Merge pull request #176 from digitalghost-dev/1.5.2

1.5.2

Author: digitalghost-dev

.github/workflows/ci.yml

@@ -1,4 +1,4 @@
-name: Docker Image CI
+name: CI Builds
 
 on:
   workflow_dispatch:
@@ -23,24 +23,27 @@ on:
       - 'go.mod'
       - 'go.sum'
       - '.goreleaser.yaml'
+      - 'mkdocs.yml'
+      - 'nfpm.yaml'
       - 'pokemon.svg'
     branches:
       - main
 
 env:
-  VERSION_NUMBER: 'v1.5.1'
+  VERSION_NUMBER: 'v1.5.2'
   DOCKERHUB_REGISTRY_NAME: 'digitalghostdev/poke-cli'
   AWS_REGION: 'us-west-2'
 
+permissions:
+  actions: read
+  contents: read
+  id-token: write
+  security-events: write
+
 jobs:
   gosec:
     runs-on: ubuntu-22.04
 
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -55,11 +58,195 @@ jobs:
         with:
           sarif_file: results.sarif
 
-  build-docs-docker-image:
+  build-linux-packages:
+    runs-on: ubuntu-22.04
+    needs: [ gosec ]
+    if: needs.gosec.result == 'success'
+    strategy:
+      matrix:
+        arch: [ amd64, arm64 ]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24.5'
+
+      - name: Build Go Binary
+        env:
+          GOOS: linux
+          GOARCH: ${{ matrix.arch }}
+          CGO_ENABLED: 0
+        run: |
+          go build -ldflags="-s -w -X main.version=${{ env.VERSION_NUMBER }}" -o poke-cli
+
+      - name: Install nFPM
+        run: |
+          go install github.com/goreleaser/nfpm/v2/cmd/[email protected]
+          echo "$HOME/go/bin" >> $GITHUB_PATH
+
+      - name: Create nFPM Config for Architecture
+        run: |
+          # Create architecture-specific config by modifying the base config
+          sed "s/arch: \"arm64\"/arch: \"${{ matrix.arch }}\"/" nfpm.yaml > nfpm-${{ matrix.arch }}.yaml
+
+      - name: Build packages
+        run: |
+          # Create output directory
+          mkdir -p dist
+          
+          # Build DEB package
+          nfpm package \
+            --config nfpm-${{ matrix.arch }}.yaml \
+            --packager deb \
+            --target dist/poke-cli_${{ env.VERSION_NUMBER }}_linux_${{ matrix.arch }}.deb
+          
+          # Build RPM package
+          nfpm package \
+            --config nfpm-${{ matrix.arch }}.yaml \
+            --packager rpm \
+            --target dist/poke-cli_${{ env.VERSION_NUMBER }}_linux_${{ matrix.arch }}.rpm
+          
+          # Build APK package
+          nfpm package \
+            --config nfpm-${{ matrix.arch }}.yaml \
+            --packager apk \
+            --target dist/poke-cli_${{ env.VERSION_NUMBER }}_linux_${{ matrix.arch }}.apk
+
+      - name: Upload packages as artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: linux-packages-${{ matrix.arch }}
+          path: dist/*
+
+  upload-deb-packages:
+    runs-on: ubuntu-22.04
+    needs: [ build-linux-packages ]
+    if: needs.build-linux-packages.result == 'success'
+    strategy:
+      matrix:
+        arch: [ amd64, arm64 ]
+      fail-fast: false  # Don't cancel other uploads if one fails
+
+    steps:
+      - name: Download package artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: linux-packages-${{ matrix.arch }}
+          path: packages/
+
+      - name: Install Cloudsmith CLI
+        uses: cloudsmith-io/[email protected]
+        with:
+          api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
+
+      - name: Upload DEB to Cloudsmith
+        working-directory: packages
+        run: |
+          cloudsmith push deb \
+            digitalghost-dev/poke-cli/debian/trixie \
+            poke-cli_${{ env.VERSION_NUMBER }}_linux_${{ matrix.arch }}.deb
+
+  upload-rpm-packages:
+    runs-on: ubuntu-22.04
+    needs: [ build-linux-packages ]
+    if: needs.build-linux-packages.result == 'success'
+    strategy:
+      matrix:
+        arch: [ amd64, arm64 ]
+      fail-fast: false
+
+    steps:
+      - name: Download package artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: linux-packages-${{ matrix.arch }}
+          path: packages/
+
+      - name: Install Cloudsmith CLI
+        uses: cloudsmith-io/[email protected]
+        with:
+          api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
+
+      - name: Upload RPM to Cloudsmith
+        working-directory: packages
+        run: |
+          cloudsmith push rpm \
+            digitalghost-dev/poke-cli/fedora/42 \
+            poke-cli_${{ env.VERSION_NUMBER }}_linux_${{ matrix.arch }}.rpm
+
+  upload-apk-packages:
+    runs-on: ubuntu-22.04
+    needs: [ build-linux-packages ]
+    if: needs.build-linux-packages.result == 'success'
+    strategy:
+      matrix:
+        arch: [ amd64, arm64 ]
+      fail-fast: false
+
+    steps:
+      - name: Download package artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: linux-packages-${{ matrix.arch }}
+          path: packages/
+
+      - name: Install Cloudsmith CLI
+        uses: cloudsmith-io/[email protected]
+        with:
+          api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
+
+      - name: Upload APK to Cloudsmith
+        working-directory: packages
+        run: |
+          cloudsmith push alpine \
+            digitalghost-dev/poke-cli/alpine/v3.22 \
+            poke-cli_${{ env.VERSION_NUMBER }}_linux_${{ matrix.arch }}.apk
+
+  upload-summary:
+    runs-on: ubuntu-22.04
+    needs: [ upload-deb-packages, upload-rpm-packages, upload-apk-packages ]
+    if: always()
+
+    steps:
+      - name: Check all Uploads
+        run: |
+          echo "DEB uploads: ${{ needs.upload-deb-packages.result }}"
+          echo "RPM uploads: ${{ needs.upload-rpm-packages.result }}"
+          echo "APK uploads: ${{ needs.upload-apk-packages.result }}"
+          
+          if [ "${{ needs.upload-deb-packages.result }}" != "success" ] || \
+             [ "${{ needs.upload-rpm-packages.result }}" != "success" ] || \
+             [ "${{ needs.upload-apk-packages.result }}" != "success" ]; then
+            echo "⚠️ Some uploads failed! ⚠️"
+            exit 1
+          fi
+          echo "✅ All packages uploaded successfully! ✅"
+
+  lint-cli-dockerfile:
     runs-on: ubuntu-22.04
     needs: [ gosec ]
     if: needs.gosec.result == 'success'
 
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Lint Dockerfile
+        uses: 'hadolint/[email protected]'
+        with:
+          dockerfile: Dockerfile
+          failure-threshold: 'error'
+
+
+  build-docs-docker-image:
+    runs-on: ubuntu-22.04
+    needs: [ lint-cli-dockerfile ]
+    if: needs.lint-cli-dockerfile.result == 'success'
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -123,8 +310,6 @@ jobs:
           docker tag docs:latest ${{ secrets.AWS_DOCS_ECR_NAME }}:latest
           docker push ${{ secrets.AWS_DOCS_ECR_NAME }}:latest
 
-      # AWS will then take care of updating App Runner with the latest version
-
   build-cli-docker-image:
     runs-on: ubuntu-22.04
     needs: [gosec]
@@ -183,10 +368,6 @@ jobs:
           docker push ${{ secrets.AWS_ECR_NAME }}:${{ env.VERSION_NUMBER }}
 
   syft:
-    permissions:
-      contents: 'read'
-      id-token: 'write'
-
     runs-on: ubuntu-22.04
     needs: [build-cli-docker-image]
     if: needs.build-cli-docker-image.result == 'success'
@@ -219,11 +400,6 @@ jobs:
           upload-artifact: true
 
   grype:
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
     runs-on: ubuntu-22.04
     needs: [syft]
     if: needs.syft.result == 'success'

.github/workflows/go_test.yml

@@ -16,7 +16,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.23
+          go-version: '1.24.5'
 
       - name: Install dependencies
         run: |

.gitignore

@@ -9,6 +9,9 @@
 .dccache
 dist/
 poke-cli
+*.rpm
+*.apk
+*.deb
 
 # Test binary, built with `go test -c`
 *.test
@@ -32,8 +35,25 @@ card_data/.venv
 __pycache__/
 
 # Terraform
-card_data/infra/access-token
-/card_data/infra/access-token
-card_data/infra/secrets.tfvars
-card_data/infra/terraform.tfstate
-/card_data/infra/.terraform/
+### Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+**/*.tfvars
+**/*.tfvars.json
+
+### Terraform state files
+**/*.tfstate
+**/*.tfstate.*
+
+### Terraform crash log files
+crash.log
+crash.*.log
+
+### .terraform
+
+card_data/infrastructure/supabase/access-token
+/card_data/infrastructure/supabase/access-token
+**/.terraform/
+
+card_data/.tmp*/**

.goreleaser.yml

@@ -14,7 +14,7 @@ builds:
       - windows
       - darwin
     ldflags:
-      - -s -w -X main.version=v1.5.1
+      - -s -w -X main.version=v1.5.2
 
 archives:
   - formats: [ 'zip' ]

Dockerfile

@@ -1,5 +1,5 @@
 # build 1
-FROM golang:1.24.4-alpine3.22 AS build
+FROM golang:1.24.5-alpine3.22 AS build
 
 WORKDIR /app
 
@@ -8,14 +8,13 @@ RUN go mod download
 
 COPY . .
 
-RUN go build -ldflags "-X main.version=v1.5.1" -o poke-cli .
+RUN go build -ldflags "-X main.version=v1.5.2" -o poke-cli .
 
 # build 2
 FROM --platform=$BUILDPLATFORM alpine:3.22
 
 # Installing only necessary packages and remove them after use
-RUN apk upgrade && \
-    apk add --no-cache shadow && \
+RUN apk add --no-cache shadow=4.17.3-r0 && \
     addgroup -S poke_group && adduser -S poke_user -G poke_group && \
     sed -i 's/^root:.*/root:!*:0:0:root:\/root:\/sbin\/nologin/' /etc/passwd && \
     apk del shadow