feat: add multiarch build using matrix strategy (#29)

* feat: add multiarch build using matrix strategy

---------

Co-authored-by: zs-ko <[email protected]>

.github/workflows/release.yml

@@ -10,32 +10,73 @@ on:
       - completed
 
 jobs:
-  on-success:
-    name: Release
+  test:
+    name: Test
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
-      - name: Setup Node.js
-        uses: actions/setup-node@v3
-        with:
-          node-version: "lts/*"
-
-      - name: Set up Go 1.18
-        uses: actions/setup-go@v3
+      - name: Set up Go 1.21.10
+        uses: actions/setup-go@v5
         with:
-          go-version: 1.18
+          go-version: '1.21.10'
 
       - name: Run Tests
         run: |
           make test
+  build:
+    name: Build
+    needs: test
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: ['linux', 'windows', 'darwin']
+        architecture: [amd64, arm64]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go 1.21.10
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.21.10'
 
       - name: Build the artifacts
         run: |
-          make build
+          make OS=${{ matrix.os }} GOARCH=${{ matrix.architecture }} build
+
+      - name: uplpoad built artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: vault-plugin-secrets-nats-${{ matrix.os }}-${{ matrix.architecture }}
+          path: build/vault/plugins/vault-plugin-secrets-nats-*
+          retention-days: 1
+          overwrite: true
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: "lts/*"
+
+      - name: Download built artifacts
+        uses: actions/download-artifact@v4
+        with:
+          path: build/vault/plugins/
+          merge-multiple: true
 
       - name: Release
         env:
@@ -45,6 +86,4 @@ jobs:
           #!/bin/bash
           set -e
           npm install @semantic-release/exec @eclass/semantic-release-docker @semantic-release/git -D
-          # the ... || true is to prevent the script from failing caused by a bug in semantic-release regarding 
-          # rate limit changes on github. See https://github.com/semantic-release/github/pull/487
-          npx -c semantic-release || true
+          npx -c semantic-release

.releaserc.json

@@ -52,12 +52,7 @@
       {
         "assets": [
           {
-            "path": "build/vault/plugins/vault-plugin-secrets-nats",
-            "label": "vault-plugin-secrets-nats"
-          },
-          {
-            "path": "build/vault/plugins/vault-plugin-secrets-nats.sha256",
-            "label": "vault-plugin-secrets-nats.sha256"
+            "path": "build/vault/plugins/vault-plugin-secrets-*"
           }
         ]
       }

Makefile

@@ -21,7 +21,7 @@ generate:
 all: fmt build start
 
 build: generate
-	CGO_ENABLED=0  GOOS=$(OS) GOARCH="$(GOARCH)" go build -o build/vault/plugins/vault-plugin-secrets-nats -gcflags "all=-N -l" -ldflags '-extldflags "-static"' cmd/vault-plugin-secrets-nats/main.go
+	CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(GOARCH) go build -o build/vault/plugins/vault-plugin-secrets-nats-$(OS)-$(GOARCH) -gcflags "all=-N -l" -ldflags '-extldflags "-static"' cmd/vault-plugin-secrets-nats/main.go
 
 docker: build
 	docker build -t $(DOCKER_REGISTRY)/vault-with-nats-secrets:$(VERSION) -f build/vault/Dockerfile .
@@ -36,7 +36,7 @@ enable:
 	VAULT_ADDR='http://127.0.0.1:8200' vault secrets enable -path=nats-secrets vault-plugin-secrets-nats
 
 clean:
-	rm -f ./build/vault/plugins/vault-plugin-secrets-nats
+	rm -f ./build/vault/plugins/vault-plugin-secrets-nats-*
 
 fmt:
 	go fmt $$(go list ./...)

build/vault/Dockerfile

@@ -1,7 +1,7 @@
 FROM vault:1.12.5
 RUN mkdir -p /etc/vault/vault_plugins
 RUN mkdir -p /etc/vault/vault_plugins_checksums
-COPY build/vault/plugins/vault-plugin-secrets-nats /etc/vault/vault_plugins
+COPY build/vault/plugins/vault-plugin-secrets-nats-linux-amd64 /etc/vault/vault_plugins/vault-plugin-secrets-nats
 RUN sha256sum /etc/vault/vault_plugins/vault-plugin-secrets-nats > /etc/vault/vault_plugins_checksums/vault-plugin-secrets-nats.sha256
 RUN cat /etc/vault/vault_plugins_checksums/*
 

ci/semantic-release-patch-files.sh

@@ -1,9 +1,17 @@
 #!/bin/sh
 set -e
 NEXTVERSION=$1
-sha256sum build/vault/plugins/vault-plugin-secrets-nats > build/vault/plugins/vault-plugin-secrets-nats.sha256
+for file in build/vault/plugins/vault-plugin-secrets-nats-*; do
+  sha256sum $file > $file.sha256
+    # this is to retain backward compatibility with the old naming convention
+    if echo "$file" | grep -q "amd64"; then
+        cp $file ./build/vault/plugins/vault-plugin-secrets-nats
+        cp $file.sha256 build/vault/plugins/vault-plugin-secrets-nats.sha256
+    fi
+done
+# only use x86 for the README.md and dev/manifests/vault/vault.yaml
 export SHA256SUM=$(cat build/vault/plugins/vault-plugin-secrets-nats.sha256 | cut -d ' ' -f1)
 sed -i "s#sha256: .*#sha256: ${SHA256SUM}#g" README.md
 sed -i "s#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:.*#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:${NEXTVERSION}#g" README.md
 sed -i "s#sha256: .*#sha256: ${SHA256SUM}#g" dev/manifests/vault/vault.yaml
-sed -i "s#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:.*#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:${NEXTVERSION}#g" dev/manifests/vault/vault.yaml
+sed -i "s#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:.*#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:${NEXTVERSION}#g" dev/manifests/vault/vault.yaml