerium.io"
+
+  - goarch: arm64
+    image_templates:
+      - "pomerium/pomerium:arm64v8-{{ .Tag }}"
+      - "pomerium/pomerium:arm64v8-latest"
+    dockerfile: .github/Dockerfile-release.arm64v8
+    binaries:
+      - pomerium
+      - pomerium-cli
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--label=repository=http://github.com/pomerium/pomerium"
+      - "--label=homepage=http://www.pomerium.io"
+
+  - goarch: arm
+    goarm: 7
+    image_templates:
+      - "pomerium/pomerium:arm32v7-{{ .Tag }}"
+      - "pomerium/pomerium:arm32v7-latest"
+    dockerfile: .github/Dockerfile-release.arm32v7
+    binaries:
+      - pomerium
+      - pomerium-cli
+
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--label=repository=http://github.com/pomerium/pomerium"
+      - "--label=homepage=http://www.pomerium.io"
+
+  - goarch: arm
+    goarm: 6
+    image_templates:
+      - "pomerium/pomerium:arm32v6-{{ .Tag }}"
+      - "pomerium/pomerium:arm32v6-latest"
+    dockerfile: .github/Dockerfile-release.arm32v6
+    binaries:
+      - pomerium
+      - pomerium-cli
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--label=repository=http://github.com/pomerium/pomerium"
+      - "--label=homepage=http://www.pomerium.io"

.github/workflows/release.yaml

@@ -0,0 +1,32 @@
+name: Release
+
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Unshallow
+        run: git fetch --prune --unshallow
+      - name: Set up Go
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.14.x
+      - name: Set up Docker
+        run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+      - uses: azure/docker-login@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v1
+        with:
+          version: latest
+          args: release --config .github/goreleaser.yaml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.travis.yml

@@ -1,123 +0,0 @@
-stages:
-  - name: test
-    if: fork = false AND type = push
-  - name: "Docker Build and Publish"
-    if: fork = false AND type = push
-
-language: go
-go:
-  - 1.x
-  - tip
-cache:
-  directories:
-    - $HOME/.cache/go-build
-    - $HOME/gopath/pkg/mod
-
-before_script:
-  - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
-  - chmod +x ./cc-test-reporter
-  - ./cc-test-reporter before-build
-
-script:
-  - env GOPROXY=https://proxy.golang.org GO111MODULE=on make all
-  - env GO111MODULE=on make cover
-  - env GO111MODULE=on make release
-  - env GOPROXY=https://proxy.golang.org GO111MODULE=on go test ./... -coverprofile c.out
-
-after_success:
-  - bash <(curl -s https://codecov.io/bash)
-  - ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT
-
-deploy:
-  provider: releases
-  api_key:
-    secure: LhWnZHIilCFItgLJUfWUvbJSLFLpzlANj80Ji8y/MnzHGfnn5baYQpYA6eUnOkO6oXU1Uca+KLEQjDa4ySg6++B+5+jkmkWS4PWtj084dgXcKVIrBOt0CX46z8212Fii4WxGKY+Cukw3HejGq5XZmExxcAWbAGDklGedOvZWQImId62/nWjAJc5GLbXgz++i+67d7Uqfcd2wqZfWXsy8OIAG6VnjEP7spUALgaDt4HJaHZU4M9yDxkLX+3eKMuEl5DAJplmEsyDz1xYTcuYRQ7kFv3krXWyb5q9YQhGi8hwv7O93Q1iKMS2lk1rq9TTsr4AlW8lTrms7nvhKNWQWfdGmB2TEyBL/yZ3oaVO45oJoXhd0ff0ufa4VI05o+4WAEeYMkyFEnPxzbRZzPmz28zv9VLWuhS0qav9OnJgBVjFPhCrCYVyCZ6HP/alhrHjepr9hM5DLKwSzNkXWWMsJ4sraRFXQvAXTUbOE3qaeM3WYZ0TXwMNCfwGqE9tx6lXPZNirXZ6UH3qa5CGGyE3S73wUOo6Wo1yG7yBpuGHs485p+QJK+j3dhsJi+PAr4KShUhT7VvLNgidRkeaLGUCcrVf4J+UMCwWSoh5QGEy2lj1Ur4D8+dzXI9BOhL/EvtB3fozzycJ7ZJHLkPfFGnKfY83Q7A3oZ5MXDaWXBNSzTp4=
-  on:
-    tags: true
-  file:
-    - dist/pomerium-darwin-amd64
-    - dist/pomerium-darwin-amd64.md5
-    - dist/pomerium-darwin-amd64.sha256
-    - dist/pomerium-linux-amd64
-    - dist/pomerium-linux-amd64.md5
-    - dist/pomerium-linux-amd64.sha256
-    - dist/pomerium-windows-amd64
-    - dist/pomerium-windows-amd64.md5
-    - dist/pomerium-windows-amd64.sha256
-  skip_cleanup: true
-
-docker_setup: &docker_setup
-  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
-  - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-  - sudo apt-get update
-  - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
-  - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
-
-docker_login: &docker_login
-  - echo ${DOCKER_PASSWORD} | docker login -u ${DOCKER_USERNAME} --password-stdin
-
-matrix:
-  allow_failures:
-    - go: tip
-  fast_finish: true
-  include:
-    - name: "Build Master amd64"
-      stage: "Docker Build and Publish"
-      if: branch = master
-      install: *docker_setup
-      before_script: *docker_login
-      go: 1.x
-      script:
-        - .travis/docker_build.sh ${TRAVIS_REPO_SLUG}:master Dockerfile
-        - docker push ${TRAVIS_REPO_SLUG}
-
-    - name: "Build Master arm64v8"
-      if: branch = master
-      install: *docker_setup
-      before_script: *docker_login
-      go: 1.x
-      script:
-        - .travis/docker_build.sh ${TRAVIS_REPO_SLUG}:arm64v8-master Dockerfile.arm64v8
-        - docker push ${TRAVIS_REPO_SLUG}
-
-    - name: "Build Tag amd64"
-      if: tag =~ /^v([0-9.]+)$/
-      install: *docker_setup
-      before_script: *docker_login
-      go: 1.x
-      script:
-        - .travis/docker_build.sh ${TRAVIS_REPO_SLUG}:${TRAVIS_TAG} Dockerfile
-        - docker tag ${TRAVIS_REPO_SLUG}:${TRAVIS_TAG} ${TRAVIS_REPO_SLUG}:latest
-        - docker tag ${TRAVIS_REPO_SLUG}:${TRAVIS_TAG} ${TRAVIS_REPO_SLUG}:amd64-latest
-        - docker tag ${TRAVIS_REPO_SLUG}:${TRAVIS_TAG} ${TRAVIS_REPO_SLUG}:amd64-${TRAVIS_TAG}
-        - docker push ${TRAVIS_REPO_SLUG}
-
-    - name: "Build Tag arm64v8"
-      if: tag =~ /^v([0-9.]+)$/
-      install: *docker_setup
-      before_script: *docker_login
-      go: 1.x
-      script:
-        - .travis/docker_build.sh ${TRAVIS_REPO_SLUG}:arm64v8-${TRAVIS_TAG} Dockerfile.arm64v8
-        - docker tag ${TRAVIS_REPO_SLUG}:arm64v8-${TRAVIS_TAG} ${TRAVIS_REPO_SLUG}:arm64v8-latest
-        - docker push ${TRAVIS_REPO_SLUG}
-
-    - name: "Build Tag arm32v7"
-      if: tag =~ /^v([0-9.]+)$/
-      install: *docker_setup
-      before_script: *docker_login
-      go: 1.x
-      script:
-        - .travis/docker_build.sh ${TRAVIS_REPO_SLUG}:arm32v7-${TRAVIS_TAG} Dockerfile.arm32v7
-        - docker tag ${TRAVIS_REPO_SLUG}:arm32v7-${TRAVIS_TAG} ${TRAVIS_REPO_SLUG}:arm32v7-latest
-        - docker push ${TRAVIS_REPO_SLUG}
-
-    - name: "Build Tag arm32v6"
-      if: tag =~ /^v([0-9.]+)$/
-      install: *docker_setup
-      before_script: *docker_login
-      go: 1.x
-      script:
-        - .travis/docker_build.sh ${TRAVIS_REPO_SLUG}:arm32v6-${TRAVIS_TAG} Dockerfile.arm32v6
-        - docker tag ${TRAVIS_REPO_SLUG}:arm32v6-${TRAVIS_TAG} ${TRAVIS_REPO_SLUG}:arm32v6-latest
-        - docker push ${TRAVIS_REPO_SLUG}

.travis/docker_build.sh

@@ -1,6 +0,0 @@
-#!/bin/sh -e
-
-FULL_IMAGE_NAME=${1:-pomerium/pomerium}
-DOCKERFILE=${2:-Dockerfile}
-
-docker build -t "${FULL_IMAGE_NAME}" -f "${DOCKERFILE}" .

Dockerfile

@@ -1,18 +1,11 @@
 FROM golang:latest as build
 WORKDIR /go/src/github.com/pomerium/pomerium
-# docker build --build-arg ARCH=arm --build-arg ARM=7 .
-# frustratingly not supported by dockerhub automated builds though
-ARG ARCH=amd64
-ARG ARM=7  
 
-ENV CGO_ENABLED=0
-ENV GO111MODULE=on
-ENV GOARCH=${ARCH}
-ENV GOARM=${ARM}
 # cache depedency downloads
 COPY go.mod go.sum ./
 RUN go mod download
 COPY . .
+
 # build
 RUN make
 RUN touch /config.yaml

Dockerfile.arm32v6

@@ -1,22 +0,0 @@
-FROM golang:latest as build
-WORKDIR /go/src/github.com/pomerium/pomerium
-ENV CGO_ENABLED=0
-ENV GO111MODULE=on
-ENV GOARCH=arm
-ENV GOARM=6
-# cache depedency downloads
-COPY go.mod go.sum ./
-RUN go mod download
-COPY . .
-# build 
-RUN make build
-RUN touch /config.yaml
-
-FROM arm32v6/alpine
-WORKDIR /pomerium
-COPY --from=multiarch/qemu-user-static /usr/bin/qemu-arm-static /usr/bin/
-RUN apk --no-cache add ca-certificates
-COPY --from=build /go/src/github.com/pomerium/pomerium/bin/* /bin/
-COPY --from=build /config.yaml /pomerium/config.yaml
-ENTRYPOINT [ "/bin/pomerium" ]
-CMD ["-config","/pomerium/config.yaml"]

Dockerfile.arm32v7

@@ -1,22 +0,0 @@
-FROM golang:latest as build
-WORKDIR /go/src/github.com/pomerium/pomerium
-ENV CGO_ENABLED=0
-ENV GO111MODULE=on
-ENV GOARCH=arm
-ENV GOARM=7
-# cache depedency downloads
-COPY go.mod go.sum ./
-RUN go mod download
-COPY . .
-# build 
-RUN make build
-RUN touch /config.yaml
-
-FROM arm32v7/alpine
-WORKDIR /pomerium
-COPY --from=multiarch/qemu-user-static /usr/bin/qemu-arm-static /usr/bin/
-RUN apk --no-cache add ca-certificates
-COPY --from=build /go/src/github.com/pomerium/pomerium/bin/* /bin/
-COPY --from=build /config.yaml /pomerium/config.yaml
-ENTRYPOINT [ "/bin/pomerium" ]
-CMD ["-config","/pomerium/config.yaml"]

Dockerfile.arm64v8

@@ -1,21 +0,0 @@
-FROM golang:latest as build
-WORKDIR /go/src/github.com/pomerium/pomerium
-ENV CGO_ENABLED=0
-ENV GO111MODULE=on
-ENV GOARCH=arm64
-# cache depedency downloads
-COPY go.mod go.sum ./
-RUN go mod download
-COPY . .
-# build 
-RUN make build
-RUN touch /config.yaml
-
-FROM arm64v8/alpine
-WORKDIR /pomerium
-COPY --from=multiarch/qemu-user-static /usr/bin/qemu-aarch64-static /usr/bin/
-RUN apk --no-cache add ca-certificates
-COPY --from=build /go/src/github.com/pomerium/pomerium/bin/* /bin/
-COPY --from=build /config.yaml /pomerium/config.yaml
-ENTRYPOINT [ "/bin/pomerium" ]
-CMD ["-config","/pomerium/config.yaml"]