feat: mvp for github

Author: ekristen

.github/workflows/golangci-lint.yml

@@ -15,7 +15,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.21.x'
+          go-version: '1.22.x'
           cache: false
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v6

.github/workflows/goreleaser.yml

@@ -83,7 +83,7 @@ jobs:
           QUILL_SIGN_PASSWORD: ${{ secrets.OP_QUILL_SIGN_PASSWORD }}
           QUILL_SIGN_P12: ${{ secrets.OP_QUILL_SIGN_P12 }}
       - name: run goreleaser
-        uses: goreleaser/goreleaser-action@v6
+        uses: goreleaser/goreleaser-action@v5
         with:
           distribution: goreleaser
           version: latest

.goreleaser.yml

@@ -1,12 +1,9 @@
 release:
   github:
     owner: ekristen
-    name: go-project-template
-env:
-  - REGISTRY=ghcr.io
-  - IMAGE=ekristen/go-project-template
+    name: distillery
 builds:
-  - id: go-project-template
+  - id: distillery
     goos:
       - linux
       - windows
@@ -38,64 +35,13 @@ builds:
 sboms:
   - artifacts: archive
 archives:
-  - id: go-project-template
+  - id: distillery
     builds:
-      - go-project-template
+      - distillery
     name_template: "{{ .ProjectName }}-v{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ .Arm }}"
     format_overrides:
       - goos: windows
         format: zip
-dockers:
-  - id: linux-amd64
-    ids:
-      - go-project-template
-    use: buildx
-    goos: linux
-    goarch: amd64
-    dockerfile: Dockerfile
-    image_templates:
-      - '{{ .Env.REGISTRY }}/{{ .Env.IMAGE }}:v{{ .Version }}-amd64'
-      - '{{ .Env.REGISTRY }}/{{ .Env.IMAGE }}:{{ replace .Branch "/" "-" }}-{{ .ShortCommit }}-amd64-{{ .Timestamp }}'
-    build_flag_templates:
-      - "--platform=linux/amd64"
-      - "--target=goreleaser"
-      - "--pull"
-      - "--build-arg=PROJECT_NAME={{.ProjectName}}"
-      - "--label=org.opencontainers.image.created={{.Date}}"
-      - "--label=org.opencontainers.image.title={{.ProjectName}}"
-      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - '--label=org.opencontainers.image.source={{replace (replace (replace .GitURL "git@" "https://") ".git" "") "github.com:" "github.com/"}}'
-
-  - id: linux-arm64
-    ids:
-      - go-project-template
-    use: buildx
-    goos: linux
-    goarch: arm64
-    dockerfile: Dockerfile
-    image_templates:
-      - '{{ .Env.REGISTRY }}/{{ .Env.IMAGE }}:v{{ .Version }}-arm64'
-      - '{{ .Env.REGISTRY }}/{{ .Env.IMAGE }}:{{ replace .Branch "/" "-" }}-{{ .ShortCommit }}-arm64-{{ .Timestamp }}'
-    build_flag_templates:
-      - "--platform=linux/arm64"
-      - "--target=goreleaser"
-      - "--pull"
-      - "--build-arg=PROJECT_NAME={{.ProjectName}}"
-      - "--label=org.opencontainers.image.created={{.Date}}"
-      - "--label=org.opencontainers.image.title={{.ProjectName}}"
-      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - '--label=org.opencontainers.image.source={{replace (replace (replace .GitURL "git@" "https://") ".git" "") "github.com:" "github.com/"}}'
-docker_manifests:
-  - name_template: '{{ .Env.REGISTRY }}/{{ .Env.IMAGE }}:v{{ .Version }}'
-    image_templates:
-      - '{{ .Env.REGISTRY }}/{{ .Env.IMAGE }}:v{{ .Version }}-amd64'
-      - '{{ .Env.REGISTRY }}/{{ .Env.IMAGE }}:v{{ .Version }}-arm64'
-  - name_template: '{{ .Env.REGISTRY }}/{{ .Env.IMAGE }}:{{ replace .Branch "/" "-" }}-{{ .ShortCommit }}-{{ .Timestamp }}'
-    image_templates:
-      - '{{ .Env.REGISTRY }}/{{ .Env.IMAGE }}:{{ replace .Branch "/" "-" }}-{{ .ShortCommit }}-amd64-{{ .Timestamp }}'
-      - '{{ .Env.REGISTRY }}/{{ .Env.IMAGE }}:{{ replace .Branch "/" "-" }}-{{ .ShortCommit }}-arm64-{{ .Timestamp }}'
 signs:
   - ids:
       - default
@@ -105,12 +51,6 @@ signs:
     certificate: "${artifact}.pem"
     args: ["sign-blob", "--yes", "--oidc-provider=github", "--oidc-issuer=https://token.actions.githubusercontent.com", "--output-certificate=${certificate}", "--output-signature=${signature}", "${artifact}"]
     artifacts: all
-docker_signs:
-  - ids:
-      - default
-    artifacts: all
-    cmd: cosign
-    args: ["sign", "--yes", "--oidc-provider=github", "--oidc-issuer=https://token.actions.githubusercontent.com", "--output-certificate=${certificate}", "--output-signature=${signature}", "${artifact}"]
 checksum:
   name_template: "checksums.txt"
 snapshot:

Dockerfile

@@ -1,11 +1,11 @@
 # syntax=docker/dockerfile:1.8-labs
 FROM cgr.dev/chainguard/wolfi-base:latest as base
-ARG PROJECT_NAME=go-project-template
+ARG PROJECT_NAME=distillery
 RUN apk add --no-cache ca-certificates
 RUN addgroup -S ${PROJECT_NAME} && adduser -S ${PROJECT_NAME} -G ${PROJECT_NAME}
 
 FROM ghcr.io/acorn-io/images-mirror/golang:1.21 AS build
-ARG PROJECT_NAME=go-project-template
+ARG PROJECT_NAME=distillery
 COPY / /src
 WORKDIR /src
 RUN \
@@ -14,11 +14,11 @@ RUN \
   go build -o bin/${PROJECT_NAME} main.go
 
 FROM base AS goreleaser
-ARG PROJECT_NAME=go-project-template
+ARG PROJECT_NAME=distillery
 COPY ${PROJECT_NAME} /usr/local/bin/${PROJECT_NAME}
 USER ${PROJECT_NAME}
 
 FROM base
-ARG PROJECT_NAME=go-project-template
+ARG PROJECT_NAME=distillery
 COPY --from=build /src/bin/${PROJECT_NAME} /usr/local/bin/${PROJECT_NAME}
 USER ${PROJECT_NAME}

LICENSE

@@ -1,4 +1,4 @@
-Copyright 2023 Erik Kristensen
+Copyright 2024 Erik Kristensen
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
 documentation files (the “Software”), to deal in the Software without restriction, including without limitation the

README.md

@@ -1,135 +1,34 @@
-# Go Project Template
+# Distillery
 
-This is an opinionated go project template to use as a starting point for new projects.
+**Status: alpha** -- things are not fully implemented, things are likely broken. Things are likely to change. Name
+might change, but I like `dist` for the binary name.
 
-## Features
+## Overview
 
-- Builds with [GoReleaser](https://goreleaser.com)
-  - Automated with GitHub Actions
-  - Signed with Cosign (providing you generate a private key)
-- Linting with [golangci-lint](https://golangci-lint.run/)
-  - Automated with GitHub Actions
-- Builds with Docker
-  - While designed to use goreleaser, you can still just run `docker build`
-- Apple Notary Signing Support
-- Opinionated Layout
-  - Never use `internal/` folder
-  - Everything is under `pkg/` folder
-- Commits must meet [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)
-  - Automated with GitHub Actions ([commit-lint](https://github.com/conventional-changelog/commitlint/#what-is-commitlint))
-- Automatic Dependency Management with [Renovate](https://github.com/renovatebot/renovate)
-- Automatic [Semantic Releases](https://semantic-release.gitbook.io/)
-- Documentation with Material for MkDocs
-- API Server Example
-  - Uses Gorilla Mux (yes it's been archived, still the best option)
-- Stubbed out Go Tests (**note:** they are not comprehensive)
+Without a doubt, [homebrew](https://brew.sh) has had a major impact on the macOS ecosystem. It has made it easy to 
+install software and keep it up to date. It has been around for 15 years and while it has evolved over time, its core
+technology hasn't changed, and 15 year is an eternity in the tech world. I love homebrew, but I think there's room for
+another tool.
 
-### Opinionated Decisions
+The goal of this project is to leverage the collective power of all the developers out there that are using tools like
+[goreleaser](https://goreleaser.com/) and [cargo-dist](https://github.com/axodotdev/cargo-dist) and many others to 
+pre-compile their software and put their binaries up on GitHub or GitLab and install the binaries.
 
-- Uses `init` functions for registering commands globally.
-  - This allows for multiple `main` package files to be written and include different commands.
-  - Allows the command code to remain isolated from each other and a simple import to include the command.
+## Goals
 
-### Multi-Platform Builds
+- Make it simple to install binaries on your system from multiple sources
+- Do not rely on a centralized repository of package managers
+- Support binary verifications and signatures if exist, prompt the user if they don't
+- Support multiple platforms and architectures
 
-This project is designed to build for multiple platforms, including macOS, Linux, and Windows. It also supports
-multiple architectures including amd64 and arm64. 
+## TODO
 
-The goreleaser configuration is set up to build for all platforms and architectures by default. It even supports pushing
-multi-architecture docker manifests by default. Some knowledge about GoReleaser's configuration is required should you
-want to remove these capabilities.
+- [ ] implement signature verification
+- [ ] implement multiple additional sources
 
-### Apple Notary Signing
+## Usage
 
-This makes use of a tool called [quill](https://github.com/anchore/quill). To make use of this feature you will need
-to have an Apple Developer account and be able to create an Developer ID certificate.
-
-The workflow is designed to pull the necessary secrets from 1Password. This is done to keep the secrets out of the
-GitHub Actions logs. The secrets are pulled from 1Password if the event triggering the workflow is a tag **AND** the
-actor is the owner of the repository. This is to prevent forks from being able to pull the secrets and is an extra
-guard to help prevent theft.
-
-GoReleaser is configured to always sign and notarize for macOS. However, it will not notarize if the build is a snapshot.
-
-If configured properly, the binaries located within the archives produced by GoReleaser will be signed and notarized
-by the Apple Notary Service and will automatically run on any macOS system without having to approve it under System
-Preferences.
-
-If you do not wish to use 1Password simply export the same environment variables using secrets to populate them. The 
-`QUILL_SIGN_P12` and `QUILL_NOTARY_KEY` need to be base64 encoded or paths to the actual files.
-
-## Building
-
-The following will build binaries in snapshot order.
-
-```console
-goreleaser --clean --snapshot --skip sign
-```
-
-**Note:** we are skipping signing because this project uses cosign's keyless signing with GitHub Actions OIDC provider.
-
-You can opt to generate a cosign keypair locally and set the following environment variables, and then you can run
-`goreleaser --clean --snapshot` without the `--skip sign` flag to get signed artifacts.
-
-Environment Variables:
-- 
-- COSIGN_PASSWORD
-- COSIGN_KEY (path to the key file) (recommend cosign.key, it is git ignored already)
-
-```console
-cosign generate-key-pair
-```
-
-## Configure
-
-1. Rename Repository
-2. Generate Cosign Keys (optional if you want to run with signing locally, see above)
-3. Update `.goreleaser.yml`, search/replace go-project-template with new project name, adjust GitHub owner
-4. Update `main.go`,
-5. Update `go.mod`, rename go project (using IDE is best so renames happen across all files)
-
-### Docker
-
-The Dockerfile is set up to build the project and then copy the artifacts from the build into the final image. It is
-also configured to allow you to just run `docker build` directly if you do not want to use GoReleaser. 
-
-To make things easier and faster, the Dockerfile has a default build argument set to `go-project-template`. GoReleaser
-will pass the new project name down (if you update the `.goreleaser.yml` file) and the Dockerfile will use that instead.
-
-However, it would be better longer term to update this argument in the file or remove it all together.
-
-### Signing
-
-Signing happens via cosign's keyless features using the GitHub Actions OIDC provider.
-
-### Releases
-
-In order for Semantic Releases and GoReleaser to work properly you have to create a PAT to run Semantic Release
-so it's actions against the repository can trigger other workflows. Unfortunately there is no way to trigger
-a workflow from a workflow if both are run by the automatically generated GitHub Actions secret.
-
-1. Create PAT that has content `write` permissions to the repository
-2. Create GitHub Action Secret
-   - `SEMANTIC_GITHUB_TOKEN` -> populated with PAT from step 1
-3. Done
-
-## Documentation
-
-The project is built to have the documentation right alongside the code in the `docs/` directory leveraging Mkdocs Material.
-
-In the root of the project exists mkdocs.yml which drives the configuration for the documentation.
-
-This README.md is currently copied to `docs/index.md` and the documentation is automatically published to the GitHub
-pages location for this repository using a GitHub Action workflow. It does not use the `gh-pages` branch.
-
-### Running Locally
-
-```console
-make docs-serve
-```
-
-OR (if you have docker)
-
-```console
-docker run --rm -it -p 8000:8000 -v ${PWD}:/docs squidfunk/mkdocs-material
-```
+1. Download `dist` place it in your path
+2. Add `$HOME/.distillery/bin` to your path
+3. Run `dist install owner/repo` to install a binary from GitHub Repository
+4. Enjoy

cosign.pub

@@ -1,4 +1,4 @@
 -----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESLcBYyo9DKPEq23UYkXOG7RRqhwn
-/boYGgxL7bRUwLSd7tTTimzNrU9RwQNvaCEhPZDSk7cXLuxvbvOUIyVCyQ==
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgiTJ3pLMJ4sJNiBv7RuU/43FK5+e
+Yum6f9nlaGpScHiaxO6EyQ+gQ8bkpLCZFxbEN1eCGzIFTM9dzHb976OU1A==
 -----END PUBLIC KEY-----