https://github.com/marccarre/go-github-release
An utility to manage GitHub releases, sign binaries & release them to GitHub
https://github.com/marccarre/go-github-release
github gpg release-automation utility
Last synced: 2 months ago
JSON representation
An utility to manage GitHub releases, sign binaries & release them to GitHub
- Host: GitHub
- URL: https://github.com/marccarre/go-github-release
- Owner: marccarre
- License: apache-2.0
- Created: 2018-11-11T14:56:33.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2018-11-14T04:06:17.000Z (over 7 years ago)
- Last Synced: 2025-04-03T22:14:33.316Z (about 1 year ago)
- Topics: github, gpg, release-automation, utility
- Language: Go
- Homepage:
- Size: 1.95 MB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://circleci.com/gh/marccarre/go-github-release/tree/master)
[](https://goreportcard.com/report/github.com/marccarre/go-github-release)
[](https://coveralls.io/github/marccarre/go-github-release)
[](https://codecov.io/gh/marccarre/go-github-release)
[](https://quay.io/repository/marccarre/go-github-release)
# go-github-release
## Features
- `release`:
- creates the GitHub release matching the provided tag,
- signs the provided release assets,
- uploads the provided release assets and their signatures to the GitHub release.
## Installation
1. Download the [latest version](https://github.com/marccarre/go-github-release/releases/latest) of `ghrelease` and its signature.
2. [Optional] Verify `ghrelease`'s signature:
1. Import my CI/CD GPG key:
```console
$ gpg --recv-keys 92A05461
gpg: key 6A74FEA692A05461: public key "Marc CARRE (GitHub software releases) " imported
gpg: Total number processed: 1
gpg: imported: 1
```
2. Check its fingerprint:
```console
$ gpg --fingerprint 92A05461
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2020-11-13
pub rsa4096 2018-11-11 [SC] [expires: 2019-11-11]
49A9 5DE0 562B 072A 82B4 F072 6A74 FEA6 92A0 5461
uid [ unknown] Marc CARRE (GitHub software releases)
sub rsa4096 2018-11-11 [E] [expires: 2019-11-11]
```
3. Import my [personal GPG key](https://keybase.io/marccarre):
```console
$ gpg --recv-keys F69B8B32
gpg: key 062658EFF69B8B32: public key "Marc CARRE " imported
gpg: Total number processed: 1
gpg: imported: 1
```
4. Ensure my CI/CD key is signed by [me](https://keybase.io/marccarre):
```console
$ gpg --list-signatures 92A05461
pub rsa4096 2018-11-11 [SC] [expires: 2019-11-11]
49A95DE0562B072A82B4F0726A74FEA692A05461
uid [ unknown] Marc CARRE (GitHub software releases)
sig 3 6A74FEA692A05461 2018-11-11 Marc CARRE (GitHub software releases)
sig 3 062658EFF69B8B32 2018-11-11 Marc CARRE
sub rsa4096 2018-11-11 [E] [expires: 2019-11-11]
sig 6A74FEA692A05461 2018-11-11 Marc CARRE (GitHub software releases)
```
5. Check `ghrelease` against its detached signature, e.g.:
```console
$ gpg --verify ghrelease-v1.0.0-linux.asc ghrelease-v1.0.0-linux
gpg: Signature made Wed 14 Nov 12:41:17 2018 JST
gpg: using RSA key 6A74FEA692A05461
gpg: Good signature from "Marc CARRE (GitHub software releases) " [ultimate]
```
## Usage
```console
$ gpg --export-secret-keys > /path/to/your/private/key.asc
$ export GPG_PASSWD="..."
$ export GITHUB_API_TOKEN="..."
$ ghrelease release --help
Sign and upload the provided release assets on GitHub under the release corresponding to the provided tag
Usage:
ghrelease release [flags]
Flags:
-d, --draft Should the release be a draft release, default: true (default true)
-h, --help help for release
-k, --key string Path to the private GPG key to use to sign the release assets
-o, --owner string GitHub owner, e.g. marccarre in github.com/marccarre/go-github-release
-r, --repo string GitHub repository, e.g. go-github-release in github.com/marccarre/go-github-release
-t, --tag string Git tag corresponding to the release to perform, e.g. v1.0.0
$ ghrelease release -o marccarre -r go-github-release -t v1.0.0 -k /path/to/your/private/key.asc ...
{"level":"info","msg":"creating release","owner":"marccarre","repo":"go-github-release","tag":"v1.0.0","draft":true}
{"level":"info","msg":"successfully created release","owner":"marccarre","repo":"go-github-release","tag":"v1.0.0","draft":true}
{"level":"info","msg":"signing release asset","file":""}
{"level":"info","msg":"successfully signed release asset","file":""}
{"level":"info","msg":"uploading release asset","file":"","release":"v1.0.0"}
{"level":"info","msg":"successfully uploaded release asset","file":"","release":"v1.0.0","asset":""}
{"level":"info","msg":"uploading release asset","file":".asc","release":"v1.0.0"}
{"level":"info","msg":"successfully uploaded release asset","file":".asc","release":"v1.0.0","asset":".asc"}
```
## Development
### Setup
- Install [`docker`](https://store.docker.com/search?type=edition&offering=community)
- Install `make`
That's all folks!
All other tools are packaged in build Docker images (see `Dockerfile`) to ensure any machine can build easily, hence avoiding the "[_it works on my machine_](http://www.codinghorror.com/blog/2007/03/the-works-on-my-machine-certification-program.html)" syndrome.
### Build
```console
make
```
### Lint
```console
make lint
```
### Test
```console
make test
```
### Release
```console
git tag vX.Y.Z -a -m vX.Y.Z
git push --tags
```