Experimental build scripts

.gitignore

@@ -25,6 +25,7 @@ website/node_modules
 *.iml
 *.test
 *.iml
+.env
 
 # goreleaser
 /dist

README.md

@@ -21,11 +21,16 @@ Requirements
 Usage
 -----
 
-For Terraform 0.12+ compatibility, the configuration should specify version 1.6 or higher:
+Just include the provider, example:
 
 ```hcl
-provider "mysql" {
-  version = "~> 1.6"
+terraform {
+  required_providers {
+    mysql = {
+      source = "petoju/mysql"
+      version = "~> 3.0.72"
+    }
+  }
 }
 ```
 
@@ -46,6 +51,8 @@ goreleaser build --clean
 Files in dist should match whatever is provided. If they don't, consider reading
 https://words.filippo.io/reproducing-go-binaries-byte-by-byte/ or open an issue here.
 
+There is also experimental way to build everything in docker. I will try to use it every time,
+but I may skip it if it doesn't work. That should roughly match how I build the provider locally.
 
 Using the provider
 ----------------------

scripts/build/.env.sample

@@ -0,0 +1 @@
+export GITHUB_TOKEN=secret_token

scripts/build/Dockerfile

@@ -0,0 +1,28 @@
+FROM goreleaser/goreleaser:v2.8.2
+
+RUN apk add --no-cache \
+		ca-certificates \
+		git \
+		gnupg
+
+ENV GPG_TTY /dev/console
+ARG USER_ID=1000
+ARG GROUP_ID=1000
+
+RUN addgroup --gid "$GROUP_ID" user && \
+    adduser -D -u "$USER_ID" -G user -h /home/user -s /bin/bash user && \
+    mkdir -p /home/user/.gnupg && \
+    chown "${USER_ID}:${GROUP_ID}" /home/user/.gnupg && \
+    chmod 700 /home/user/.gnupg
+
+COPY build.sh /usr/local/bin/
+
+# Switch to non-root user
+USER user
+
+COPY --chown=user:user peter-junos.pub /home/user/
+RUN gpg --batch --import /home/user/peter-junos.pub
+
+WORKDIR /home/user/app
+
+ENTRYPOINT ["/usr/local/bin/build.sh"]

scripts/build/build.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+export GPG_FINGERPRINT=298A405CE1C450D2
+
+echo "Prefetching key"
+
+while ! echo "test" | gpg --armor --detach-sign; do
+	echo "Testing again"
+	sleep 1
+done
+
+rm -r dist
+goreleaser release --clean

scripts/build/peter-junos.pub

@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFz7qxABEADHvsuQO+R1WzL5PMXHM0c92xgxqezAjDc3sKoRBZC1ukwP8x8Y
+H5FBjO1KuNLiCw5g2tARkgTGlN6sF9Wx5hZ7Eer3JbKDOs8BGmV5qLzx+qOj1o24
+CNZQChBOXXeQjBy/PmUTEu6uojSJhnXWA800f0L1iCDpV/rzNS2QHlsptYoMpWgi
+7KrxTfLdrAkiyBgC03IHnzZxfG//hqeBYMSb7ljbfxsz955SfBPLmukGpa5dZxif
+lMj/X2hsxZx4YMxWJNBmTALP/N5riCZ810dU6Gy1M79Ybj9EgLR1ocqom9blnGJS
+dZp7corb06vg2VtpBmm3wNfOq7+5NWS/MDdDpxqqcZPlzs6pJiHvyr489vclkaad
+Rf9WDm6EFOYxnnMYD3vZ9PwFKPpVQ5XeyHRy8JXbmqNEJwqVZnJT4si8ErIL0B0d
+5q7oUN0bzElOkTg3fME90usc3iL9MHwoXxCDLps+41CiEiix8xO0dzRR/eo5GKOG
+lRxxbZTt5UHxSK+3Yr3YyYbHMxkNoK4Zrw1TK9wcffQjS0pESjQCxAHFtZqFFffh
+u3e4FsNipMTPItZB6/VWj2cWz2A6MjrzGdTleMdOKfultjK24RmM1lXbTqPgbhbw
+RWfajAYyByaVRleTrzcTBLqKqK50LrufRtvErTf9Zhug0QUqUk4WwwKlXQARAQAB
+tC9QZXRlciBKdW5vcyAoeXViaS1zYXZlZCBrZXkpIDxwZXRvanVAZ21haWwuY29t
+PokCTgQTAQgAOBYhBH9QnswbhojHe1LXaSmKQFzhxFDSBQJc+6sQAhsvBQsJCAcD
+BRUKCQgLBRYCAwEAAh4BAheAAAoJECmKQFzhxFDS4+wQAIVoy9mu5OiYws6x9o7s
+13ll9DEHepOETX0qTsOa5AhhOET5jBuQAYenLTRXOFEzoOoyKXxvYDpWtux0M1D+
+JlrMImKogCsUrPrE5mkE3dU0+HcmKR9PPiiJ3GcOUnA4ab16reivKjaKjp5XkwQH
+mZujwnudoZ314VXp8Rn4ij7N2hmNf6iq2kTI0CqcbRiCVNQ4bBU25GPSQL/uM2xQ
+8DdmGyeLwBcubzxONLNn3y0ueGqa5/S5jviK180au3zyljI/fTZErcT4X33ByUQT
+FrdNvdXtj0jsnOp0iNEpo6pnfZSBPjPW+vt1J528gUCylE0howmHxMKk1SP01iPJ
+7zoNI9wgK1qYddGEzrYs6YjVAMchtNpxw7lthhbwK4ndGBzUQuFJiRzSKnet7DEd
+4+CJle6C1wugmDPLbuw+9QBoZ2tAn7V/ydefkF80fk8x9gowNn7ImHnMNFpShRIi
+slZ9NWQHKEj8cXq0ZaZK8XnRoaLo5gzH90cQDIskfyCtnNjEnGu8uJ9ZGRsMAGRR
+rjQXRmGLx4jyN9Z++SkYB146fsWZcShhL+jt7CbiYxOBvuCQYBbq44eZNg5dzD9U
+WdwqDzTwh6S9xvHhByM07ZwFzaXtLgApwNDZnsKyqnoYAYXrPfs7oz+iUiRYpNm+
+E3rhhPvqCx94qA/pmuhRCpS6
+=UGHL
+-----END PGP PUBLIC KEY BLOCK-----
+

scripts/build/run.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+if [ -e ".env" ]; then
+	source ./.env
+fi
+
+if [ -z "$GITHUB_TOKEN" ]; then
+	echo "No github token!"
+	exit 1
+fi
+
+# Debug with gpg --card-status
+# Initialize signing.
+echo "Test" | gpg --armor --detach-sign
+
+export GPG_AGENT_SOCKET=$(gpgconf --list-dirs agent-socket)
+echo "Using GPG Agent Socket: ${GPG_AGENT_SOCKET}"
+
+DOCKER_IMAGE="$(docker build -q .)"
+
+docker run -e GITHUB_TOKEN -v "${GPG_AGENT_SOCKET}:/home/user/.gnupg/S.gpg-agent:rw" -v "$PWD/../../:/home/user/app" -it "$DOCKER_IMAGE"
+
+git push
+git tag -s "$TAG" -m "Update to $TAG"
+git push origin "$TAG"