diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index c4223755..74022b2e 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -30,6 +30,11 @@ jobs: - name: Set up QEMU uses: docker/setup-qemu-action@v3 + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} - name: Run GoReleaser uses: goreleaser/goreleaser-action@v6 diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 463893ad..4b091539 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -1,5 +1,9 @@ version: 2 +# Publish the binaries directly, without any archiving +archives: + - formats: ["binary"] + builds: # You can have multiple builds defined as a yaml list - # @@ -42,34 +46,10 @@ builds: - "386" - "amd64" - "arm64" - -release: - # If set to auto, will mark the release as not ready for production - # in case there is an indicator for this in the tag e.g. v1.0.0-rc1 - # If set to true, will mark the release as not ready for production. - # Default is false. - prerelease: "auto" - - # If set to false, will NOT mark the release as "latest". - # This prevents it from being shown at the top of the release list, - # and from being returned when calling https://api.github.com/repos/OWNER/REPO/releases/latest. - # - # Available only for GitHub. - # - # Default is true. - # Since: v1.20 - make_latest: true - - # What to do with the release notes in case there the release already exists. - # - # Valid options are: - # - `keep-existing`: keep the existing notes - # - `append`: append the current release notes to the existing notes - # - `prepend`: prepend the current release notes to the existing notes - # - `replace`: replace existing notes - # - # Default is `keep-existing`. - mode: "append" + # List of combinations of GOOS + GOARCH + GOARM to ignore. + ignore: + - goos: "linux" + goarch: "386" checksum: # Algorithm to be used. @@ -93,7 +73,7 @@ checksum: algorithm: "sha256" # If true, will create one checksum file for each artifact. - split: true + split: false # Disable the generation/upload of the checksum file. disable: false @@ -240,3 +220,172 @@ docker_manifests: image_templates: - "pingidentity/pingcli:{{ .Tag }}-amd64" - "pingidentity/pingcli:{{ .Tag }}-arm64" + +nfpms: + # note that this is an array of nfpm configs + - # + # ID of the nfpm config, must be unique. + # + # Default: 'default'. + id: "pingcli" + + # Name of the package. + # + # Default: ProjectName. + # Templates: allowed. + package_name: "pingcli" + + # Your app's vendor. + vendor: "Ping Identity" + + # Your app's homepage. + # + # Default: inferred from global metadata. + homepage: "https://github.com/pingidentity/pingcli" + + # Your app's maintainer (probably you). + # + # Default: inferred from global metadata. + maintainer: "Ping Identity" + + # Your app's description. + # + # Default: inferred from global metadata. + description: "The Ping CLI is a unified command line interface for configuring and managing Ping Identity Services." + + # Your app's license. + # + # Default: inferred from global metadata. + license: "Apache 2.0" + + # Formats to be generated. + formats: + - "apk" + - "deb" + - "rpm" + + # Custom configuration applied only to the RPM packager. + rpm: + # The package summary. + # + # Default: first line of the description. + summary: "The Ping CLI is a unified command line interface for configuring and managing Ping Identity Services." + + # The packager is used to identify the organization that actually packaged + # the software, as opposed to the author of the software. + # `maintainer` will be used as fallback if not specified. + # This will expand any env var you set in the field, eg packager: ${PACKAGER} + packager: "Ping Identity" + + # Custom configuration applied only to the Deb packager. + deb: + # Additional fields for the control file. Empty fields are ignored. + # This will expand any env vars you set in the field values, e.g. Vcs-Browser: ${CI_PROJECT_URL} + fields: + Bugs: "https://github.com/pingidentity/pingcli/issues" + + apk: + # The package is signed if a key_file is set + signature: + # The name of the signing key. When verifying a package, the signature + # is matched to the public key store in /etc/apk/keys/.rsa.pub. + # + # Default: maintainer's email address. + # Templates: allowed. + key_name: "origin" + +release: + # If set to auto, will mark the release as not ready for production + # in case there is an indicator for this in the tag e.g. v1.0.0-rc1 + # If set to true, will mark the release as not ready for production. + # Default is false. + prerelease: "auto" + + # If set to false, will NOT mark the release as "latest". + # This prevents it from being shown at the top of the release list, + # and from being returned when calling https://api.github.com/repos/OWNER/REPO/releases/latest. + # + # Available only for GitHub. + # + # Default is true. + # Since: v1.20 + make_latest: true + + # What to do with the release notes in case there the release already exists. + # + # Valid options are: + # - `keep-existing`: keep the existing notes + # - `append`: append the current release notes to the existing notes + # - `prepend`: prepend the current release notes to the existing notes + # - `replace`: replace existing notes + # + # Default is `keep-existing`. + mode: "append" + +signs: + - # + # ID of the sign config, must be unique. + # + # Default: 'default'. + id: "checksum" + + # Which artifacts to sign + # + # Valid options are: + # - none no signing + # - all: all artifacts + # - checksum: checksum files + # - source: source archive + # - package: Linux packages (deb, rpm, apk, etc) + # - installer: Windows MSI installers (Pro only) + # - diskimage: macOS DMG disk images (Pro only) + # - archive: archives from archive pipe + # - sbom: any SBOMs generated for other artifacts + # - binary: binaries (only when `archives.format` is 'binary', use binaries_sign otherwise) + # + # Default: 'none'. + artifacts: "checksum" + - # + # ID of the sign config, must be unique. + # + # Default: 'default'. + id: "binary" + + # Which artifacts to sign + # + # Valid options are: + # - none no signing + # - all: all artifacts + # - checksum: checksum files + # - source: source archive + # - package: Linux packages (deb, rpm, apk, etc) + # - installer: Windows MSI installers (Pro only) + # - diskimage: macOS DMG disk images (Pro only) + # - archive: archives from archive pipe + # - sbom: any SBOMs generated for other artifacts + # - binary: binaries (only when `archives.format` is 'binary', use binaries_sign otherwise) + # + # Default: 'none'. + artifacts: "binary" + - # + # ID of the sign config, must be unique. + # + # Default: 'default'. + id: "package" + + # Which artifacts to sign + # + # Valid options are: + # - none no signing + # - all: all artifacts + # - checksum: checksum files + # - source: source archive + # - package: Linux packages (deb, rpm, apk, etc) + # - installer: Windows MSI installers (Pro only) + # - diskimage: macOS DMG disk images (Pro only) + # - archive: archives from archive pipe + # - sbom: any SBOMs generated for other artifacts + # - binary: binaries (only when `archives.format` is 'binary', use binaries_sign otherwise) + # + # Default: 'none'. + artifacts: "package" diff --git a/README.md b/README.md index 5fc6a9de..a1c5aef7 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ The Ping CLI is a unified command line interface for configuring and managing Pi ## Install -#### Docker +### Docker Use the [Ping CLI Docker image](https://hub.docker.com/r/pingidentity/pingcli) @@ -20,22 +20,85 @@ docker run docker run --version ``` -#### macOS/Linux - Homebrew +### macOS + +##### Homebrew Use PingIdentity's Homebrew tap to install Ping CLI ```shell brew install pingidentity/tap/pingcli ``` -or +OR ``` shell brew tap pingidentity/tap brew install pingcli ``` -#### Manual Installation - macOS/Linux +##### Manual Installation + +See [the latest GitHub release](https://github.com/pingidentity/pingcli/releases/latest) for artifact downloads, artifact signatures, and the checksum file. To verify package downloads, see the [Verify Section](#verify). + +OR + +Use the following single-line command to install Ping CLI into '/usr/local/bin' directly. + +```shell +RELEASE_VERSION=$(basename $(curl -Ls -o /dev/null -w %{url_effective} https://github.com/pingidentity/pingcli/releases/latest)); \ +OS_NAME=$(uname -s); \ +HARDWARE_PLATFORM=$(uname -m | sed s/aarch64/arm64/ | sed s/x86_64/amd64/); \ +URL="https://github.com/pingidentity/pingcli/releases/download/${RELEASE_VERSION}/pingcli_${RELEASE_VERSION#v}_${OS_NAME}_${HARDWARE_PLATFORM}"; \ +curl -Ls -o pingcli "${URL}"; \ +mv pingcli /usr/local/bin/pingcli; +``` + +### Linux + +##### Homebrew + +Use PingIdentity's Homebrew tap to install Ping CLI + +```shell +brew install pingidentity/tap/pingcli +``` +OR +``` shell +brew tap pingidentity/tap +brew install pingcli +``` + +##### Alpine (.apk) + +See [the latest GitHub release](https://github.com/pingidentity/pingcli/releases/latest) for Alpine (.apk) package downloads. To verify package downloads, see the [Verify Section](#verify). + +```shell +apk add --allow-untrusted pingcli__linux_amd64.apk +apk add --allow-untrusted pingcli__linux_arm64.apk +``` + +##### Debian/Ubuntu (.deb) + +See [the latest GitHub release](https://github.com/pingidentity/pingcli/releases/latest) for Debian (.deb) package downloads. To verify package downloads, see the [Verify Section](#verify). + +```shell +apt-get install pingcli__linux_amd64.deb +apt-get install pingcli__linux_arm64.deb +``` + +##### CentOS/Fedora/RHEL (.rpm) -See [the latest GitHub release](https://github.com/pingidentity/pingcli/releases/latest) for binary downloads and SHA256 checksum files. +See [the latest GitHub release](https://github.com/pingidentity/pingcli/releases/latest) for RPM (.rpm) package downloads. To verify package downloads, see the [Verify Section](#verify). + +```shell +yum install pingcli__linux_amd64.rpm +yum install pingcli__linux_arm64.rpm +dnf install pingcli__linux_amd64.rpm +dnf install pingcli__linux_arm64.rpm +``` + +##### Manual Installation + +See [the latest GitHub release](https://github.com/pingidentity/pingcli/releases/latest) for artifact downloads, artifact signatures, and the checksum file. To verify package downloads, see the [Verify Section](#verify). OR @@ -45,15 +108,16 @@ Use the following single-line command to install Ping CLI into '/usr/local/bin' RELEASE_VERSION=$(basename $(curl -Ls -o /dev/null -w %{url_effective} https://github.com/pingidentity/pingcli/releases/latest)); \ OS_NAME=$(uname -s); \ HARDWARE_PLATFORM=$(uname -m | sed s/aarch64/arm64/ | sed s/x86_64/amd64/); \ -URL="https://github.com/pingidentity/pingcli/releases/download/${RELEASE_VERSION}/pingcli_${RELEASE_VERSION#v}_${OS_NAME}_${HARDWARE_PLATFORM}.tar.gz"; \ -curl -Ls -o pingcli.tar.gz "${URL}"; \ -tar -zxf pingcli.tar.gz -C /usr/local/bin pingcli; \ -rm -f pingcli.tar.gz +URL="https://github.com/pingidentity/pingcli/releases/download/${RELEASE_VERSION}/pingcli_${RELEASE_VERSION#v}_${OS_NAME}_${HARDWARE_PLATFORM}"; \ +curl -Ls -o pingcli "${URL}"; \ +mv pingcli /usr/local/bin/pingcli; ``` -#### Manual Installation - Windows +### Windows + +##### Manual Installation -See [the latest GitHub release](https://github.com/pingidentity/pingcli/releases/latest) for binary downloads and SHA256 checksum files. +See [the latest GitHub release](https://github.com/pingidentity/pingcli/releases/latest) for artifact downloads, artifact signatures, and the checksum file. To verify package downloads, see the [Verify Section](#verify). OR @@ -63,10 +127,36 @@ $latestReleaseUrl = Invoke-WebRequest -Uri "https://github.com/pingidentity/ping $RELEASE_VERSION = [System.IO.Path]::GetFileName($latestReleaseUrl.Headers.Location); ` $RELEASE_VERSION_NO_PREFIX = $RELEASE_VERSION -replace "^v", ""; ` $HARDWARE_PLATFORM = $env:PROCESSOR_ARCHITECTURE -replace "ARM64", "arm64" -replace "x86", "386" -replace "AMD64", "amd64" -replace "EM64T", "amd64"; ` -$URL = "https://github.com/pingidentity/pingcli/releases/download/${RELEASE_VERSION}/pingcli_${RELEASE_VERSION_NO_PREFIX}_windows_${HARDWARE_PLATFORM}.tar.gz" -Invoke-WebRequest -Uri $URL -OutFile "pingcli.tar.gz"; ` -tar -zxf "pingcli.tar.gz" -C "${env:LOCALAPPDATA}\Programs" pingcli.exe; ` -Remove-Item "pingcli.tar.gz" +$URL = "https://github.com/pingidentity/pingcli/releases/download/${RELEASE_VERSION}/pingcli_${RELEASE_VERSION_NO_PREFIX}_windows_${HARDWARE_PLATFORM}" +Invoke-WebRequest -Uri $URL -OutFile "pingcli.exe"; ` +Move-Item -Path pingcli.exe -Destination "${env:LOCALAPPDATA}\Programs" +``` + +## Verify + +### Checksums + +See [the latest GitHub release](https://github.com/pingidentity/pingcli/releases/latest) for the checksums.txt file. The checksums are in the format of SHA256. + +### GPG Signatures + +See [the latest GitHub release](https://github.com/pingidentity/pingcli/releases/latest) for the artifact downloads and signature files. + +##### Add our public GPG Key via OpenPGP Public Key Server + +```shell +gpg --keyserver keys.openpgp.org --recv-key 0x6703FFB15B36A7AC +``` + +##### Add our public GPG Key via MIT PGP Public Key Server +```shell +gpg --keyserver keys.openpgp.org --recv-key 0x6703FFB15B36A7AC +``` + +##### Verify Artifact via Signature File + +```shell +gpg --verify .sig ``` ## Configure Ping CLI