Add hcloud-cli package

.github/auto-label.yml

@@ -167,6 +167,9 @@ vendor/grpcurl:
 vendor/hcledit:
 - any: ["vendor/hcledit/**"]
   all: ["!bin/**", "!tasks/**"]
+vendor/hcloud:
+- any: ["vendor/hcloud/**"]
+  all: ["!bin/**", "!tasks/**"]
 vendor/helm:
 - any: ["vendor/helm/**"]
   all: ["!bin/**", "!tasks/**"]

.github/workflows/auto-update-packages.yml

@@ -63,6 +63,7 @@ jobs:
         - gosu
         - grpcurl
         - hcledit
+        - hcloud
         - helm
         - helm2
         - helm3

.github/workflows/hcloud.yml

@@ -0,0 +1,266 @@
+#
+# This workflow was created automatically from the `package-template.yml` by running `make -C .github workflows`
+# DO NOT EDIT THIS WORKFLOW, changes will be lost on the next update.
+#
+
+name: "hcloud"
+concurrency:
+  group: ${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }} (${{ inputs.package_version_override || 'LATEST' }}_r${{ inputs.release_number_override || '0' }})
+  cancel-in-progress: true
+on:
+  push:
+    branches:
+      - main
+
+    paths:
+      - apk/**
+      - deb/**
+      - rpm/**
+      - tasks/**
+      - vendor/hcloud/**
+      # Do not automatically trigger a build when the workflow file is changed, because we often make mass updates.
+      # If we need to run all the workflows, we can just uncomment the line below and make new workflows.
+      # - .github/workflows/hcloud.yml
+
+
+  pull_request:
+    types: [opened, synchronize, reopened]
+    # Include '[no ci]' in the commit message to keep the workflow from running on that commit in the PR.
+    paths:
+      - apk/**
+      - deb/**
+      - rpm/**
+      - tasks/**
+      - vendor/hcloud/**
+      - .github/workflows/hcloud.yml
+
+  workflow_dispatch:
+    inputs:
+      package_version_override:
+        description: 'Version of hcloud package to build. Defaults to vendor/hcloud/VERSION.'
+        required: false
+        type: string
+      release_number_override:
+        description: 'Zero-based release number of hcloud package to publish. Defaults to 0 (zero) when version is specified, ignored if not.'
+        required: false
+        type: string
+
+env:
+  hcloud_VERSION: ${{ inputs.package_version_override }}
+  hcloud_RELEASE: ${{ inputs.release_number_override }}
+
+permissions:
+  contents: read
+  packages: write
+  attestations: write
+  id-token: write
+
+jobs:
+  # Mergify cannot distinguish between 2 jobs with the same name run from different workflows,
+  # so each job must have a unique name for the rules to work properly.
+  # See https://github.com/Mergifyio/mergify/discussions/5082
+  # and https://github.com/Mergifyio/mergify/issues/5083
+  matrix-hcloud:
+    if: github.event_name != 'schedule'
+    runs-on: ubuntu-latest
+    outputs:
+      package-enabled: ${{ steps.info.outputs.package_enabled }}
+      package-matrix:  ${{steps.info.outputs.package_matrix}}
+      arch-matrix:  ${{steps.info.outputs.arch_matrix}}
+      apk-enabled: ${{ steps.info.outputs.package_enabled == 'true' && steps.info.outputs.apk_package_enabled == 'true' }}
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Export package build matrix
+      shell: bash
+      id: info
+      env:
+        GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+      run: |
+        echo setting ouputs
+        make -C vendor/hcloud info/github
+        echo
+        echo outputs set
+
+
+  # Build for alpine linux
+  # Kept separate because it is old and slightly different from the other package builds
+  alpine-hcloud:
+    needs: matrix-hcloud
+    if: github.event_name != 'schedule' && needs.matrix-hcloud.outputs.apk-enabled != 'false'
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # These versions must be strings. E.g. Otherwise `3.10` -> `3.1`
+        alpine:
+          # Now that we are just building 1 binary for all distributions, we do not
+          # need to track which distribution we are building on.
+          - 'alpine'
+    env:
+      APK_KEY_RSA: "${{ secrets.APK_KEY_RSA }}"
+      APK_PACKAGES_PATH: ${{github.workspace}}/artifacts/${{matrix.alpine}}
+      PACKAGER: [email protected]
+      PACKAGER_PRIVKEY: /dev/shm/[email protected]
+      PACKAGER_PUBKEY: ${{github.workspace}}/artifacts/[email protected]
+
+    container:
+      image: ghcr.io/cloudposse/packages-apkbuild:${{matrix.alpine}}
+      credentials:
+        username: ${{ github.actor }}
+        password: "${{ secrets.GITHUB_TOKEN }}"
+
+    steps:
+      # Checkout the packages repo so we can build the packages as a monorepo
+      - name: "Checkout source code at current commit"
+        uses: actions/checkout@v4
+
+      # Export the apk keys as files from secrets
+      - name: "Export keys"
+        run: "make -C .github/ export"
+
+      # Build the alpine packages for the matrix version of alpine
+      - name: "Build alpine packages"
+        run: "make -C vendor/${{github.workflow}} apk"
+
+      # Verify the packages were built or error
+      - name: "List packages"
+        run: 'find ${APK_PACKAGES_PATH} -type f -name \*.apk | xargs --no-run-if-empty ls -l | grep .'
+
+      # Export the artifact filename including path.
+      # Path must be relative to workdir for Cloudsmith action to be able to find it.
+      - name: "Set output path to artifact"
+        id: artifact
+        shell: bash
+        run: |
+          artifact=$(find artifacts/${{matrix.alpine}} -type f -name \*.apk)
+          echo "path=$artifact" | tee -a $GITHUB_OUTPUT
+
+      # Determine which package organization we should use (e.g. dev or prod)
+      - name: "Determine package repo"
+        shell: bash
+        id: repo
+        run: |
+          if [[ ${GITHUB_REF} == 'refs/heads/main' ]]; then
+              echo "org=${{github.repository_owner}}" | tee -a $GITHUB_OUTPUT
+          else
+              echo "org=${{github.repository_owner}}-dev" | tee -a $GITHUB_OUTPUT
+          fi
+        env:
+          GITHUB_REF: ${{ github.ref }}
+
+      # Publish the artifacts
+      - name: "Push artifact to package repository"
+        uses: cloudsmith-io/[email protected]
+        with:
+          api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
+          command: 'push'
+          format: 'alpine'
+          owner: '${{steps.repo.outputs.org}}'              # Your Cloudsmith account name or org name (namespace)
+          repo: 'packages'                                  # Your Cloudsmith Repository name (slug)
+          distro: 'alpine'                                  # Your Distribution  (i.e debian, ubuntu, alpine)
+          release: 'any-version'                            # Use "any-version" if your package is compatible with more than one version of alpine linux
+          republish: 'true'                                 # Needed if version is not changing
+          file: '${{steps.artifact.outputs.path}}'          # Package filename (including path)
+          no-wait-for-sync: 'true'                          # Skip the waiting for package synchronisation (i.e. upload only)
+
+  # Build packages with fpm package manager
+  package-hcloud:
+    needs: matrix-hcloud
+    # Should not be needed, but without these conditions, this job would fail with an error if the matrix is []
+    # and would run with package-type empty if matrix is ["apk"]
+    if: >
+      github.event_name != 'schedule' && needs.matrix-hcloud.outputs.package-enabled != 'false'
+      && needs.matrix-hcloud.outputs.package-matrix != '[]' && needs.matrix-hcloud.outputs.package-matrix != '["apk"]'
+
+    strategy:
+      matrix:
+        package-type: ${{ fromJSON(needs.matrix-hcloud.outputs.package-matrix) }}
+        arch: ${{ fromJSON(needs.matrix-hcloud.outputs.arch-matrix) }}
+        exclude:
+        - package-type: 'apk'
+        include:
+        # Default value for runs-on. Original matrix values will not be overridden, but added ones (like runs-on) can be.
+        # See https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#expanding-or-adding-matrix-configurations
+        - runs-on: "self-hosted-arm64-large"
+        # By including `arch: amd64` here, we override the `runs-on` value when the matrix `arch` is `amd64`.
+        # This also forces the matrix to include `arch: amd64` even if it is not in the original matrix.
+        # This is why we do not default for amd64 and then override for arm64. (Because it would force arm64 to be included, and some tools are not available for arm64.)
+        - arch: amd64
+          runs-on: "ubuntu-latest"
+    runs-on: ${{ matrix.runs-on }}
+    env:
+      # We are in a bit of a bind here because of how GitHub actions work as of 2020-11-19
+      # Although the "workspace" is mounted to the container, it is not mounted
+      # at `/github/workspace` or ${{github.workspace}}, although through some
+      # mechanism, an environment variable whose value starts with ${{github.workspace}}
+      # will have ${{github.workspace}} replaced with the correct mount point.
+      #
+      # We need an absolute path for the package build system, since every build happens
+      # in a different directory, but because the mount point changes, we also
+      # need a path relative to the initial working directory to communicate between
+      # the package building container and the cloudsmith action.
+      PACKAGES_PATH: ${{github.workspace}}/artifacts/${{matrix.package-type}}/any-version
+      PACKAGE_RELPATH: artifacts/${{matrix.package-type}}/any-version
+
+    # Unfortunately, there is no reasonable way to configure the docker image tag based on the package-type
+    container:
+      image: ghcr.io/cloudposse/packages-${{matrix.package-type}}build:latest
+      credentials:
+        username: "${{ github.actor }}"
+        password: "${{ secrets.GITHUB_TOKEN }}"
+
+    steps:
+      # Checkout the packages repo so we can build the packages as a monorepo
+      - name: "Checkout source code at current commit"
+        uses: actions/checkout@v4
+
+      # Build the packages for the matrix version
+      - name: "Build ${{matrix.package-type}} packages"
+        shell: bash
+        run: |
+          echo Current directory is $(pwd)
+          [[ $PACKAGES_PATH =~ ^$(pwd) ]] || { echo Package dir \"$PACKAGES_PATH\" not beneath workdir \"$(pwd)\" >&2; exit 1; }
+          make -C vendor/${{github.workflow}} ${{matrix.package-type}}
+
+      # Export the artifact filename including path
+      - name: "Set output path to artifact"
+        id: artifact
+        shell: bash
+        run: |
+          [[ -n $PACKAGE_RELPATH ]] || { echo Error: PACKAGE_RELPATH is not set >&2; exit 1; }
+          packages=($(find ${PACKAGE_RELPATH} -type f -name \*.${{matrix.package-type}}))
+          echo List packages found:
+          printf "%s\n" "${packages[@]}" | xargs --no-run-if-empty ls -l
+          echo Error if not exactly 1 package found
+          (( ${#packages[@]} == 1 )) || { echo "Error: other than 1 package found (${#packages[@]})" >&2; exit 1; }
+
+          echo "setting output"
+          echo "path=$packages" | tee -a $GITHUB_OUTPUT
+
+      # Determine which package organization we should use (e.g. dev or prod)
+      - name: "Determine package repo"
+        shell: bash
+        id: repo
+        run: |
+          if [[ ${GITHUB_REF} == 'refs/heads/main' ]]; then
+              echo "org=${{github.repository_owner}}" | tee -a $GITHUB_OUTPUT
+          else
+              echo "org=${{github.repository_owner}}-dev" | tee -a $GITHUB_OUTPUT
+          fi
+        env:
+          GITHUB_REF: ${{ github.ref }}
+
+      # Publish the artifacts
+      - name: "Push artifact to package repository"
+        uses: cloudsmith-io/[email protected]
+        with:
+          api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
+          command: 'push'
+          format: '${{matrix.package-type}}'
+          owner: '${{steps.repo.outputs.org}}'              # Your Cloudsmith account name or org name (namespace)
+          repo: 'packages'                                  # Your Cloudsmith Repository name (slug)
+          distro: 'any-distro'                              # Use "any-distro" since our package is compatible with more than more distribution
+          release: 'any-version'                            # Use "any-version" since our package is compatible with more than more version
+          republish: 'true'                                 # Needed if version is not changing
+          file: '${{steps.artifact.outputs.path}}'          # Package filename (including path)
+          no-wait-for-sync: 'true'                          # Skip the waiting for package synchronisation (i.e. upload only)

README.md

@@ -344,8 +344,8 @@ Here are some solutions to several common problems that may occur when adding a
 [![chamber](https://github.com/cloudposse/packages/actions/workflows/chamber.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Achamber) | 3.1.1      | CLI for managing secrets
 [![cilium-cli](https://github.com/cloudposse/packages/actions/workflows/cilium-cli.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acilium-cli) | 0.16.24    | CLI to install, manage & troubleshoot Kubernetes clusters running Cilium
 [![cli53](https://github.com/cloudposse/packages/actions/workflows/cli53.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acli53) | 0.8.23     | Command line tool for Amazon Route 53
-[![cloud-nuke](https://github.com/cloudposse/packages/actions/workflows/cloud-nuke.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acloud-nuke) | 0.38.1     | Tool for wiping an aws account DANGER absolutely do not use in production
 [![cloudflared](https://github.com/cloudposse/packages/actions/workflows/cloudflared.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acloudflared) | 2025.1.1   | Argo Tunnel client
+[![cloud-nuke](https://github.com/cloudposse/packages/actions/workflows/cloud-nuke.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acloud-nuke) | 0.38.1     | Tool for wiping an aws account DANGER absolutely do not use in production
 [![codefresh](https://github.com/cloudposse/packages/actions/workflows/codefresh.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Acodefresh)* | 0.88.5     | Codefresh CLI
 [![conftest](https://github.com/cloudposse/packages/actions/workflows/conftest.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Aconftest) | 0.56.0     | Test your configuration files using Open Policy Agent
 consul \[frozen\] | 1.16.4     | Hashicorp consul
@@ -373,6 +373,7 @@ consul \[frozen\] | 1.16.4     | Hashicorp consul
 gotop \[frozen\] | 3.0.0      | A terminal based graphical activity monitor inspired by gtop and vtop
 [![grpcurl](https://github.com/cloudposse/packages/actions/workflows/grpcurl.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Agrpcurl) | 1.9.2      | Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers
 [![hcledit](https://github.com/cloudposse/packages/actions/workflows/hcledit.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Ahcledit) | 0.2.15     | A command line editor for HCL
+[![hcloud](https://github.com/cloudposse/packages/actions/workflows/hcloud.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Ahcloud) | 1.50.0     | A command-line interface for Hetzner Cloud
 [![helm](https://github.com/cloudposse/packages/actions/workflows/helm.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Ahelm) | 3.17.0     | The Kubernetes Package Manager
 [![helm2](https://github.com/cloudposse/packages/actions/workflows/helm2.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Ahelm2) | 2.17.0     | The Kubernetes Package Manager
 [![helm3](https://github.com/cloudposse/packages/actions/workflows/helm3.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Ahelm3) | 3.17.0     | The Kubernetes Package Manager
@@ -448,17 +449,17 @@ teleport-4.4* \[frozen\] | 4.4.12     | Privileged access management for elastic
 teleport-5.0* \[frozen\] | 5.0.2      | Secure Access for Developers that doesn't get in the way.
 terraform \[frozen\] | 1.5.7      | Terraform is a tool for building, changing, and combining infrastructure safely and efficiently.
 terraform-0.11 \[frozen\] | 0.11.15    | Terraform is a tool for building, changing, and combining infrastructure safely and efficiently.
+terraform_0.11 \[frozen\] | 0.11.15    | Terraform (Deprecated package. Use terraform-0.11 instead)
 terraform-0.12 \[frozen\] | 0.12.31    | Terraform is a tool for building, changing, and combining infrastructure safely and efficiently.
+terraform_0.12 \[frozen\] | 0.12.31    | Terraform (Deprecated package. Use terraform-0.12 instead)
 terraform-0.13 \[frozen\] | 0.13.7     | Terraform is a tool for building, changing, and combining infrastructure safely and efficiently.
+terraform_0.13 \[frozen\] | 0.13.7     | Terraform (Deprecated package. Use terraform-0.13 instead)
 [![terraform-0.14](https://github.com/cloudposse/packages/actions/workflows/terraform-0.14.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Aterraform-0.14) | 0.14.11    | Terraform is a tool for building, changing, and combining infrastructure safely and efficiently.
 [![terraform-0.15](https://github.com/cloudposse/packages/actions/workflows/terraform-0.15.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Aterraform-0.15) | 0.15.5     | Terraform is a tool for building, changing, and combining infrastructure safely and efficiently.
 terraform-1 \[frozen\] | 1.5.7      | Terraform enables you to safely and predictably create, change, and improve infrastructure.
 [![terraform-config-inspect](https://github.com/cloudposse/packages/actions/workflows/terraform-config-inspect.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Aterraform-config-inspect) | <details><summary>show</summary>0.0.20241129133400+gitc404f8227ea6</details> | A helper library for shallow inspection of Terraform configurations
 [![terraform-docs](https://github.com/cloudposse/packages/actions/workflows/terraform-docs.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Aterraform-docs) | 0.19.0     | Generate docs from terraform modules
 [![terraform-module-versions](https://github.com/cloudposse/packages/actions/workflows/terraform-module-versions.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Aterraform-module-versions) | 3.1.13     | CLI tool that checks Terraform code for module updates. Single binary, no dependencies. linux, osx, windows.
-terraform_0.11 \[frozen\] | 0.11.15    | Terraform (Deprecated package. Use terraform-0.11 instead)
-terraform_0.12 \[frozen\] | 0.12.31    | Terraform (Deprecated package. Use terraform-0.12 instead)
-terraform_0.13 \[frozen\] | 0.13.7     | Terraform (Deprecated package. Use terraform-0.13 instead)
 [![terragrunt](https://github.com/cloudposse/packages/actions/workflows/terragrunt.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Aterragrunt) | 0.72.5     | Terragrunt is a thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules.
 [![terrahelp](https://github.com/cloudposse/packages/actions/workflows/terrahelp.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Aterrahelp) | 0.7.5      | Terrahelp is as a command line utility that provides useful tricks like masking of terraform output.
 [![tflint](https://github.com/cloudposse/packages/actions/workflows/tflint.yml/badge.svg?branch=main)](https://github.com/cloudposse/packages/actions?query=workflow%3Atflint) | 0.55.0     | A Pluggable Terraform Linter