chore: add release workflow (#6)

Author: sreya

.github/workflows/release.yaml

@@ -0,0 +1,103 @@
+name: release
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions:
+  # Required to publish a release
+  contents: write
+  # Necessary to push docker images to ghcr.io.
+  packages: write
+  # Necessary for GCP authentication (https://github.com/google-github-actions/setup-gcloud#usage)
+  id-token: write
+
+concurrency: ${{ github.workflow }}-${{ github.ref }}
+
+jobs:
+  release:
+    name: Build and publish
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Echo Go Cache Paths
+        id: go-cache-paths
+        run: |
+          echo "GOCACHE=$(go env GOCACHE)" >> ${{ runner.os == 'Windows' && '$env:' || '$' }}GITHUB_OUTPUT
+          echo "GOMODCACHE=$(go env GOMODCACHE)" >> ${{ runner.os == 'Windows' && '$env:' || '$' }}GITHUB_OUTPUT
+
+      - name: Go Build Cache
+        uses: actions/cache@v3
+        with:
+          path: ${{ steps.go-cache-paths.outputs.GOCACHE }}
+          key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.**', '**.go') }}
+
+      - uses: actions/setup-go@v3
+        with:
+          go-version: "~1.20"
+
+      - name: Get Version
+        run: echo "version=$(./scripts/version.sh)" >> $GITHUB_OUTPUT
+        id: version
+
+      - name: Build
+        run: ./scripts/build.sh
+
+      - name: Docker Login
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push Image
+        run: |
+          VERSION=$(./scripts/version.sh)
+          BASE=ghcr.io/coder/coder-xray
+          IMAGE=$BASE:$VERSION
+          docker tag coder-xray:latest $IMAGE
+          docker tag coder-xray:latest $BASE:latest
+          docker push $IMAGE
+          docker push $BASE:latest
+
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v1
+        with:
+          workload_identity_provider: ${{ secrets.GCP_WORKLOAD_ID_PROVIDER }}
+          service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
+
+      - name: Setup GCloud SDK
+        uses: "google-github-actions/setup-gcloud@v1"
+
+      - name: Publish Helm Chart
+        run: |
+          set -euo pipefail
+          version="$(./scripts/version.sh)"
+          ./scripts/helm.sh --version $version
+
+          mkdir -p build/helm
+          cp "build/${version}.tgz" build/helm
+          gsutil cp gs://helm.coder.com/coder-xray/index.yaml build/helm/index.yaml
+          helm repo index build/helm --url https://helm.coder.com/coder-xray --merge build/helm/index.yaml
+          gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/${version}.tgz gs://helm.coder.com/coder-xray
+          gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/index.yaml gs://helm.coder.com/coder-xray
+
+      - name: Create Release
+        uses: actions/create-release@v1
+        id: create_release
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        with:
+          release_name: ${{ steps.version.outputs.version }}
+          tag_name: ${{ github.ref }}
+
+      - name: Upload Helm Release Asset
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: build/${{ steps.version.outputs.version }}.tgz
+          asset_name: helm.tar.gz
+          asset_content_type: application/gzip

scripts/Dockerfile

@@ -0,0 +1,5 @@
+FROM scratch
+
+COPY ./coder-xray /coder-xray
+
+ENTRYPOINT ["/coder-xray", "scan"]

scripts/build.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+cd $(dirname "${BASH_SOURCE[0]}")
+set -euxo pipefail
+
+CGO_ENABLED=0 go build -ldflags "-s -w" -o ./coder-xray ../
+docker build -t coder-xray:latest 

scripts/helm.sh

@@ -0,0 +1,83 @@
+#!/usr/bin/env bash
+
+# This script creates a Helm package for the given version. It will output a
+# .tgz file at the specified path, and may optionally push it to the Coder OSS
+# repo.
+#
+# ./helm.sh [--version 1.2.3] [--output path/to/coder.tgz] [--push]
+#
+# If no version is specified, defaults to the version from ./version.sh.
+#
+# If no output path is specified, defaults to
+# "$repo_root/build/coder_xray_helm_$version.tgz".
+#
+# If the --push parameter is specified, the resulting artifact will be published
+# to the Coder OSS repo. This requires `gsutil` to be installed and configured.
+
+set -euo pipefail
+cd $(dirname $(dirname "${BASH_SOURCE[0]}"))
+
+log() {
+	echo "$*" 1>&2
+}
+
+version=""
+output_path=""
+push=0
+
+args="$(getopt -o "" -l version:,output:,push -- "$@")"
+eval set -- "$args"
+while true; do
+	case "$1" in
+	--version)
+		version="$2"
+		shift 2
+		;;
+	--output)
+		output_path="$(realpath "$2")"
+		shift 2
+		;;
+	--push)
+		push="1"
+		shift
+		;;
+	--)
+		shift
+		break
+		;;
+	*)
+		error "Unrecognized option: $1"
+		;;
+	esac
+done
+
+version="${version}"
+if [[ "$version" == "" ]]; then
+	version="$(./scripts/version.sh)"
+fi
+
+if [[ "$output_path" == "" ]]; then
+	mkdir -p build
+	output_path="$(realpath "build/$version.tgz")"
+fi
+
+# Make a destination temporary directory, as you cannot fully control the output
+# path of `helm package` except for the directory name :/
+temp_dir="$(mktemp -d)"
+
+cd ./
+log "--- Packaging helm chart for version $version ($output_path)"
+helm package \
+	--version "$version" \
+	--app-version "$version" \
+	--destination "$temp_dir" \
+	. 1>&2
+
+log "Moving helm chart to $output_path"
+cp "$temp_dir"/*.tgz "$output_path"
+rm -rf "$temp_dir"
+
+if [[ "$push" == 1 ]]; then
+	log "--- Publishing helm chart..."
+	# TODO: figure out how/where we want to publish the helm chart
+fi

scripts/version.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+cd $(dirname "${BASH_SOURCE[0]}")
+
+last_tag="$(git describe --tags --abbrev=0)"
+version="$last_tag"
+
+echo "${version}"