diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e5b1008913..e0aaa49d9d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -45,4 +45,7 @@ jobs: HOMEBREW_TAP_GITHUB_TOKEN: "${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}" GORELEASER_KEY: "${{ secrets.GORELEASER_KEY }}" GEMFURY_PUSH_TOKEN: "${{ secrets.GEMFURY_PUSH_TOKEN }}" + CHOCOLATEY_API_KEY: "${{ secrets.CHOCOLATEY_API_KEY }}" + - name: "Release snap" + env: SNAPCRAFT_STORE_CREDENTIALS: "${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}" diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 66d084b4cc..9e27c7159a 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -1,6 +1,6 @@ --- name: "Security" -on: # yamllint disable-line rule:truthy +on: # yamllint disable-line rule:truthy push: branches: - "!dependabot/*" @@ -16,7 +16,7 @@ env: jobs: codeql: name: "CodeQL Analyze" - if: "${{ github.event_name == 'pull_request' }}" # workaround to https://github.com/github/codeql-action/issues/1537 + if: "${{ github.event_name == 'pull_request' }}" # workaround to https://github.com/github/codeql-action/issues/1537 runs-on: "buildjet-8vcpu-ubuntu-2204" timeout-minutes: "${{ (matrix.language == 'swift' && 120) || 360 }}" permissions: @@ -67,20 +67,15 @@ jobs: format: "table" exit-code: "1" severity: "CRITICAL,HIGH,MEDIUM" - # Workaround until goreleaser release supports --single-target - # makes the build faster by not building everything - - name: "modify goreleaser config to skip building all targets" - run: | - echo "partial: - by: target" >> .goreleaser.yml - uses: "goreleaser/goreleaser-action@v6" id: "goreleaser" with: distribution: "goreleaser-pro" version: "latest" - args: "release --clean --split --snapshot" + args: "release --clean --split --snapshot --single-target" env: GORELEASER_KEY: "${{ secrets.GORELEASER_KEY }}" + GOOS: "windows" - name: "Obtain container image to scan" run: 'echo "IMAGE_VERSION=$(jq .version dist/linux_amd64/metadata.json --raw-output)" >> $GITHUB_ENV' - name: "run trivy on release image" diff --git a/.goreleaser.yml b/.goreleaser.yml index 640d8d0f8c..353a5066f8 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -2,9 +2,9 @@ git: tag_sort: "-version:creatordate" prerelease_suffix: "-" -before: - hooks: - - "go run mage.go gen:completions" +#before: +# hooks: +# - "go run mage.go gen:completions" builds: - main: "./cmd/spicedb" env: @@ -25,6 +25,30 @@ archives: - "README.md" - "LICENSE" - "completions/*" + format_overrides: + - goos: "windows" + format: "zip" +chocolateys: + - name: "spicedb" + package_source_url: "https://github.com/authzed/spicedb" + owners: "AuthZed, Inc" + title: "SpiceDB" + project_url: "https://github.com/authzed/spicedb" + use: "archive" + url_template: "https://github.com/authzed/spicedb/releases/download/{{ .Tag }}/{{ .ArtifactName }}" + icon_url: "https://authzed.com/favicon.svg" + copyright: "2024 AuthZed, Inc" + license_url: "https://github.com/authzed/spicedb/blob/main/LICENSE" + project_source_url: "https://github.com/authzed/spicedb" + docs_url: "https://authzed.com/docs" + bug_tracker_url: "https://github.com/authzed/spicedb/issues" + tags: "spicedb zanzibar authz rebac rbac abac fga" + summary: "SpiceDB is a graph database purpose-built for storing and evaluating access control data." + description: | + Open Source, Google Zanzibar-inspired permissions database to enable fine-grained access control for customer applications + release_notes: "https://github.com/authzed/spicedb/releases/tag/v{{ .Version }}" + api_key: "{{ .Env.CHOCOLATEY_API_KEY }}" + source_repo: "https://push.chocolatey.org/" nfpms: - vendor: "authzed inc." homepage: "https://spicedb.io"