[QT-687] Rewrite packaging action (#18)

* [QT-687] Rewrite packaging action This is a proposal for a possible v2 of this action. It makes the following changes * Rewrite to run as a composite action instead of Docker action. We do this for two primary reasons: * Building the action for every packing workflow is slow. Depending on the runner this could be anywhere from 15 seconds to a minute. This is work that we need not do on every packaging workflow. * It relies on the Docker hub which often throws 429 errors in packaging workflows. * Use upstream build artifacts instead of building nPFM from source * We still require Github with this method but instead of compiling the binary from source we install the pre-built artifact. * We no longer depends on Kyle's branch which was already a bit of a security risk since he's no longer employed at HashiCorp and we're not pinning to a Git SHA. (The bug fix in his branch was fixed upstream already [0]) Because of the new change in implementation we also consider: * Whether or not to install Go for the template generator. This allows callers to set up their own Go toolchain if the want. * Add testing for this Go behavior. * Add new inputs for nFPM version and installation path. If we can assume that this workflow was only ever run on Linux or macOS runners then it should be fully backwards compatible. If not, it will not work on windows at this time. [0] https://github.com/goreleaser/nfpm/blob/main/deb/deb_test.go#L217 Signed-off-by: Ryan Cragun <[email protected]> * remove unused bin path Signed-off-by: Ryan Cragun <[email protected]> * Clean up action for merge Signed-off-by: Ryan Cragun <[email protected]> --------- Signed-off-by: Ryan Cragun <[email protected]>
hashicorp · Apr 1, 2024 · f20e9ab · f20e9ab
1 parent ec59662
commit f20e9ab
Show file tree

Hide file tree

Showing 6 changed files with 181 additions and 56 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,44 @@
+name: test
+on:
+  pull_request:
+
+jobs:
+  test:
+    name: packaging
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # Make sure it handles running in workflows that haven't set up a Go toolchain
+        go_toolchain_preinstalled:
+          - true
+          - false
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          path: build
+      - if: matrix.go_toolchain_preinstalled == true
+        uses: actions/setup-go@v5
+        with:
+          cache: false
+          go-version-file: build/go.mod
+      - name: build binary
+        id: build
+        working-directory: build
+        run: |
+          go build -o template .
+          echo "binary-path=$(readlink -f template)" | tee -a "$GITHUB_OUTPUT"
+          ls -la
+      - uses: actions/checkout@v4
+        with:
+          path: action
+      - uses: ./action
+        with:
+          name: template
+          description: Test packing the binary
+          arch: amd64
+          version: 1.0.0
+          maintainer: HashiCorp
+          homepage: https://github.com/hashicorp/actions-packaging-linux
+          license: MPL-2.0
+          binary: ${{ steps.build.outputs.binary-path }}
+          bin_path: /usr/local/bin
diff --git a/Dockerfile b/Dockerfile
diff --git a/action.yml b/action.yml
@@ -10,6 +10,10 @@ author: 'Kyle Penfound <[email protected]>'
 # action description
 description: 'Packages binaries using nfpm.'
 
+branding:
+  icon: package
+  color: purple
+
 # action input values
 inputs:
   name:
@@ -48,10 +52,6 @@ inputs:
     description: 'Binary location to package.'
     default: ''
     required: false
-  bin_path:
-    description: 'Path to install the binary at'
-    default: '/usr/bin'
-    required: false
   config_dir:
     description: 'Directory of configs in desired filesystem structure.'
     default: ''
@@ -80,10 +80,132 @@ inputs:
     description: 'Postremove script location.'
     default: ''
     required: false
+  nfpm_destination:
+    description: "Where to install the nFPM binary (default: $HOME/bin/nfpm)"
+    type: string
+    default: "$HOME/bin/nfpm"
+  nfpm_version:
+    description: "The version of nFPM to install (default: latest)"
+    type: string
+    default: Latest
 
-# action runner (golang:latest image)
 runs:
-  using: 'docker'
-  image: 'Dockerfile'
+  using: composite
   env:
-    GO111MODULE: 'on'
+    INPUT_NAME: ${{ inputs.name }}
+    INPUT_ARCH: ${{ inputs.arch }}
+    INPUT_VERSION: ${{ inputs.version }}
+    INPUT_MAINTAINER: ${{ inputs.maintainer }}
+    INPUT_VENDOR: ${{ inputs.vendor }}
+    INPUT_DESCRIPTION: ${{ inputs.description }}
+    INPUT_HOMEPAGE: ${{ inputs.homepage
+    INPUT_LICENSE: ${{ inputs.license }}
+    INPUT_DEPENDS: ${{ inputs.depends }}
+    INPUT_BINARY: ${{ inputs.binary }}
+    INPUT_CONFIG_DIR: ${{ inputs.config_dir }}
+    INPUT_PREINSTALL: ${{ inputs.preinstall }}
+    INPUT_POSTINSTALL: ${{ inputs.postinstall }}
+    INPUT_PREREMOVE: ${{ inputs.preremove }}
+    INPUT_POSTREMOVE: ${{ inputs.postremove }}
+  steps:
+    - uses: actions/checkout@v4
+      with:
+        path: nfpm_packaging
+    - name: Install nFPM
+      working-directory: nfpm_packaging
+      shell: bash
+      env:
+        GH_TOKEN: ${{ github.token }}
+      run: |
+        VERSION=$(gh release list -R goreleaser/nfpm --exclude-drafts --exclude-pre-releases | grep ${{ inputs.nfpm_version }} | cut -f1)
+
+        mkdir -p "$(dirname "${{ inputs.nfpm_destination }}")"
+        DESTINATION="$(readlink -f ${{ inputs.nfpm_destination }})"
+        DESTINATION_DIR="$(dirname "$DESTINATION")"
+        echo "$DESTINATION_DIR" >> "$GITHUB_PATH"
+
+        case "$RUNNER_ARCH" in
+          ARM)
+            printf "nfpm is not built for ARM, please build packages on X86, X64, or ARM64 runners" 1>&2
+            exit 1
+            ;;
+          X86)
+            printf "nfpm is not built for X86, please build packages on X64 or ARM64 runners" 1>&2
+            exit 1
+            ;;
+          ARM64)
+            ARCH="arm64"
+            ;;
+          X64)
+            ARCH="x86_64"
+            ;;
+        esac
+
+        OS="$RUNNER_OS"
+        case "$RUNNER_OS" in
+          macOS)
+            OS="Darwin"
+            ;;
+          Windows)
+            printf "this action must be run on Linux or macOS runner" 1>&2
+            exit 1
+            ;;
+        esac
+
+        mkdir -p tmp/nfpm
+        pushd tmp/nfpm || exit 1
+        gh release download "$VERSION" -p "nfpm_*_${OS}_${ARCH}.tar.gz" -O nfpm.tgz -R goreleaser/nfpm
+        tar -xvf nfpm.tgz
+        mv nfpm "$DESTINATION"
+        popd || exit 1
+        #rm -rf tmp/nfpm
+    - name: Check for a Go compiler
+      id: check_go
+      shell: bash
+      run: |
+        go_installed="false"
+        if type go >/dev/null 2>&1; then
+          go_installed="true"
+        fi
+        echo "is_installed=${go_installed}" | tee -a "$GITHUB_OUTPUT"
+    - if: steps.check_go.is_installed == 'false'
+      uses: actions/setup-go@v5
+      with:
+        cache: false
+        go-version-file: go.mod
+    - name: Package binary
+      shell: bash
+      working-directory: nfpm_packaging
+      env:
+        # These environment variables are used by the template program that generates the nfpm config
+        INPUT_NAME: ${{ inputs.name }}
+        INPUT_ARCH: ${{ inputs.arch }}
+        INPUT_VERSION: ${{ inputs.version }}
+        INPUT_MAINTAINER: ${{ inputs.maintainer }}
+        INPUT_VENDOR: ${{ inputs.vendor }}
+        INPUT_DESCRIPTION: ${{ inputs.description }}
+        INPUT_HOMEPAGE: ${{ inputs.homepage }}
+        INPUT_LICENSE: ${{ inputs.license }}
+        INPUT_DEPENDS: ${{ inputs.depends }}
+        INPUT_BINARY: ${{ inputs.binary }}
+        INPUT_BIN_PATH: ${{ inputs.bin_path }}
+        INPUT_CONFIG_DIR: ${{ inputs.config_dir }}
+        INPUT_PREINSTALL: ${{ inputs.preinstall }}
+        INPUT_POSTINSTALL: ${{ inputs.postinstall }}
+        INPUT_PREREMOVE: ${{ inputs.preremove }}
+        INPUT_POSTREMOVE: ${{ inputs.postremove }}
+      run: |
+        if ! fileo=$(file "${{ inputs.binary }}"); then
+          printf "could not find a binary to package"
+          exit 1
+        else
+          printf "packaging binary %s" "$fileo"
+        fi
+        go build -o nfpm_template .
+        INPUT_DEPENDS="${{ inputs.rpm_depends }}" ./nfpm_template > ./nfpm_rpm_config.yml
+        INPUT_DEPENDS="${{ inputs.deb_depends }}" ./nfpm_template > ./nfpm_deb_config.yml
+        cat ./nfpm_*_config.yml
+        mkdir -p ./out
+        nfpm package -f ./nfpm_rpm_config.yml -p rpm -t ./out/
+        nfpm package -f ./nfpm_deb_config.yml -p deb -t ./out/
+        ls -la ./out
diff --git a/entrypoint.sh b/entrypoint.sh
diff --git a/fpm_template.go b/fpm_template.go
@@ -4,6 +4,7 @@
 package main
 
 import (
+	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
@@ -127,10 +128,12 @@ func main() {
 
 	input.ConfigFiles = findConfigs(inputConfigDir)
 
-	var t *template.Template
-	t = template.Must(template.New("nfpm").Parse(nfpmTemplate))
+	t := template.Must(template.New("nfpm").Parse(nfpmTemplate))
 
-	t.Execute(os.Stdout, input)
+	if err := t.Execute(os.Stdout, input); err != nil {
+		fmt.Fprint(os.Stderr, err.Error())
+		os.Exit(1)
+	}
 }
 
 const nfpmTemplate = `

diff --git a/go.mod b/go.mod
@@ -1,3 +1,3 @@
 module github.com/HashiCorp-RelEng-Dev/crt-core-helloworld/action/package
 
-go 1.16
+go 1.21