goreleaser/pipeline/sign/sign.go

package sign

import (
	"fmt"
	"os"
	"os/exec"
	"path/filepath"

	"github.com/goreleaser/goreleaser/context"
	"github.com/goreleaser/goreleaser/pipeline"
)

type Pipe struct{}

func (Pipe) String() string {
	return "signing artifacts"
}

func (Pipe) Default(ctx *context.Context) error {
	cfg := &ctx.Config.Sign
	if cfg.Cmd == "" {
		cfg.Cmd = "gpg"
	}
	if cfg.Signature == "" {
		cfg.Signature = "${artifact}.sig"
	}
	if len(cfg.Args) == 0 {
		cfg.Args = []string{"--output", "$signature", "--detach-sig", "$artifact"}
	}
	if cfg.Artifacts == "" {
		cfg.Artifacts = "none"
	}
	return nil
}

func (Pipe) Run(ctx *context.Context) error {
	switch ctx.Config.Sign.Artifacts {
	case "checksum":
		return sign(ctx, ctx.Checksums)
	case "all":
		return sign(ctx, ctx.Artifacts)
	case "none":
		return pipeline.Skip("artifact signing disabled")
	default:
		return fmt.Errorf("invalid list of artifacts to sign: %s", ctx.Config.Sign.Artifacts)
	}
}

func sign(ctx *context.Context, artifacts []string) error {
	var sigs []string
	for _, a := range artifacts {
		sig, err := signone(ctx, a)
		if err != nil {
			return err
		}
		sigs = append(sigs, sig)
	}
	for _, sig := range sigs {
		ctx.AddArtifact(sig)
	}
	return nil
}

func signone(ctx *context.Context, artifact string) (string, error) {
	cfg := ctx.Config.Sign

	artifact = filepath.Join(ctx.Config.Dist, artifact)
	env := map[string]string{
		"artifact": artifact,
	}

	sig := expand(cfg.Signature, env)
	if sig == "" {
		return "", fmt.Errorf("sign: signature file cannot be empty")
	}
	if sig == artifact {
		return "", fmt.Errorf("sign: artifact and signature cannot be the same")
	}
	env["signature"] = sig

	// todo(fs): check if $out already exists

	var args []string
	for _, a := range cfg.Args {
		args = append(args, expand(a, env))
	}

	cmd := exec.Command(cfg.Cmd, args...)
	output, err := cmd.CombinedOutput()
	if len(output) > 200 {
		output = output[:200]
	}
	if err != nil {
		return "", fmt.Errorf("sign: %s failed with %q", cfg.Cmd, string(output))
	}
	return sig, nil
}

func expand(s string, env map[string]string) string {
	return os.Expand(s, func(key string) string {
		return env[key]
	})
}
feat: add artifact sign pipeline This patch adds a generic artifact signing pipeline. Fixes #166 2017-12-13 17:14:01 +01:00			`package sign`

			`import (`
			`"fmt"`
			`"os"`
			`"os/exec"`
			`"path/filepath"`

			`"github.com/goreleaser/goreleaser/context"`
			`"github.com/goreleaser/goreleaser/pipeline"`
			`)`

			`type Pipe struct{}`

			`func (Pipe) String() string {`
			`return "signing artifacts"`
			`}`

			`func (Pipe) Default(ctx *context.Context) error {`
			`cfg := &ctx.Config.Sign`
			`if cfg.Cmd == "" {`
			`cfg.Cmd = "gpg"`
			`}`
			`if cfg.Signature == "" {`
			`cfg.Signature = "${artifact}.sig"`
			`}`
			`if len(cfg.Args) == 0 {`
			`cfg.Args = []string{"--output", "$signature", "--detach-sig", "$artifact"}`
			`}`
			`if cfg.Artifacts == "" {`
			`cfg.Artifacts = "none"`
			`}`
			`return nil`
			`}`

			`func (Pipe) Run(ctx *context.Context) error {`
			`switch ctx.Config.Sign.Artifacts {`
			`case "checksum":`
			`return sign(ctx, ctx.Checksums)`
			`case "all":`
			`return sign(ctx, ctx.Artifacts)`
			`case "none":`
			`return pipeline.Skip("artifact signing disabled")`
			`default:`
			`return fmt.Errorf("invalid list of artifacts to sign: %s", ctx.Config.Sign.Artifacts)`
			`}`
			`}`

			`func sign(ctx *context.Context, artifacts []string) error {`
			`var sigs []string`
			`for _, a := range artifacts {`
			`sig, err := signone(ctx, a)`
			`if err != nil {`
			`return err`
			`}`
			`sigs = append(sigs, sig)`
			`}`
			`for _, sig := range sigs {`
			`ctx.AddArtifact(sig)`
			`}`
			`return nil`
			`}`

			`func signone(ctx *context.Context, artifact string) (string, error) {`
			`cfg := ctx.Config.Sign`

			`artifact = filepath.Join(ctx.Config.Dist, artifact)`
			`env := map[string]string{`
			`"artifact": artifact,`
			`}`

			`sig := expand(cfg.Signature, env)`
			`if sig == "" {`
			`return "", fmt.Errorf("sign: signature file cannot be empty")`
			`}`
			`if sig == artifact {`
			`return "", fmt.Errorf("sign: artifact and signature cannot be the same")`
			`}`
			`env["signature"] = sig`

			`// todo(fs): check if $out already exists`

			`var args []string`
			`for _, a := range cfg.Args {`
			`args = append(args, expand(a, env))`
			`}`

			`cmd := exec.Command(cfg.Cmd, args...)`
			`output, err := cmd.CombinedOutput()`
			`if len(output) > 200 {`
			`output = output[:200]`
			`}`
			`if err != nil {`
			`return "", fmt.Errorf("sign: %s failed with %q", cfg.Cmd, string(output))`
			`}`
			`return sig, nil`
			`}`

			`func expand(s string, env map[string]string) string {`
			`return os.Expand(s, func(key string) string {`
			`return env[key]`
			`})`
			`}`