From 13567e017ebf99bcc672eaec906acd66f077cc80 Mon Sep 17 00:00:00 2001 From: James Telfer <792299+jamestelfer@users.noreply.github.com> Date: Sat, 10 Jan 2026 22:21:36 +1030 Subject: [PATCH 1/5] ci: remove GitHub Actions release workflow In preparation for a full migration of the release process to Buildkite. --- .buildkite/pipeline.yaml | 13 ------ .github/workflows/release.yaml | 66 --------------------------- bin/ci_tag_version | 53 ---------------------- bin/ci_trigger_release | 82 ---------------------------------- bin/shared.bash | 19 -------- bin/tag_github | 82 ---------------------------------- 6 files changed, 315 deletions(-) delete mode 100644 .github/workflows/release.yaml delete mode 100755 bin/ci_tag_version delete mode 100755 bin/ci_trigger_release delete mode 100755 bin/shared.bash delete mode 100755 bin/tag_github diff --git a/.buildkite/pipeline.yaml b/.buildkite/pipeline.yaml index c8f9b956..77d99ca7 100644 --- a/.buildkite/pipeline.yaml +++ b/.buildkite/pipeline.yaml @@ -19,19 +19,6 @@ steps: hint: "(optional) forced version (X.X.X)" required: false - - label: ":github: Trigger release" - branches: - - main - command: "bin/ci_trigger_release" - agents: - queue: ${BUILD_AGENT} - plugins: - - aws-assume-role-with-web-identity#v1.4.0: - role-arn: ${BUILD_ROLE} - role-session-duration: 900 # limit role assumption validity to 15 minutes - - cultureamp/aws-sm#v2.2.0: - env: - GITHUB_TOKEN: /cfparams/GITHUB_TOKEN notify: - slack: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml deleted file mode 100644 index 7c3c7640..00000000 --- a/.github/workflows/release.yaml +++ /dev/null @@ -1,66 +0,0 @@ -name: Release - -on: - # Release from main branch will be triggered by Buildkite, - # passing a signing key and allowing a release-ready - # build to be created. - repository_dispatch: - types: release-build - -jobs: - tag: - runs-on: ubuntu-latest - - outputs: - version_tag: ${{ steps.tag-release.outputs.version_tag }} - - steps: - - name: Protect parameters - uses: cultureamp/protect-event-parameters@v2 - with: - allowlist: "originating_url,release_version,release_type" - - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 0 - - - uses: actions/setup-node@v6 - with: - node-version: "22.21.1" - - - name: Tag release - id: tag-release - run: | - bin/ci_tag_version "${{ github.event.client_payload.release_version }}" "${{ github.event.client_payload.release_type }}" - env: - GITHUB_TOKEN: ${{ github.event.client_payload.github_write_token }} - - publish: - needs: tag - runs-on: ubuntu-latest - - steps: - - name: Protect parameters - uses: cultureamp/protect-event-parameters@v2 - with: - allowlist: "originating_url,release_version,release_type" - - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 0 - - - name: Set up Go - uses: actions/setup-go@v6 - with: - go-version-file: go.mod - - - name: Release cfparams - uses: goreleaser/goreleaser-action@v6 - with: - distribution: goreleaser - version: "~> v2" - args: release --clean --verbose - env: - GITHUB_TOKEN: ${{ github.event.client_payload.github_write_token }} diff --git a/bin/ci_tag_version b/bin/ci_tag_version deleted file mode 100755 index 8573b8b4..00000000 --- a/bin/ci_tag_version +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/env bash -set -eou pipefail - -DIR="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)" - -function main() { - local release_version="${1}" - local release_type="${2}" - local commit_sha; - local version_tag; - - commit_sha=$(git rev-parse HEAD) - - echo "Auto-generating version tag ..." - - echo "Current HEAD: $commit_sha" - - local version_options=() - - if [ -n "$release_version" ]; then - echo "Override version: '${release_version}'" - version_options+=('--release-as' "${release_version}") - fi; - - # --prerelease for standard-version is broken, and any value but stable will not work - if [ -n "$release_type" ] && [ "$release_type" != "stable" ]; then - echo "Using pre-release designator: '${release_type}'" - version_options+=("--prerelease" "${release_type}") - fi - - configure_git - - # analyses history and creates a tag in the local repo - npx standard-version "${version_options[@]}" - - version_tag="$(git describe --abbrev=0)" - - echo "standard_version created version '${version_tag}' for this release" - - # create the tag in the origin repo - # uses the REST API for token authentication - "$DIR/tag_github" "$version_tag" "$commit_sha" - - # set the version tag as an output of this step - echo "::set-output name=version_tag::$version_tag" -} - -function configure_git() { - git config --global user.email "actions@github.com" - git config --global user.name "gh-actions" -} - -main "$@" \ No newline at end of file diff --git a/bin/ci_trigger_release b/bin/ci_trigger_release deleted file mode 100755 index 12dd719d..00000000 --- a/bin/ci_trigger_release +++ /dev/null @@ -1,82 +0,0 @@ -#!/usr/bin/env bash -set -eou pipefail - -DIR="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)" -SEMVER='^[0-9]+\.[0-9]+\.[0-9]+$' - -# shellcheck source=shared.bash -. "$DIR/shared.bash" - -trap finish EXIT - -main() { - local release_version;release_version="$(buildkite-agent meta-data get "release-version" --no-color --default "")" - local release_type;release_type="$(buildkite-agent meta-data get "release-type" --no-color)" - - if [ -n "$release_version" ] && [[ ! "${release_version}" =~ ${SEMVER} ]]; then - echo >&2 "❌ Release version '${release_version}' must conform to semver (without prerelease): X.Y.Z. For example, '1.0.2'" - exit 1 - fi - - echo '+++ :github: Trigger release on Github ...' - - # shellcheck disable=SC2153 - trigger_repository_event \ - "${GITHUB_TOKEN}" \ - "${BUILDKITE_BUILD_URL}" \ - "${release_version}" \ - "${release_type}" - - buildkite-agent annotate --style 'info' ":shipit: Release ${release_version} ${release_type} triggered in Github Actions." -} - -trigger_repository_event() { - local github_write_token="$1" - local build_url="$2" - local release_version="$3" - local release_type="$4" - - local repo_name="cfparams" - local payload - - # Trigger a repo dispatch event. This will only trigger - # on the default branch of the target repository. - # - # The hook will return an error code if there is no action - # to execute. - # - # https://developer.github.com/v3/repos/#create-a-repository-dispatch-event - - # variable names are interpolated by jq, not bash - #shellcheck disable=SC2016 - local payload_template=' - { - "event_type": "release-build", - "client_payload": { - "originating_url": $build_url, - "release_version": $release_version, - "release_type": $release_type, - "github_write_token": $github_write_token, - } - }' - - local payload; - - payload="$(jq --null-input \ - --arg build_url "${build_url}" \ - --arg release_version "${release_version}" \ - --arg release_type "${release_type}" \ - --arg github_write_token "${github_write_token}" \ - --arg build_url "${build_url}" \ - "${payload_template}")" - - curl \ - "https://api.github.com/repos/cultureamp/${repo_name}/dispatches" \ - --fail \ - -H "Accept: application/json" \ - -H "Authorization: token ${github_write_token}" \ - --request POST \ - --data "${payload}" -} - -main "$@" \ No newline at end of file diff --git a/bin/shared.bash b/bin/shared.bash deleted file mode 100755 index 583979df..00000000 --- a/bin/shared.bash +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash - -function inline_link() { - LINK=$(printf "url='%s'" "$1") - - if [ $# -gt 1 ]; then - LINK=$(printf "$LINK;content='%s'" "$2") - fi - - printf '\033]1339;%s\a\n' "$LINK" -} - -function finish() { - # Did the previous command fail? Then make Buildkite - # auto-expand the build log for it. - if [ "$?" -gt 0 ]; then - echo "^^^ +++" - fi -} \ No newline at end of file diff --git a/bin/tag_github b/bin/tag_github deleted file mode 100755 index bcafcab2..00000000 --- a/bin/tag_github +++ /dev/null @@ -1,82 +0,0 @@ -#!/usr/bin/env bash - -# -# tag_github [tag] [commit] -# -# Create a tag in the Github remote repo using curl. This allows the use of a -# personal access token with write capabilities instead of requiring a -# writeable deploy key. -# -# - tag: the name of the tag to create -# - commit: the hash of the commit at which the tag should be created. -# -# Expects GITHUB_TOKEN as an environment variable. -# - -function main() { - local tag="${1}" - local commit="${2}" - - if [ -z "$GITHUB_TOKEN" ]; then - >&2 echo "❌ Environment variable GITHUB_TOKEN is required" - exit 1 - fi - - # key is interpolated by jq, not bash - # shellcheck disable=SC2016 - local tag_payload_template=' - { - "tag": $tag, - "message": $message, - "object": $commit, - "type": "commit" - }' - # shellcheck disable=SC2016 - local ref_payload_template=' - { - "ref": $ref, - "sha": $tag_hash - }' - - local payload; - - # creating a tag using REST: https://docs.github.com/en/rest/reference/git#create-a-tag-object - - # create the tag - - payload="$(jq --null-input \ - --arg tag "${tag}" \ - --arg message "Version ${tag}" \ - --arg commit "${commit}" \ - "$tag_payload_template")" - - tag_hash=$(post "cultureamp/cfparams" "git/tags" "${payload}" | jq -r '.sha') - - echo "Created tag ${tag}: commit sha=${tag_hash}" - - # associate a ref with the tag - - payload="$(jq --null-input \ - --arg ref "refs/tags/${tag}" \ - --arg tag_hash "${tag_hash}" \ - "$ref_payload_template" - )" - - post "cultureamp/cfparams" "git/refs" "${payload}" -} - -function post() { - local repo="${1}" - local action="${2}" - local payload="${3}" - - curl \ - --fail \ - -X POST \ - -H "Authorization: token $GITHUB_TOKEN" \ - -H "Accept: application/vnd.github.v3+json" \ - "https://api.github.com/repos/${repo}/${action}" \ - -d "$payload" -} - -main "$@" \ No newline at end of file From 71fc311a657268a61c8e225d044c0ff45f376ffe Mon Sep 17 00:00:00 2001 From: James Telfer <792299+jamestelfer@users.noreply.github.com> Date: Sat, 10 Jan 2026 22:25:37 +1030 Subject: [PATCH 2/5] ci: add Buildkite release pipeline with Chinmina Replace the hybrid Buildkite/GitHub Actions release workflow with a Buildkite-only pipeline using Chinmina for ephemeral GitHub authentication. The release process is entirely in Buildkite, and no longer requires GitHub personal access tokens. --- .buildkite/hooks/pre-command | 19 +++++- .buildkite/pipeline.yaml | 21 +++++- .goreleaser.yaml | 5 +- bin/ci_calculate_version | 70 ++++++++++++++++++++ bin/ci_create_tag | 26 ++++++++ bin/ci_goreleaser | 29 ++++++++ bin/ci_pipeline | 4 ++ bin/ci_release | 125 +++++++++++++++++++++++++++++++++++ docker-compose.yaml | 21 ++++++ 9 files changed, 313 insertions(+), 7 deletions(-) create mode 100755 bin/ci_calculate_version create mode 100755 bin/ci_create_tag create mode 100755 bin/ci_goreleaser create mode 100755 bin/ci_pipeline create mode 100755 bin/ci_release create mode 100644 docker-compose.yaml diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command index d60c56ac..957853d8 100755 --- a/.buildkite/hooks/pre-command +++ b/.buildkite/hooks/pre-command @@ -1,5 +1,18 @@ -#!/usr/bin/env sh +#!/usr/bin/env bash set -eou pipefail -export BUILD_ROLE="arn:aws:iam::226140413739:role/build-role-master-cfparams" -export BUILD_AGENT="build-restricted-arm" \ No newline at end of file +# note: find some env definitions in the pipeline environment file + +# defined in the pipeline environment file, checked that they're set here +: "${RELEASE_USERNAME:?"RELEASE_USERNAME is not set"}" +: "${RELEASE_EMAIL:?"RELEASE_EMAIL is not set"}" + +: "${RELEASE_SLACK_CHANNEL:?"RELEASE_SLACK_CHANNEL is not set"}" +: "${RELEASE_SLACK_TEAM:?"RELEASE_SLACK_TEAM is not set"}" + +# used by the pipeline +export BUILD_AGENT="build-restricted-arm" + +# required to release and tag properly +git config user.email "${RELEASE_EMAIL}" +git config user.name "${RELEASE_USERNAME}" diff --git a/.buildkite/pipeline.yaml b/.buildkite/pipeline.yaml index 77d99ca7..101fdd0e 100644 --- a/.buildkite/pipeline.yaml +++ b/.buildkite/pipeline.yaml @@ -1,3 +1,4 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json steps: - block: "Release build" branches: @@ -19,10 +20,26 @@ steps: hint: "(optional) forced version (X.X.X)" required: false + - label: ":rocket: Release" + key: "release" + branches: + - main + command: "bin/ci_release" + agents: + queue: ${BUILD_AGENT} + plugins: + - chinmina/chinmina-git-credentials#v1.6.0: + profiles: + - "pipeline:binary-release" + exclusive: true + - chinmina/chinmina-token#v1.4.0: + environment: + - GITHUB_TOKEN=pipeline:binary-release + - GITHUB_HOMEBREW_TAP_TOKEN=org:homebrew-tap-publish notify: - slack: channels: - - "#team_sre_foundations_alerts" - message: ":fyii: : A new version of CFParams is ready to be released :shipit:" + - "$RELEASE_SLACK_CHANNEL" + message: ":fyii: $RELEASE_SLACK_TEAM A new version of cfparams is ready to be released :shipit:" if: 'build.branch == "main" && build.state == "blocked"' diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 72683066..d0018059 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -37,9 +37,10 @@ brews: repository: owner: cultureamp name: homebrew-tap + token: "{{ .Env.GITHUB_HOMEBREW_TAP_TOKEN }}" commit_author: - name: cultureamp-ci - email: 36431315+cultureamp-ci@users.noreply.github.com + name: "{{ .Env.RELEASE_USERNAME }}" + email: "{{ .Env.RELEASE_EMAIL }}" directory: Formula homepage: https://github.com/cultureamp/cfparams diff --git a/bin/ci_calculate_version b/bin/ci_calculate_version new file mode 100755 index 00000000..e879ec2e --- /dev/null +++ b/bin/ci_calculate_version @@ -0,0 +1,70 @@ +#!/usr/bin/env bash +set -eou pipefail + +# Clean up version.txt on exit +trap 'rm -f version.txt' EXIT + +function version_from_user() { + local release_version="$1" + local output_file="$2" + + # ensure leading 'v' + release_version="v${release_version#v}" + echo "${release_version}" > "$output_file" +} + +function version_from_release_type() { + local release_type="$1" + local output_file="$2" + + # Build git-cliff command + local cliff_args=(--bumped-version --output "$output_file") + + # Add count-tags filter for prereleases + if [ "$release_type" != "stable" ]; then + local count_tags_pattern + count_tags_pattern='\.\d+\.\d+(?:-'"${release_type}"'\.\d+)?$' + cliff_args+=(--unreleased --count-tags "$count_tags_pattern") + fi + + # Run git-cliff, writing version to file + docker compose run --rm git-cliff "${cliff_args[@]}" + + local calculated_version + calculated_version="$(cat "$output_file")" + if [[ "$release_type" != "stable" && ! "$calculated_version" =~ -${release_type}\.[0-9]+$ ]]; then + calculated_version="${calculated_version}-${release_type}.1" + echo "${calculated_version}" > "$output_file" + fi +} + +function main() { + local release_version;release_version="$(buildkite-agent meta-data get "release-version" --default "")" + local release_type;release_type="$(buildkite-agent meta-data get "release-type")" + local version_source; + + # Validate release type + if [[ ! "$release_type" =~ ^(stable|alpha|beta)$ ]]; then + echo >&2 "❌ Release type must be 'stable', 'alpha', or 'beta'. Got: '${release_type}'" + exit 1 + fi + + local version_tag + + # Calculate version + if [ -n "$release_version" ]; then + version_source="user supplied" + version_from_user "$release_version" "version.txt" + else + version_source="calculated from git history for release type '${release_type}'" + version_from_release_type "$release_type" "version.txt" + fi + version_tag=$(cat version.txt) + + echo "Version: ${version_tag} (${version_source})" + + # Store version tag for subsequent steps + buildkite-agent meta-data set "version-tag" "${version_tag}" +} + +main "$@" diff --git a/bin/ci_create_tag b/bin/ci_create_tag new file mode 100755 index 00000000..6bad528d --- /dev/null +++ b/bin/ci_create_tag @@ -0,0 +1,26 @@ +#!/usr/bin/env bash +set -eou pipefail + +# +# ci_create_tag +# +# Create a tag in the Github remote repo using git CLI. Reads version tag from +# Buildkite meta-data. Git credentials are configured by chinmina-git-credentials plugin. +# + +function main() { + local version_tag;version_tag="$(buildkite-agent meta-data get "version-tag")" + local commit_sha;commit_sha=$(git rev-parse HEAD) + + echo "Creating tag '${version_tag}' at commit ${commit_sha}..." + + # Create annotated tag + git tag -a "${version_tag}" -m "Version ${version_tag} created by release pipeline" + + # Push tag to origin + git push origin "${version_tag}" + + echo "✅ Tag ${version_tag} created successfully" +} + +main "$@" diff --git a/bin/ci_goreleaser b/bin/ci_goreleaser new file mode 100755 index 00000000..de8a7dda --- /dev/null +++ b/bin/ci_goreleaser @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +set -eou pipefail + +# +# ci_goreleaser +# +# Run GoReleaser to build and publish the release. +# Expects GITHUB_TOKEN and GITHUB_HOMEBREW_TAP_TOKEN from environment (set by Chinmina). +# + +function main() { + if [ -z "$GITHUB_TOKEN" ]; then + >&2 echo "❌ Environment variable GITHUB_TOKEN is required" + exit 1 + fi + + if [ -z "$GITHUB_HOMEBREW_TAP_TOKEN" ]; then + >&2 echo "❌ Environment variable GITHUB_HOMEBREW_TAP_TOKEN is required" + exit 1 + fi + + echo "Fetching tags..." + git fetch --tags + + echo "Running GoReleaser..." + docker compose run --rm goreleaser release --clean --verbose +} + +main "$@" diff --git a/bin/ci_pipeline b/bin/ci_pipeline new file mode 100755 index 00000000..49464b14 --- /dev/null +++ b/bin/ci_pipeline @@ -0,0 +1,4 @@ +#!/usr/bin/env bash +set -eou pipefail + +buildkite-agent pipeline upload diff --git a/bin/ci_release b/bin/ci_release new file mode 100755 index 00000000..16c4dc8e --- /dev/null +++ b/bin/ci_release @@ -0,0 +1,125 @@ +#!/usr/bin/env bash +set -eou pipefail + +# +# ci_release +# +# Unified release script that: +# 1. Calculates the next version using git-cliff +# 2. Creates and pushes a git tag +# 3. Runs GoReleaser to build and publish the release +# + +# Clean up version.txt on exit +trap 'rm -f version.txt' EXIT + +if [ -z "$GITHUB_TOKEN" ]; then + >&2 echo "❌ Environment variable GITHUB_TOKEN is required" + exit 1 +fi + +if [ -z "$GITHUB_HOMEBREW_TAP_TOKEN" ]; then + >&2 echo "❌ Environment variable GITHUB_HOMEBREW_TAP_TOKEN is required" + exit 1 +fi + +function main() { + echo "+++ Calculate Version :thinking_face:" + local version_tag + version_tag=$(calculate_version) + + echo "+++ Create Tag :git:" + create_tag "$version_tag" + + echo "+++ Release :goreleaser:" + run_goreleaser + + echo "✅ Release complete: ${version_tag}" +} + +function version_from_user() { + local release_version="$1" + local output_file="$2" + + # ensure leading 'v' + release_version="v${release_version#v}" + echo "${release_version}" > "$output_file" +} + +function version_from_release_type() { + local release_type="$1" + local output_file="$2" + + # Build git-cliff command + local cliff_args=(--bumped-version --output "$output_file") + + # Add count-tags filter for prereleases + if [ "$release_type" != "stable" ]; then + local count_tags_pattern + count_tags_pattern='\.\d+\.\d+(?:-'"${release_type}"'\.\d+)?$' + cliff_args+=(--unreleased --count-tags "$count_tags_pattern") + fi + + # Run git-cliff, writing version to file and redirecting output to stderr + docker compose run --rm git-cliff "${cliff_args[@]}" 1>&2 + + local calculated_version + calculated_version="$(cat "$output_file")" + if [[ "$release_type" != "stable" && ! "$calculated_version" =~ -${release_type}\.[0-9]+$ ]]; then + calculated_version="${calculated_version}-${release_type}.1" + echo "${calculated_version}" > "$output_file" + fi +} + +function calculate_version() { + local release_version;release_version="$(buildkite-agent meta-data get "release-version" --default "")" + local release_type;release_type="$(buildkite-agent meta-data get "release-type")" + local version_source; + + # Validate release type + if [[ ! "$release_type" =~ ^(stable|alpha|beta)$ ]]; then + echo >&2 "❌ Release type must be 'stable', 'alpha', or 'beta'. Got: '${release_type}'" + exit 1 + fi + + # Calculate version + if [ -n "$release_version" ]; then + version_source="user supplied" + version_from_user "$release_version" "version.txt" + else + version_source="calculated from git history for release type '${release_type}'" + version_from_release_type "$release_type" "version.txt" + fi + + local version_tag + version_tag=$(cat version.txt) + echo >&2 "Version: ${version_tag} (${version_source})" + echo "$version_tag" + + rm -f version.txt || true +} + +function create_tag() { + local version_tag="$1" + local commit_sha;commit_sha=$(git rev-parse HEAD) + + echo "Creating tag '${version_tag}' at commit ${commit_sha}..." + + # Create annotated tag + git tag -a "${version_tag}" -m "Version ${version_tag} created by release pipeline" + + # Push tag to origin + git push origin "${version_tag}" + + echo "✅ Tag ${version_tag} created successfully" +} + +function run_goreleaser() { + echo "Fetching tags..." + git fetch --tags + + echo "Running GoReleaser..." + docker compose run --rm goreleaser release --clean --verbose +} + +main "$@" diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 00000000..b7572f7a --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,21 @@ +services: + git-cliff: + image: orhunp/git-cliff:latest + volumes: + - .:/workspace + working_dir: /workspace + environment: + - GITHUB_TOKEN + - RELEASE_USERNAME + - RELEASE_EMAIL + + goreleaser: + image: goreleaser/goreleaser:v2.13.2 + volumes: + - .:/workspace + working_dir: /workspace + environment: + - GITHUB_TOKEN + - GITHUB_HOMEBREW_TAP_TOKEN + - RELEASE_USERNAME + - RELEASE_EMAIL From bdc7c59e6b35ea24342107b34e00c939c72a5674 Mon Sep 17 00:00:00 2001 From: James Telfer <792299+jamestelfer@users.noreply.github.com> Date: Fri, 9 Jan 2026 16:38:25 +1030 Subject: [PATCH 3/5] ci: publish release notes to GitHub in native format Add release section to goreleaser config to ensure changelog is properly published to GitHub releases with appropriate header and footer formatting. --- .goreleaser.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index d0018059..9d093187 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -32,6 +32,9 @@ changelog: - "^docs:" - "^test:" +release: + mode: replace + brews: - name: cfparams repository: From 7dd8508a487e4e956faffeb9551a752698b3531b Mon Sep 17 00:00:00 2001 From: James Telfer <792299+jamestelfer@users.noreply.github.com> Date: Fri, 9 Jan 2026 16:51:43 +1030 Subject: [PATCH 4/5] ci: resolve goreleaser deprecation warnings - Change snapshot.name_template to snapshot.version_template - Change archives.format to archives.formats - Rename brews to homebrew_casks (removes custom test and install scripts as casks use a different structure) These changes address all deprecation warnings from GoReleaser v2. --- .goreleaser.yaml | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 9d093187..0c6c0a1d 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -16,11 +16,11 @@ checksum: name_template: "checksums.txt" archives: - - format: "binary" + - formats: [binary] name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}" snapshot: - name_template: "{{ incpatch .Version }}-next" + version_template: "{{ incpatch .Version }}-next" changelog: use: github-native @@ -35,8 +35,9 @@ changelog: release: mode: replace -brews: +homebrew_casks: - name: cfparams + skip_upload: auto repository: owner: cultureamp name: homebrew-tap @@ -45,23 +46,7 @@ brews: name: "{{ .Env.RELEASE_USERNAME }}" email: "{{ .Env.RELEASE_EMAIL }}" - directory: Formula homepage: https://github.com/cultureamp/cfparams description: Wrangle parameters for AWS CloudFormation - test: | - minimal = testpath/"minimal.yaml" - minimal.write <<~EOS - Parameters: - TestParameter: - Type: String - Default: testvalue - Resources: - S3Bucket: - Type: AWS::S3::Bucket - EOS - system "#{bin}/cfparams --template=minimal.yaml" - install: | - bin.install "cfparams_{{ .Os }}_{{ .Arch }}" => "cfparams" - # yaml-language-server: $schema=https://goreleaser.com/static/schema.json From 06d314b3cf0d7cd663c140419e50d42b6cad592a Mon Sep 17 00:00:00 2001 From: James Telfer <792299+jamestelfer@users.noreply.github.com> Date: Fri, 9 Jan 2026 23:23:46 +1030 Subject: [PATCH 5/5] build: add goreleaser to local tooling --- .tool-versions | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.tool-versions b/.tool-versions index 1527bb83..00876793 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1 +1,2 @@ -golang 1.25.5 \ No newline at end of file +golang 1.25.5 +goreleaser 2.12.4