diff --git a/.cspell.json b/.cspell.json new file mode 100644 index 0000000..f9a2200 --- /dev/null +++ b/.cspell.json @@ -0,0 +1,33 @@ +{ + "$schema": "https://raw.githubusercontent.com/streetsidesoftware/cspell/main/cspell.schema.json", + "dictionaries": [ + "project-words", + "gaming-terms" + ], + "dictionaryDefinitions": [ + { + "addWords": true, + "name": "project-words", + "path": "./project-words.txt" + } + ], + "ignorePaths": [ + "node_modules", + "/project-words.txt" + ], + "import": [ + "@cspell/dict-bash/cspell-ext.json", + "@cspell/dict-companies/cspell-ext.json", + "@cspell/dict-data-science/cspell-ext.json", + "@cspell/dict-de-de/cspell-ext.json", + "@cspell/dict-docker/cspell-ext.json", + "@cspell/dict-gaming-terms/cspell-ext.json", + "@cspell/dict-git/cspell-ext.json", + "@cspell/dict-k8s/cspell-ext.json", + "@cspell/dict-powershell/cspell-ext.json", + "@cspell/dict-software-terms/cspell-ext.json", + "@cspell/dict-vim/cspell-ext.json", + "@cspell/dict-win32/cspell-ext.json" + ], + "version": "0.2" +} diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..b752841 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,154 @@ +name: Build Go Binaries +on: + schedule: + - cron: '0 0/1 * * *' + workflow_dispatch: +env: + SOFTWARE_NAME: "Tailscale" + FILE_NAME: "tailscaled" + REPO: "tailscale/tailscale" + # TODO: If you have forked ot copied this code you need to change to your repository here. + REPO_SMALL: "lwbt/ts_build_test" + GIT_USER_NAME: "lwbt" + GIT_USER_EMAIL: "lwbt_pipeline@github.com" +jobs: + check-versions: + runs-on: ubuntu-latest + outputs: + TAG: ${{ steps.tag.outputs.TAG }} + TAG_SMALL: ${{ steps.tag_small.outputs.TAG_SMALL }} + steps: + - name: Get latest ${{ env.SOFTWARE_NAME }} tag + id: tag + run: | + latest_tag=$( + curl -s "https://api.github.com/repos/${{ env.REPO }}/releases/latest" \ + | grep -oP '"tag_name": "\K(.*)(?=")' + ) + echo "TAG=$latest_tag" >> "$GITHUB_OUTPUT" + echo "Latest ${{ env.SOFTWARE_NAME }} Tag: $latest_tag" + - name: Get latest ${{ env.SOFTWARE_NAME }} Small tag + id: tag_small + run: | + latest_tag=$( + curl -s "https://api.github.com/repos/${{ env.REPO_SMALL }}/releases/latest" \ + | grep -oP '"tag_name": "\K(.*)(?=")' || echo "" + ) + echo "TAG_SMALL=$latest_tag" >> "$GITHUB_OUTPUT" + echo "Latest ${{ env.SOFTWARE_NAME }} Small Tag: $latest_tag" + build: + runs-on: ubuntu-latest + needs: check-versions + if: needs.check-versions.outputs.TAG_SMALL != needs.check-versions.outputs.TAG + env: + TAG: ${{ needs.check-versions.outputs.TAG }} + strategy: + matrix: + go-version: [stable] + os: [linux] + platform: [amd64, arm, arm64, mips] + steps: + - name: Checkout ${{ env.SOFTWARE_NAME }} Repo + uses: actions/checkout@v4 + with: + repository: ${{ env.REPO }} + ref: ${{ env.TAG }} + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: ${{ matrix.go-version }} + - name: Download Go modules + run: go mod download + - name: Cross-compile + run: | + GOOS=${{ matrix.os }} GOARCH=${{ matrix.platform }} ./build_dist.sh \ + --extra-small --box \ + -o "${{ env.FILE_NAME }}-${{ matrix.os }}-${{ matrix.platform }}" ./cmd/${{ env.FILE_NAME }} + - name: Upload built binary + uses: actions/upload-artifact@v4 + with: + name: ${{ env.FILE_NAME }}-${{ matrix.os }}-${{ matrix.platform }} + path: ./${{ env.FILE_NAME }}-${{ matrix.os }}-${{ matrix.platform }} + publish: + runs-on: ubuntu-latest + needs: [check-versions, build] + if: needs.check-versions.outputs.TAG_SMALL != needs.check-versions.outputs.TAG + env: + TAG: ${{ needs.check-versions.outputs.TAG }} + steps: + # NOTE: While UPX seems to be at least available on the Ubuntu Runner + # images, we opt to use the most recent version here with the latest + # fixes. + - name: Get UPX latest version + id: get-upx-version + run: | + echo "UPX_VERSION=$( + curl -s https://api.github.com/repos/upx/upx/releases/latest \ + | jq -r '.tag_name' \ + | cut -c 2- + )" >> "$GITHUB_ENV" + - name: Download UPX + run: | + wget -q "https://github.com/upx/upx/releases/download/v${{ env.UPX_VERSION }}/upx-${{ env.UPX_VERSION }}-amd64_linux.tar.xz" + tar --to-stdout -xf "upx-${{ env.UPX_VERSION }}-amd64_linux.tar.xz" \ + "upx-${{ env.UPX_VERSION }}-amd64_linux/upx" > "${PWD}/upx" + chmod -v +x "${PWD}/upx" + - name: Download built binaries + uses: actions/download-artifact@v4 + with: + pattern: ${{ env.FILE_NAME }}-* + - name: Moving files + run: | + for dir in "${{ env.FILE_NAME }}-"*; do + mv -v "${dir}" "${dir}.d" + mv -v "${dir}.d/${{ env.FILE_NAME }}-"* . + rmdir -v "${dir}.d" + done + chmod -v +x "${{ env.FILE_NAME }}-"* + - name: Compress Binary with UPX + run: | + "${PWD}/upx" --lzma --best --no-progress "${{ env.FILE_NAME }}-"* + - name: Create checksums + run: | + sha256sum "${{ env.FILE_NAME }}-"* > "checksums.txt" + - name: Checkout ${{ env.SOFTWARE_NAME }} Small repository + uses: actions/checkout@v4 + with: + path: tools + - name: Create tag in ${{ env.SOFTWARE_NAME }} Small repository + run: | + cd tools + if git rev-parse --quiet --verify "refs/tags/${{ env.TAG }}"; then + echo "Tag already exists" + exit 0 + else + echo "Tag does not exist, creating" + git config --global user.email "${{ env.GIT_USER_EMAIL }}" + git config --global user.name "${{ env.GIT_USER_NAME }}" + git tag "${{ env.TAG }}" + git push --tags + fi + - name: Create Release + uses: ncipollo/release-action@v1 + with: + name: Small ${{ env.SOFTWARE_NAME }} ${{ env.TAG }} + tag: ${{ env.TAG }} + token: ${{ secrets.GITHUB_TOKEN }} + draft: false + prerelease: false + #allowupdates: true + artifacts: | + ${{ env.FILE_NAME }}-* + checksums.txt + body: | + Small ${{ env.SOFTWARE_NAME }} build ${{ env.TAG }} + + For a complete changelog go to https://github.com/${{ env.REPO }}/releases/tag/${{ env.TAG }} + + This release was created by: + + * Building a combined binary of `tailscale` and `tailscaled` + * Using the build option `--extra-small` + * Compressing the binary with UPX + + To use both programs, rename `tailscaled-OS-ARCH` to `tailscaled` and create a symbolic (`ln -sv tailscaled tailscale`) diff --git a/.github/workflows/build.yaml-disabled b/.github/workflows/build.yaml-disabled new file mode 100644 index 0000000..a6389ab --- /dev/null +++ b/.github/workflows/build.yaml-disabled @@ -0,0 +1,105 @@ +name: Build Go Binary +on: + schedule: + - cron: '0 0/1 * * *' + workflow_dispatch: +jobs: + build: + runs-on: ubuntu-latest + env: + REPO_TS: "tailscale/tailscale" + # TODO: If you have forked ot copied this code you need to change to your repository here. + REPO_SMALL_TS: "lwbt/ts_build_test" + strategy: + matrix: + go-version: [stable] + os: [linux] + platform: [amd64, arm, arm64, mips] + steps: + - name: Get latest Tailscale tag + run: | + latest_tag=$(curl -s "https://api.github.com/repos/${{ env.REPO_TS }}/releases/latest" | grep -oP '"tag_name": "\K(.*)(?=")') + echo "TAG=$latest_tag" >> $GITHUB_ENV + echo "Latest Tailscale Tag: $latest_tag" + - name: Get latest Tailscale Small tag + run: | + latest_tag=$(curl -s "https://api.github.com/repos/${{ env.REPO_SMALL_TS }}/releases/latest" | grep -oP '"tag_name": "\K(.*)(?=")' || echo "") + echo "TAG_SMALL=$latest_tag" >> $GITHUB_ENV + echo "Latest Tailscale Small Tag: $latest_tag" + - name: Checkout Tailscale code + if: env.TAG_SMALL != env.TAG + uses: actions/checkout@v4 + with: + repository: tailscale/tailscale + ref: ${{ env.TAG }} + - name: Checkout Tailscale Small code + if: env.TAG_SMALL != env.TAG + uses: actions/checkout@v4 + with: + path: tools + - name: Setup Go + if: env.TAG_SMALL != env.TAG + uses: actions/setup-go@v5 + with: + go-version: ${{ matrix.go-version }} + - name: Download Go modules + if: env.TAG_SMALL != env.TAG + run: go mod download + - name: Cross-compile for ${{ matrix.platform }} + if: env.TAG_SMALL != env.TAG + run: GOOS=${{ matrix.os }} GOARCH=${{ matrix.platform }} ./build_dist.sh --extra-small --box -o tailscaled-${{ matrix.os }}-${{ matrix.platform }} ./cmd/tailscaled + - name: Get UPX latest version + if: env.TAG_SMALL != env.TAG + id: get-upx-version + run: | + echo "UPX_VERSION=$(curl -s https://api.github.com/repos/upx/upx/releases/latest | jq -r '.tag_name' | cut -c 2-)" >> $GITHUB_ENV + - name: Download UPX + if: env.TAG_SMALL != env.TAG + run: | + wget -q "https://github.com/upx/upx/releases/download/v${{ env.UPX_VERSION }}/upx-${{ env.UPX_VERSION }}-amd64_linux.tar.xz" + tar --to-stdout -xf "upx-${{ env.UPX_VERSION }}-amd64_linux.tar.xz" "upx-${{ env.UPX_VERSION }}-amd64_linux/upx" > "${PWD}/upx" + chmod -v +x "${PWD}/upx" + - name: Compress Binary with UPX + if: env.TAG_SMALL != env.TAG + run: | + "${PWD}/upx" --lzma --best --no-progress "tailscaled-${{ matrix.os }}-${{ matrix.platform }}" + sha256sum "tailscaled-${{ matrix.os }}-${{ matrix.platform }}" > "tailscaled-${{ matrix.os }}-${{ matrix.platform }}.sha256" + - name: Create tag in Tailscale Small repository + if: env.TAG_SMALL != env.TAG + run: | + cd tools + if git rev-parse --quiet --verify "refs/tags/${{ env.TAG }}"; then + echo "Tag already exists" + exit 0 + else + echo "Tag does not exist, creating" + git config --global user.email "lwbt_pipeline@github.com" + git config --global user.name "lwbt" + git tag ${{ env.TAG }} + git push --tags + fi + - name: Create Release + if: env.TAG_SMALL != env.TAG + uses: ncipollo/release-action@v1 + with: + name: Small Tailscale ${{ env.TAG }} + tag: ${{ env.TAG }} + body: | + Small Tailscale build ${{ env.TAG }} + + For a complete changelog go to https://github.com/${{ env.REPO_TS }}/releases/tag/${{ env.TAG }} + + This release was created by: + + * Building a combined binary of `tailscale` and `tailscaled` + * Using the build option `--extra-small` + * Compressing the binary with UPX + + To use both programs, rename `tailscaled-OS-ARCH` to `tailscaled` and create a symbolic (`ln -sv tailscaled tailscale`) + token: ${{ secrets.GITHUB_TOKEN }} + draft: false + prerelease: false + allowupdates: true + artifacts: | + tailscaled-${{ matrix.os }}-${{ matrix.platform }} + tailscaled-${{ matrix.os }}-${{ matrix.platform }}.sha256 diff --git a/.github/workflows/build.yaml-disabled2 b/.github/workflows/build.yaml-disabled2 new file mode 100644 index 0000000..716926f --- /dev/null +++ b/.github/workflows/build.yaml-disabled2 @@ -0,0 +1,122 @@ +name: Build Go Binary +on: + schedule: + - cron: '0 0/1 * * *' + workflow_dispatch: +jobs: + build: + runs-on: ubuntu-latest + env: + REPO_TS: "tailscale/tailscale" + # TODO: If you have forked ot copied this code you need to change to your repository here. + REPO_SMALL_TS: "lwbt/ts_build_test" + GIT_USER_NAME: "lwbt" + GIT_USER_EMAIL: "lwbt_pipeline@github.com" + strategy: + matrix: + go-version: [stable] + os: [linux] + platform: [amd64, arm, arm64, mips] + steps: + - name: Get latest Tailscale tag + run: | + latest_tag=$( + curl -s "https://api.github.com/repos/${{ env.REPO_TS }}/releases/latest" \ + | grep -oP '"tag_name": "\K(.*)(?=")' + ) + echo "TAG=$latest_tag" >> $GITHUB_ENV + echo "Latest Tailscale Tag: $latest_tag" + - name: Get latest Tailscale Small tag + run: | + latest_tag=$( + curl -s "https://api.github.com/repos/${{ env.REPO_SMALL_TS }}/releases/latest" \ + | grep -oP '"tag_name": "\K(.*)(?=")' || echo "" + ) + echo "TAG_SMALL=$latest_tag" >> $GITHUB_ENV + echo "Latest Tailscale Small Tag: $latest_tag" + - name: Checkout Tailscale code + if: env.TAG_SMALL != env.TAG + uses: actions/checkout@v4 + with: + repository: tailscale/tailscale + ref: ${{ env.TAG }} + - name: Checkout Tailscale Small code + if: env.TAG_SMALL != env.TAG + uses: actions/checkout@v4 + with: + path: tools + - name: Setup Go + if: env.TAG_SMALL != env.TAG + uses: actions/setup-go@v5 + with: + go-version: ${{ matrix.go-version }} + - name: Download Go modules + if: env.TAG_SMALL != env.TAG + run: go mod download + - name: Cross-compile + if: env.TAG_SMALL != env.TAG + run: | + GOOS=${{ matrix.os }} GOARCH=${{ matrix.platform }} ./build_dist.sh \ + --extra-small --box \ + -o "tailscaled-${{ matrix.os }}-${{ matrix.platform }}" ./cmd/tailscaled + - name: Get UPX latest version + if: env.TAG_SMALL != env.TAG + id: get-upx-version + run: | + echo "UPX_VERSION=$( + curl -s https://api.github.com/repos/upx/upx/releases/latest \ + | jq -r '.tag_name' \ + | cut -c 2- + )" >> $GITHUB_ENV + - name: Download UPX + if: env.TAG_SMALL != env.TAG + run: | + wget -q "https://github.com/upx/upx/releases/download/v${{ env.UPX_VERSION }}/upx-${{ env.UPX_VERSION }}-amd64_linux.tar.xz" + tar --to-stdout -xf "upx-${{ env.UPX_VERSION }}-amd64_linux.tar.xz" \ + "upx-${{ env.UPX_VERSION }}-amd64_linux/upx" > "${PWD}/upx" + chmod -v +x "${PWD}/upx" + - name: Compress Binary with UPX + if: env.TAG_SMALL != env.TAG + run: | + "${PWD}/upx" --lzma --best --no-progress "tailscaled-${{ matrix.os }}-${{ matrix.platform }}" + sha256sum "tailscaled-${{ matrix.os }}-${{ matrix.platform }}" \ + > "tailscaled-${{ matrix.os }}-${{ matrix.platform }}.sha256" + - name: Create tag in Tailscale Small repository + if: env.TAG_SMALL != env.TAG + run: | + cd tools + if git rev-parse --quiet --verify "refs/tags/${{ env.TAG }}"; then + echo "Tag already exists" + exit 0 + else + echo "Tag does not exist, creating" + git config --global user.email "${{ env.GIT_USER_EMAIL }}" + git config --global user.name "${{ env.GIT_USER_NAME }}" + git tag "${{ env.TAG }}" + git push --tags + fi + - name: Create Release + if: env.TAG_SMALL != env.TAG + uses: ncipollo/release-action@v1 + with: + name: Small Tailscale ${{ env.TAG }} + tag: ${{ env.TAG }} + body: | + Small Tailscale build ${{ env.TAG }} + + For a complete changelog go to https://github.com/${{ env.REPO_TS }}/releases/tag/${{ env.TAG }} + + This release was created by: + + * Building a combined binary of `tailscale` and `tailscaled` + * Using the build option `--extra-small` + * Compressing the binary with UPX + + To use both programs, rename `tailscaled-OS-ARCH` to `tailscaled` and create a symbolic (`ln -sv tailscaled tailscale`) + token: ${{ secrets.GITHUB_TOKEN }} + draft: false + prerelease: false + allowupdates: true + artifacts: | + tailscaled-${{ matrix.os }}-${{ matrix.platform }} + tailscaled-${{ matrix.os }}-${{ matrix.platform }}.sha256 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..debdd46 --- /dev/null +++ b/.gitignore @@ -0,0 +1,24 @@ +source + +# https://github.com/github/gitignore/ + +# Vim.gitignore +# Swap +[._]*.s[a-v][a-z] +!*.svg # comment out if you don't need vector files +[._]*.sw[a-p] +[._]s[a-rt-v][a-z] +[._]ss[a-gi-z] +[._]sw[a-p] + +# Session +Session.vim +Sessionx.vim + +# Temporary +.netrwhist +*~ +# Auto-generated tag files +tags +# Persistent undo +[._]*.un~ diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..4814c92 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,93 @@ +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks +# cspell:ignore autofix shellcheck shfmt yamlfmt gitleaks unattend scrollback actionlint +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.5.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: check-yaml + - id: check-added-large-files + # non-default + - id: check-case-conflict + - id: check-executables-have-shebangs + - id: check-json + - id: check-merge-conflict + - id: check-shebang-scripts-are-executable + - id: check-symlinks + - id: check-toml + - id: check-xml + - id: detect-private-key + - id: mixed-line-ending + - id: pretty-format-json + args: ["--autofix"] + - repo: https://github.com/google/yamlfmt + rev: v0.11.0 + hooks: + - id: yamlfmt + - repo: https://github.com/koalaman/shellcheck-precommit + rev: v0.9.0 + hooks: + - id: shellcheck + args: ["--color=always", "--external-sources"] + types: ["executable", "file", "shell", "text"] + - repo: https://github.com/scop/pre-commit-shfmt + rev: v3.8.0-1 + hooks: + - id: shfmt + args: ["--diff", "--indent", "2", "--binary-next-line", "--space-redirects", "--case-indent"] + types: ["executable", "file", "shell", "text"] + exclude: "" + - repo: https://github.com/rhysd/actionlint + rev: v1.6.27 + hooks: + - id: actionlint + - repo: https://github.com/gitleaks/gitleaks + rev: v8.18.2 + hooks: + - id: gitleaks + args: ["--no-banner"] + - repo: https://github.com/amperser/proselint + rev: 0.13.0 + hooks: + - id: proselint + types: ["asciidoc", "file", "non-executable", "plain-text", "text"] + - repo: https://github.com/streetsidesoftware/cspell-cli + rev: v8.4.0 + hooks: + - id: cspell + additional_dependencies: + - "@cspell/dict-de-de" + - "@cspell/dict-vim" + - "@cspell/dict-win32" + args: + - "--locale" + - "en,en-US,de-DE" + - "--no-progress" + - "--no-summary" + # Include files and directories starting with '.' when matching + # globs. + - "--dot" + # Show the surrounding text around an issue. + - "--show-context" + # Ignore files matching glob patterns found in .gitignore files. + #- "--gitignore" + # For easier adding of words to dictionaries. + #- "--words-only" + #- "--unique" + # This might eventually be useful for some tricky issues. + #- "--verbose" + #- "--no-cache" + #- "--cache-reset" + # Not useful at all unless you are prepared to filter JSON output + # longer than your scrollback buffer. + #- "--debug" + types: ["file", "text"] + exclude: | + (?x)^( + \.gitignore| + \.proselintrc\.json| + ARCHIVE/goreleaser/.*\.yaml| + .*\.json + )$ diff --git a/.proselintrc.json b/.proselintrc.json new file mode 100644 index 0000000..a12486e --- /dev/null +++ b/.proselintrc.json @@ -0,0 +1,85 @@ +{ + "checks": { + "airlinese.misc": true, + "annotations.misc": false, + "archaism.misc": true, + "cliches.hell": true, + "cliches.misc": true, + "consistency.spacing": true, + "consistency.spelling": true, + "corporate_speak.misc": true, + "cursing.filth": true, + "cursing.nfl": false, + "cursing.nword": true, + "dates_times.am_pm": true, + "dates_times.dates": true, + "hedging.misc": true, + "hyperbole.misc": true, + "jargon.misc": true, + "lexical_illusions.misc": true, + "lgbtq.offensive_terms": true, + "lgbtq.terms": true, + "links.broken": false, + "malapropisms.misc": true, + "misc.apologizing": true, + "misc.back_formations": true, + "misc.bureaucratese": true, + "misc.but": true, + "misc.capitalization": true, + "misc.chatspeak": true, + "misc.commercialese": true, + "misc.composition": true, + "misc.currency": true, + "misc.debased": true, + "misc.false_plurals": true, + "misc.illogic": true, + "misc.inferior_superior": true, + "misc.institution_name": true, + "misc.latin": true, + "misc.many_a": true, + "misc.metaconcepts": true, + "misc.metadiscourse": true, + "misc.narcissism": true, + "misc.not_guilty": true, + "misc.phrasal_adjectives": true, + "misc.preferred_forms": true, + "misc.pretension": true, + "misc.professions": true, + "misc.punctuation": true, + "misc.scare_quotes": true, + "misc.suddenly": true, + "misc.tense_present": true, + "misc.waxed": true, + "misc.whence": true, + "mixed_metaphors.misc": true, + "mondegreens.misc": true, + "needless_variants.misc": true, + "nonwords.misc": true, + "oxymorons.misc": true, + "psychology.misc": true, + "redundancy.misc": true, + "redundancy.ras_syndrome": true, + "security.credit_card": true, + "security.password": true, + "sexism.misc": true, + "skunked_terms.misc": true, + "spelling.able_atable": true, + "spelling.able_ible": true, + "spelling.athletes": true, + "spelling.em_im_en_in": true, + "spelling.er_or": true, + "spelling.in_un": true, + "spelling.misc": true, + "terms.animal_adjectives": true, + "terms.denizen_labels": true, + "terms.eponymous_adjectives": true, + "terms.venery": true, + "typography.diacritical_marks": true, + "typography.exclamation": true, + "typography.symbols": false, + "uncomparables.misc": true, + "weasel_words.misc": true, + "weasel_words.very": true + }, + "max_errors": 1000 +} diff --git a/ARCHIVE/goreleaser/.goreleaser.yaml b/ARCHIVE/goreleaser/.goreleaser.yaml new file mode 100644 index 0000000..9997a44 --- /dev/null +++ b/ARCHIVE/goreleaser/.goreleaser.yaml @@ -0,0 +1,357 @@ +project_name: tailscale_small +#project_name: chezmoi + +upx: + - enabled: true + compress: best + lzma: true +before: + hooks: + # - assets/scripts/generate-commit.sh -o COMMIT + - go mod download all +builds: + #- id: chezmoi-cgo-glibc + # env: + # - CGO_ENABLED=1 + # goos: + # - linux + # goarch: + # - amd64 + # ldflags: + # - -s + # - -w + # - -X main.version={{ .Version }} + # - -X main.commit={{ .Commit }} + # - -X main.date={{ .Date }} + # - -X main.builtBy=goreleaser + #- id: chezmoi-cgo-musl + # env: + # - CC=/usr/bin/musl-gcc + # - CGO_ENABLED=1 + # goos: + # - linux + # goarch: + # - amd64 + # ldflags: + # - -s + # - -w + # - -X main.version={{ .Version }} + # - -X main.commit={{ .Commit }} + # - -X main.date={{ .Date }} + # - -X main.builtBy=goreleaser + # - -linkmode external + # - --extldflags "-static" + - env: + #- id: chezmoi-nocgo + # env: + # When CGO_ENABLED=0, Go code is compiled entirely using the Go toolchain + # without any C involvement. This can be useful in scenarios where you want + # to ensure that your Go code is completely self-contained and does not rely + # on any external C dependencies. + - CGO_ENABLED=0 + goos: + # - android + # - darwin + # - freebsd + - linux + # - openbsd + # - windows + goarch: + # - '386' + - amd64 + # - arm + # - arm64 + # - loong64 + # - mips64 + # - mips64le + # - ppc64 + # - ppc64le + # - riscv64 + # - s390x + goarm: + - '' + ldflags: + - -s + - -w + - -X main.version={{ .Version }} + - -X main.commit={{ .Commit }} + - -X main.date={{ .Date }} + - -X main.builtBy=goreleaser + ignore: + - goos: android + goarch: '386' + - goos: android + goarch: amd64 + - goos: android + goarch: arm + - goos: darwin + goarch: '386' + - goos: linux + goarch: amd64 + # TODO: added by me + #main: ./cmd/my-app + main: ./cmd/tailscaled +# This step simply creates archives from the builds = project_version_arch.tar.gz +archives: + # TODO: this is default? so leaving it out like in the original is better? + - format: tar.gz + #- builds: + builds: + # - chezmoi-cgo-glibc # Required for chezmoi upgrade for versions <= 2.0.5 + - chezmoi-nocgo + files: + - LICENSE + # - README.md + # - completions/* + # Customized to match Tailscale static binaries + name_template: >- + {{- .ProjectName }}_ {{- .Version }}_ {{ .Arch }} +# name_template: >- +# {{- .ProjectName }}_ +# {{- .Version }}_ +# {{- .Os }}_ +# {{- if eq .Arch "386" }}i386 +# {{- else if eq .Arch "mips64" }}mips64_hardfloat +# {{- else if eq .Arch "mips64le" }}mips64le_hardfloat +# {{- else }}{{ .Arch }}{{ end -}} +# format_overrides: +# - goos: windows +# format: zip +#- id: glibc +# builds: +# - chezmoi-cgo-glibc +# files: +# - LICENSE +## - README.md +## - completions/* +# name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}-glibc_{{ .Arch }}' +#- id: musl +# builds: +# - chezmoi-cgo-musl +# files: +# - LICENSE +# - README.md +# - completions/* +# name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}-musl_{{ .Arch }}' + +# TODO: do we need this? +#changelog: +# groups: +# - title: Features +# regexp: ^.*?feat(\([[:word:]]+\))??!?:.+$ +# order: 0 +# - title: Fixes +# regexp: ^.*?fix(\([[:word:]]+\))??!?:.+$ +# order: 1 +# - title: Documentation updates +# regexp: ^.*?docs?(\([[:word:]]+\))??!?:.+$ +# order: 2 +# - title: Other +# order: 999 +# filters: +# exclude: +# - ^.*?chore(\(.*\))??!?:.+$ +checksum: +# extra_files: +## - glob: ./dist/chezmoi-nocgo_darwin_amd64_v1/chezmoi +## name_template: chezmoi-darwin-amd64 +## - glob: ./dist/chezmoi-nocgo_darwin_arm64/chezmoi +## name_template: chezmoi-darwin-arm64 +# - glob: ./dist/chezmoi-cgo-glibc_linux_amd64_v1/chezmoi +# name_template: chezmoi-linux-amd64 +## - glob: ./dist/chezmoi-cgo-musl_linux_amd64_v1/chezmoi +## name_template: chezmoi-linux-amd64-musl +## - glob: ./dist/chezmoi-nocgo_windows_amd64_v1/chezmoi.exe +## name_template: chezmoi-windows-amd64.exe + +# FPM = Effing package management +# nFPM is Not FPM +#nfpms: +#- builds: +# - chezmoi-cgo-glibc +# - chezmoi-nocgo +# vendor: Tom Payne +# homepage: https://chezmoi.io/ +# maintainer: Tom Payne +# description: Manage your dotfiles across multiple diverse machines, securely. +# license: MIT +# formats: +# - archlinux +# - deb +# - rpm +# dependencies: +# - git +# bindir: /usr/bin +# overrides: +# deb: +# file_name_template: >- +# {{- .ProjectName }}_ +# {{- .Version }}_ +# {{- .Os }}_ +# {{- if eq .Arch "386" }}i386 +# {{- else if eq .Arch "arm" }}armel +# {{- else }}{{ .Arch }}{{ end -}} +# contents: +# - src: completions/chezmoi-completion.bash +# dst: /usr/share/bash-completion/completions/chezmoi +# - src: completions/chezmoi.fish +# dst: /usr/share/fish/vendor_completions.d/chezmoi.fish +# - src: completions/chezmoi.zsh +# dst: /usr/share/zsh/vendor-completions/_chezmoi +# rpm: +# file_name_template: >- +# {{- .ProjectName }}- +# {{- .Version }}- +# {{- if eq .Arch "amd64" }}x86_64 +# {{- else if eq .Arch "386" }}i686 +# {{- else if eq .Arch "arm" }}armhfp +# {{- else if eq .Arch "arm64" }}aarch64 +# {{- else }}{{ .Arch }}{{ end -}} +# contents: +# - src: completions/chezmoi-completion.bash +# dst: /usr/share/bash-completion/completions/chezmoi +# - src: completions/chezmoi.fish +# dst: /usr/share/fish/vendor_completions.d/chezmoi.fish +# - src: completions/chezmoi.zsh +# dst: /usr/share/zsh/site-functions/_chezmoi +#- id: apks +# builds: +# - chezmoi-cgo-musl +# - chezmoi-nocgo +# vendor: Tom Payne +# homepage: https://chezmoi.io/ +# maintainer: Tom Payne +# description: Manage your dotfiles across multiple diverse machines, securely. +# license: MIT +# formats: +# - apk +# bindir: /usr/bin + +#chocolateys: +#- owners: twpayne +# authors: Tom Payne +# project_url: https://chezmoi.io +# url_template: https://github.com/twpayne/chezmoi/releases/download/v{{ .Version }}/{{ .ArtifactName }} +# icon_url: https://github.com/twpayne/chezmoi/raw/master/assets/images/logo-144px.png +# copyright: Copyright © Tom Payne, 2018-2023 +# license_url: https://github.com/twpayne/chezmoi/blob/master/LICENSE +# project_source_url: https://github.com/twpayne/chezmoi +# docs_url: https://chezmoi.io +# bug_tracker_url: https://github.com/twpayne/chezmoi/issues +# tags: configuration dotfile dotfiles +# summary: Manage your dotfiles across multiple diverse machines, securely. +# description: | +# ## What does chezmoi do? +# +# chezmoi helps you manage your personal configuration files (dotfiles, like `~/.gitconfig`) across multiple machines. +# +# chezmoi is helpful if you have spent time customizing the tools you use (e.g. shells, editors, and version control systems) and want to keep machines running different accounts (e.g. home and work) and/or different operating systems (e.g. Linux, macOS, and Windows) in sync, while still being able to easily cope with differences from machine to machine. +# +# chezmoi scales from the trivial (e.g. copying a few dotfiles onto a Raspberry Pi, development container, or virtual machine) to complex long-lived multi-machine development environments (e.g. keeping any number of home and work, Linux, macOS, and Windows machines in sync). In all cases you only need to maintain a single source of truth (a single branch in git) and getting started only requires adding a single binary to your machine (which you can do with `curl`, `wget`, or `scp`). +# +# chezmoi has strong support for security, allowing you to manage secrets (e.g. passwords, access tokens, and private keys) securely and seamlessly using a password manager and/or encrypt whole files with your favorite encryption tool. +# release_notes: https://github.com/twpayne/chezmoi/releases/tag/v{{ .Version }} +# api_key: '{{ .Env.CHOCOLATEY_API_KEY }}' + +# TODO: is this correct? +release: + # TODO: THis needs to be changed if forked + # If no data is provided it will attempt to publish on the origin Tailscale + # repo (which is bad) and fail (blessing in disguise). + github: + owner: lwbt + name: ts_build_test +# extra_files: +# # TODO: Particularly this? +# #- glob: ./assets/cosign/cosign.pub +# # name_template: chezmoi_cosign.pub +## - glob: ./dist/chezmoi-nocgo_darwin_amd64_v1/chezmoi +## name_template: chezmoi-darwin-amd64 +## - glob: ./dist/chezmoi-nocgo_darwin_arm64/chezmoi +## name_template: chezmoi-darwin-arm64 +# - glob: ./dist/chezmoi-cgo-glibc_linux_amd64_v1/chezmoi +# name_template: chezmoi-linux-amd64 +## - glob: ./dist/chezmoi-cgo-musl_linux_amd64_v1/chezmoi +## name_template: chezmoi-linux-amd64-musl +## - glob: ./dist/chezmoi-nocgo_windows_amd64_v1/chezmoi.exe +## name_template: chezmoi-windows-amd64.exe + +#scoops: +#- repository: +# owner: twpayne +# name: scoop-bucket +# token: '{{ .Env.SCOOP_GITHUB_TOKEN }}' +# commit_author: +# name: Tom Payne +# email: twpayne@gmail.com +# homepage: https://chezmoi.io +# description: Manage your dotfiles across multiple diverse machines, securely. +# license: MIT + +#signs: +#- cmd: cosign +# stdin: '{{ .Env.COSIGN_PWD }}' +# args: +# - sign-blob +# - --key=assets/cosign/cosign.key +# - --output-signature=${signature} +# - --yes +# - ${artifact} +# artifacts: checksum + +#snapcrafts: +#- builds: +# - chezmoi-cgo-glibc +# - chezmoi-nocgo +# summary: Manage your dotfiles across multiple diverse machines, securely. +# description: Manage your dotfiles across multiple diverse machines, securely. +# publish: true +# grade: stable +# confinement: classic +# license: MIT +# apps: +# chezmoi: +# command: chezmoi +# completer: completions/chezmoi-completion.bash + +#source: +# enabled: true +# prefix_template: '{{ .ProjectName }}-{{ .Version }}/' +# files: +# - COMMIT + +#winget: +#- name: chezmoi +# publisher: twpayne +# publisher_url: https://github.com/twpayne +# short_description: Manage your dotfiles across multiple diverse machines, securely. +# license: MIT +# commit_author: +# name: Tom Payne +# email: twpayne@gmail.com +# homepage: https://chezmoi.io +# license_url: https://github.com/twpayne/chezmoi/blob/master/LICENSE +# copyright: Copyright (c) 2018-2023 Tom Payne +# release_notes: '{{ .Changelog }}' +# release_notes_url: https://github.com/twpayne/chezmoi/releases/tag/{{ .Tag }} +# tags: +# - cli +# - configuration +# - dotbot +# - dotfile +# - dotfiles +# - stow +# - yadm +# author: Tom Payne +# publisher_support_url: https://github.com/twpayne/chezmoi/issues +# repository: +# owner: twpayne +# name: winget-pkgs +# branch: chezmoi-{{ .Version }} +# token: '{{ .Env.WINGET_GITHUB_TOKEN }}' +# pull_request: +# enabled: true +# base: +# owner: microsoft +# name: winget-pkgs +# branch: master diff --git a/ARCHIVE/goreleaser/.goreleaser_ts_init.yaml b/ARCHIVE/goreleaser/.goreleaser_ts_init.yaml new file mode 100644 index 0000000..835ee03 --- /dev/null +++ b/ARCHIVE/goreleaser/.goreleaser_ts_init.yaml @@ -0,0 +1,39 @@ +# Generated with goreleaser init while in the cmd/tailscaled directory of the tailscale repository + +# This is an example .goreleaser.yml file with some sensible defaults. +# Make sure to check the documentation at https://goreleaser.com + +# The lines below are called `modelines`. See `:help modeline` +# Feel free to remove those if you don't want/need to use them. +# yaml-language-server: $schema=https://goreleaser.com/static/schema.json +# vim: set ts=2 sw=2 tw=0 fo=cnqoj + +version: 1 +before: + hooks: + # You may remove this if you don't use go modules. + - go mod tidy + # you may remove this if you don't need go generate + - go generate ./... +builds: + - env: + - CGO_ENABLED=0 + goos: + - linux + - windows + - darwin +archives: + - format: tar.gz + # this name template makes the OS and Arch compatible with the results of `uname`. + name_template: >- + {{ .ProjectName }}_ {{- title .Os }}_ {{- if eq .Arch "amd64" }}x86_64 {{- else if eq .Arch "386" }}i386 {{- else }}{{ .Arch }}{{ end }} {{- if .Arm }}v{{ .Arm }}{{ end }} + # use zip for windows archives + format_overrides: + - goos: windows + format: zip +changelog: + sort: asc + filters: + exclude: + - "^docs:" + - "^test:" diff --git a/ARCHIVE/goreleaser/README.adoc b/ARCHIVE/goreleaser/README.adoc new file mode 100644 index 0000000..25956d8 --- /dev/null +++ b/ARCHIVE/goreleaser/README.adoc @@ -0,0 +1,52 @@ += Small Tailscale Builds -- GoReleaser Experiment +:hide-uri-scheme: +// Enable keyboard macros +:experimental: +:toc: +:toclevels: 4 +:icons: font +:note-caption: ℹ️ +:tip-caption: 💡 +:warning-caption: ⚠️ +:caution-caption: 🔥 +:important-caption: ❗ + +== Overview + +This was my second attempt building the workflow and the first attempt using GoReleaser. +I have not gotten this to work yet, therefore I'm archiving it to start were I have left off when I decide to give this another try. + +`github_workflows_deployment.yaml` is meant to be saved under `.github/workflows/deployment.yaml`. + +== Work log / tasks completed + +* Ran `goreleaser init` and `goreleaser check` in `cmd/tailscaled` directory of + Tailscale source repository, as suggested by https://goreleaser.com/quick-start/ +** Result saved as `.goreleaser_ts_init.yaml` +* Put `main: ./cmd/tailscaled` under `builds:` to use `.goreleaser.yaml` in the + root of the Tailscale source repository, as suggested by + https://goreleaser.com/customization/builds/ +* Added section for UPX to `.goreleaser.yaml` +* Fetch and review `.goreleaser.yaml` from Chezmoi + +== Reference Code and Documentation + +Tailscale documentation and code: + +* https://github.com/tailscale/tailscale/blob/main/.github/workflows/test.yml#L110 +* https://github.com/tailscale/tailscale/blob/main/build_dist.sh[] -- The script you are supposed to use building binaries for distribution and playing fair with people in the community when other users ask questions +* Small Tailscale documentation page: https://tailscale.com/kb/1207/small-tailscale[] +* Static builds comparison: https://pkgs.tailscale.com/stable/#static[] + +A few selected projects using GoReleaser: + +* GitHub CLI (gh): https://github.com/cli/cli/blob/v2.47.0/.github/workflows/deployment.yml[] -- The cleanest example I found so far +* Chezmoi: https://github.com/twpayne/chezmoi/blob/master/.github/workflows/main.yml[] -- Does a lot more than I was looking for while not giving the answers to get what I was looking for. +** https://github.com/twpayne/chezmoi/blob/master/.goreleaser.yaml[] -- This is the file I used and trimmed down to get link:.goreleaser.yaml[] +* Gum: +** https://github.com/charmbracelet/gum/blob/main/.github/workflows/goreleaser.yml +** https://github.com/charmbracelet/meta/blob/main/.github/workflows/goreleaser.yml +** This was more complexity than expected, I was looking for a simple solution under 100 lines of code. +* GoReleaser +** https://goreleaser.com/ci/actions/ +** https://goreleaser.com/customization/upx/ diff --git a/ARCHIVE/goreleaser/github_workflows_deployment.yaml b/ARCHIVE/goreleaser/github_workflows_deployment.yaml new file mode 100644 index 0000000..43c069b --- /dev/null +++ b/ARCHIVE/goreleaser/github_workflows_deployment.yaml @@ -0,0 +1,126 @@ +name: Deployment +#run-name: ${{ inputs.tag_name }} / ${{ inputs.environment }} + +permissions: + contents: write +on: + workflow_dispatch: + inputs: + #tag_name: + # required: true + # type: string + #environment: + # default: production + # type: environment + platforms: + #default: "linux,macos,windows" + default: "linux" + type: string + release: + description: "Whether to create a GitHub Release" + type: boolean + default: true +jobs: + linux: + runs-on: ubuntu-latest + #environment: ${{ inputs.environment }} + if: contains(inputs.platforms, 'linux') + steps: + - name: Checkout .goreleaser.yaml + uses: actions/checkout@v4 + with: + sparse-checkout: | + .goreleaser.yaml + sparse-checkout-cone-mode: false + - name: Checkout + uses: actions/checkout@v4 + # Added by me + with: + repository: tailscale/tailscale + #fetch-depth: 0 + path: source + # Accoring to ChatGPT + - name: Check out the latest tag + run: | + cd source + git fetch --tags --quiet + latest_tag=$(git describe --tags $(git rev-list --tags --max-count=1)) + git checkout $latest_tag + # copy file + cp -v ../.goreleaser.yaml . + git config --global user.email "lwbt_pipeline@github.com" + git config --global user.name "lwbt" + git add .goreleaser.yaml + git commit --amend --no-edit + git tag -d $latest_tag + git tag $latest_tag + # - name: Copy .goreleaser.yaml + # run: | + # #ls -la + # #cp -v .goreleaser.yaml ./source/cmd/tailscaled/.goreleaser.yaml + # cp -v .goreleaser.yaml ./source/.goreleaser.yaml + # cd source + # git config --global user.email "lwbt_pipeline@github.com" + # git config --global user.name "lwbt" + # git add .goreleaser.yaml + # git commit --amend --no-edit + - name: Set up Go + uses: actions/setup-go@v5 + with: + #go-version-file: 'go.mod' + go-version: stable + - name: Install GoReleaser + uses: goreleaser/goreleaser-action@v5 + with: + #version: "~1.17.1" + version: latest + install-only: true + - name: Build release binaries + #env: + # TAG_NAME: ${{ inputs.tag_name }} + #run: script/release --local "$TAG_NAME" --platform linux + #run: ./build_dist.sh --extra-small --box ./cmd/tailscaled + run: | + cd source + #go run ./cmd/mkversion + #echo ${VERSION_LONG} + #echo ${VERSION_SHORT} + #ldflags="-X tailscale.com/version.longStamp=${VERSION_LONG} -X tailscale.com/version.shortStamp=${VERSION_SHORT}" + #tags="" + #ldflags="$ldflags -w -s" + #tags="${tags:+$tags,}ts_omit_aws,ts_omit_bird,ts_omit_tap,ts_omit_kube" + #tags="${tags:+$tags,}ts_include_cli" + #goreleaser check .goreleaser.yaml + goreleaser check + goreleaser healthcheck + goreleaser build + goreleaser release --clean --skip=validate -f .goreleaser.yaml + #goreleaser release --clean --skip=validate -f ./cmd/tailscaled/.goreleaser.yaml + # $go build ${tags:+-tags=$tags} -ldflags "$ldflags" ./cmd/tailscaled + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + #- name: Generate web manual pages + # run: | + # go run ./cmd/gen-docs --website --doc-path dist/manual + # tar -czvf dist/manual.tar.gz -C dist -- manual + - name: check + run: | + ls -la + cd source + ls -la + ls -la dist + ls -la cmd/tailscaled + - uses: actions/upload-artifact@v4 + with: + name: linux + if-no-files-found: error + retention-days: 7 + # path: . + path: | + source/dist/* +# source/dist/*.tar.gz +# path: | +# tailscaled +# dist/*.tar.gz +# # dist/*.rpm +# # dist/*.deb diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..394db19 --- /dev/null +++ b/LICENSE @@ -0,0 +1,28 @@ +BSD 3-Clause License + +Copyright (c) 2020 Tailscale Inc & AUTHORS. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/README.adoc b/README.adoc new file mode 100644 index 0000000..70379b5 --- /dev/null +++ b/README.adoc @@ -0,0 +1,100 @@ += Small Tailscale Builds +:hide-uri-scheme: +// Enable keyboard macros +:experimental: +:toc: +:toclevels: 4 +:icons: font +:note-caption: ℹ️ +:tip-caption: 💡 +:warning-caption: ⚠️ +:caution-caption: 🔥 +:important-caption: ❗ + +== Overview + +(Temporary) Project URL: https://github.com/lwbt/ts_build_test + +[NOTE] +==== +The entire functionality here is just one GitHub Actions Workflow file: + +link:.github/workflows/build.yaml[] +==== + +=== Motivation + +Provide automated builds of Tailscale as described in https://tailscale.com/kb/1207/small-tailscale[KB: Small Tailscale] for embedded devices. + +* Building a combined binary of `tailscale` and `tailscaled` +* Using the build option `--extra-small` +* Compressing the binary with UPX + +== Do it yourself + +=== Costs + +* https://github.com/settings/billing/summary[Billing Summary] -- Pipeline minutes and packages +* https://github.com/settings/billing/spending_limit[Spending Limits] -- By default it should have a spending limit of 0, so you will not get billed but the functionalities will stop working when exceeding a limit. I have to figure out by myself how much on an impact this has, a I currently interpret it, I won't hit the monthly pipeline minutes limit and outgoing data transfer for public packages seems to be free? + +Pipeline consumption: + +* You can run the check every hour which takes about 30 seconds +* If a build is created it will take about a total of 7 minutes, 2 minutes per architecture, and you will be "billed" 7 minutes, which means you will have 7 minutes left to use this month + +=== Notifications + +If you clone the repository and run the workflow on your account, you will +receive email from GitHub when a new release was created. You will also see +that, while the cron definition says run every hour at 00 Minutes, that a +runner will sometimes start and complete a few minutes later. + +=== Fork + +TODO + +=== Re-create + +Here are the basic individual steps if you don't want to fork: + +[source,bash] +---- +# Login to GitHub (necessary on the first run) +gh auth login -h github.com -p HTTPS -w + +# Create a new repo on GitHub +REPO="ts_build_test" +gh repo create ${REPO} --private + +# Verify that the new repo exists +gh repo list + +# TODO +# Do a git clone of the new repo here? GH already gives you the URL. + +# Create folder structure for workflows +mkdir -pv .github/workflows + +# TODO +# Do a git push of the new repo here? +---- + +=== Required Settings + +Setting -> Actions -> General -> Workflow permissions +-> "Read and write permissions" +(default: "Read repository contents and packages permissions") + +[source,bash] +---- +OWNER="lwbt" +REPO="ts_build_test" +gh api \ + --method PUT \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/${OWNER}/${REPO}/actions/permissions/workflow \ + -f default_workflow_permissions='write' +---- + +https://docs.github.com/en/rest/actions/permissions?apiVersion=2022-11-28#set-default-workflow-permissions-for-a-repository[Set default workflow permissions for a repository] diff --git a/SCRATCHPAD.adoc b/SCRATCHPAD.adoc new file mode 100644 index 0000000..1c71c76 --- /dev/null +++ b/SCRATCHPAD.adoc @@ -0,0 +1,145 @@ += Small Tailscale Builds -- Scratchpad +:hide-uri-scheme: +// Enable keyboard macros +:experimental: +:toc: +:toclevels: 4 +:icons: font +:note-caption: ℹ️ +:tip-caption: 💡 +:warning-caption: ⚠️ +:caution-caption: 🔥 +:important-caption: ❗ + +== Redo + +[quote] +____ +you are an expert devops engineer. i am an experienced linux administrator. i am concerned about code quality and security. + +TODO: how do i create a github action workflow to cross compile a golang binary on linux for amd64, arm64 and mips? +____ + +* [x] compress with upx +* [x] publish packages +* [x] add license file from origin +* [x] release notes, refer to: https://github.com/tailscale/tailscale/releases +* [x] how to abort/skip if there is no newer tag available? +* [x] add checksums +* remove older releases +* clean up workflow runs and releases: +** https://docs.github.com/en/rest/actions/workflow-runs?apiVersion=2022-11-28#delete-a-workflow-run +** https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#delete-a-release +** Delete a tag? +* how to manage cache? + +=== Clean up + +"write a script that uses gh to retrieve all tags for a given repo" +"delete releases, packages and tags" + +== Reference Code and Documentation + +Tailscale documentation and code: + +* https://github.com/tailscale/tailscale/blob/main/.github/workflows/test.yml#L110 +* https://github.com/tailscale/tailscale/blob/main/build_dist.sh[] -- The script you are supposed to use building binaries for distribution and playing fair with people in the community when other users ask questions +* Small Tailscale documentation page: https://tailscale.com/kb/1207/small-tailscale[] +* Static builds comparison: https://pkgs.tailscale.com/stable/#static[] + +A few selected projects: + +* Syncthing: https://github.com/syncthing/syncthing/blob/main/.github/workflows/build-syncthing.yaml[] -- Does not use GoReleaser + +GitHub Actions: + +* https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#environment-files + +== How to trigger manually? + +**Use option 3 from below.** Needs 2. to be present. I wrote `run-trigger.sh` for this. + +[NOTE] +==== + +[%collapsible] +===== + +To manually trigger a build with the provided YAML file, you have a few options: + +1. **GitHub Actions Web UI**: + - Navigate to your repository on GitHub. + - Go to the "Actions" tab. + - Find the workflow you want to trigger under "All workflows" or "Recent workflows". + - Click on the workflow name. + - On the right-hand side, there should be a "Run workflow" button. Click on it, and you'll be prompted to select the branch and enter any necessary inputs. + +2. **Create a Dispatch Event**: + - Modify your YAML file to include a workflow_dispatch trigger. + - This trigger allows you to manually trigger a workflow using the GitHub API or the GitHub UI. + - Add the following lines under the `on` section in your YAML file: + + ```yaml + on: + workflow_dispatch: + ``` + + - Commit and push the changes to your repository. + - Now, you should see a "Run workflow" button on the Actions tab next to your workflow. Clicking this button allows you to manually trigger a build. + +3. **GitHub CLI (gh)**: + - You can also use the GitHub CLI (`gh`) to trigger a workflow manually. + - Install `gh` if you haven't already done so. + - Run the following command in your terminal: + + ``` + gh workflow run .yaml + ``` + + - Replace `.yaml` with the path to your YAML file. + - This command will prompt you to select the branch and enter any necessary inputs. + +Choose the method that best fits your workflow and preferences. +===== +==== + + +== Notes + +// cspell:ignore gorhill pbatard libxz Terraforms uncompress + +If started from script delete/empty version file and update/overwrite release. + +TS keep the last 5 releases +AGH keep the last 3 releases + +Why do you build Tailscale from source while you only compress AGH? + +I'm doing what is necessary. For Tailscale that requires building with "Small Tailscale" options and building a combined single binary. AGH is a single binary, and I have not looked for and found any advice how to further reduce file size without sacrificing functionality. So more than compressing with UPX is is not necessary and it should enable the end of user to verify that the binaries have not been modified beyond compressing with UPX. + +--- + +As this may cause inconsistencies in download and usage metrics of your software, I wanted to inform you about this and also ask to consider offering such downloads for users of your software by yourself. + +--- + +If the processes here break the software, I won't be able to fix it. Enjoy the ride and space savings on your routers while it works. When it stops working you have to go back to the larger versions. It's that simple. + +gorhill & pbatard + +I was concerned about supply chain attacks before libxz, and I'm even more concerned now. + +While not everyone has the capability to maintain the code for this workflow, I tried to keep it as small and light on resources as possible. + +I don't want your bug report and issues, my intention is not to add new and possibly dangerous features, my intention only was to have a means to get the smallest possible binaries for space constrained platforms from a solution that has already been documented in the public before. As a perfectionist, I would prefer doing rigor software testing and scanning for security vulnerabilities as is done in the Tailscale public repository and a few other community repositories that come to my mind. But as someone who does not make any money from this and who isn't asking for money, I kindly ask others to pick up what I started here if there is a need for this. + +Ideally Tailscale or router manufacturers pick this up and put it in a public space, offering such builds from a trusted source with recent releases. + +My focus is not to provide a competing and potentially harmful offering to Tailscale or router manufacturers firmware. Take I look at the happenings around Terraforms license change and the creation of the Open Tofu fork. If someone claims that I do such a thing I have to stop offering these builds and you have to get the normal builds or fork this repository to build your own. + +I'm not providing uncompressed binaries. My reasoning for this is that I think that UPX compression is not lossy or destructive, which should imply that you get the same binary back when you uncompress the binary with UPX as if you had not compressed it in the first place. + +References: +Link to UPX and small Tailscale issue. +Link to documentation. +Link to Open Tofu announcement. diff --git a/project-words.txt b/project-words.txt new file mode 100644 index 0000000..9b0ebe3 --- /dev/null +++ b/project-words.txt @@ -0,0 +1,21 @@ +# AsciiDoc +toclevels + +# Names +Chezmoi +Syncthing +Tailscale +github +lwbt +tailscale +tailscaled + +# YAML +GITHUB +GOARCH +allowupdates +goreleaser +linux +lzma +mips +ncipollo diff --git a/run-trigger.sh b/run-trigger.sh new file mode 100755 index 0000000..551318a --- /dev/null +++ b/run-trigger.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +#workflow="deployment" +workflow="build" +gh workflow run ".github/workflows/${workflow}.yaml" +sleep 10 +gh run list --workflow="${workflow}.yaml"