chore: add release pipeline

Signed-off-by: Matthias Riegler <matthias.riegler@ankorstore.com>

.github/workflows/release.yaml

@@ -0,0 +1,75 @@
+name: release
+
+on:
+  push:
+    branches: [ main ]
+
+permissions: write-all
+
+jobs:
+  # Release-please for auto-updated PRs
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: google-github-actions/release-please-action@v3
+        id: release-please
+        with:
+          release-type: simple  # actual releasing is handled by goreleaser
+          package-name: computeblade-agent
+          skip-github-release: true  # GH release is created by goreleaser
+    outputs:
+      release_created: ${{ steps.release-please.outputs.release_created }}
+
+  goreleaser:
+    runs-on: ubuntu-latest
+    needs:
+      - release-please
+    if: needs.release-please.outputs.release_created
+    steps:
+      # Checkout code (full history)
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      # Setup golang with caching
+      - name: Setup Golang
+        uses: actions/setup-go@v4
+        with:
+          go-version: stable
+      - id: go-cache-paths
+        run: |
+          echo "name=go-build::$(go env GOCACHE)" >> "$GITHUB_OUTPUT"
+          echo "name=go-mod::$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
+      - name: Go Build Cache
+        uses: actions/cache@v3
+        with:
+          path: ${{ steps.go-cache-paths.outputs.go-build }}
+          key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }}
+      - name: Go Mod Cache
+        uses: actions/cache@v2
+        with:
+          path: ${{ steps.go-cache-paths.outputs.go-mod }}
+          key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }}
+
+      # Setup docker buildx
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Install cosign
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3
+
+      # Run goreleaser
+      - name: Goreleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          version: latest
+          args: release --clean
+        env:
+          COSIGN_YES: "true"
+          KO_DOCKER_REPO: ghcr.io/${{ github.repository }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+

.goreleaser.yaml

@@ -18,6 +18,33 @@ builds:
     id: bladectl
     dir: ./cmd/bladectl/
 
+# Docker image including both agent and bladectl
+dockers:
+  - id: oci-bundle
+    dockerfile: Dockerfile
+    goos: linux
+    goarch: arm64
+    ids:
+    - agent
+    - bladectl
+    image_templates:
+      - ghcr.io/uptime-lab/computeblade-agent:latest
+      - ghcr.io/uptime-lab/computeblade-agent:{{ .Tag }}
+      - ghcr.io/uptime-lab/computeblade-agent:v{{ .Major }}
+    build_flag_templates:
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--platform=linux/arm64"
+# Sign docker-image with cosign (keyless)
+docker_signs:
+  - id: oci-bundle-sign
+    artifacts: all
+    ids:
+    - oci-bundle
+
+# Regular OS packages (for now only systemd based OSes)
 nfpms:
 - id: computeblade-agent
   maintainer: Matthias Riegler <me@xvzf.tech>

Dockerfile

@@ -0,0 +1,7 @@
+FROM cgr.dev/chainguard/wolfi-base
+LABEL org.opencontainers.image.source https://github.com/uptime-lab/computeblade-agent
+
+# Copy binaries generated by goreleaser
+COPY computeblade-agent bladectl /bin
+
+ENTRYPOINT ["/bin/computeblade-agent"]