CI: Travis -> GitHub Actions; Create Release Binaries and Container Images

.dockerignore

@@ -1,3 +1,2 @@
-.git
-pebble.exe
-pebble
+/pebble
+/pebble.exe

.github/workflows/checks.yml

@@ -1,53 +1,48 @@
 name: Checks
-
+# Run on push to main and any pull request.
 on:
   push:
     branches:
       - main
   pull_request:
-
 permissions:
+  checks: write # Allow write access to checks to allow annotation of code in the PR.
   contents: read
   pull-requests: read
-
+env:
+  CGO_ENABLED: 0
+  GO_VERSION: stable
+  GOLANGCI_LINT_VERSION: v1.56.2
+  SHELLCHECK_SCRIPTS: ./*.sh
 jobs:
-
-  checks:
-    name: Check Process
+  go-lint-checks:
     runs-on: ubuntu-latest
-    env:
-      GO_VERSION: oldstable
-      GOLANGCI_LINT_VERSION: v1.56.2
-      CGO_ENABLED: 0
-
     steps:
-
-      - name: Check out code
-        uses: actions/checkout@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
         with:
-          fetch-depth: 0
-
-      - name: Set up Go
-        uses: actions/setup-go@v5
+          go-version: ${{ env.GO_VERSION }}
+      - name: Run GolangCI-Lint
+        uses: golangci/golangci-lint-action@v4
+        with:
+          # skip cache because of flaky behaviors
+          skip-build-cache: true
+          skip-pkg-cache: true
+          version: ${{ env.GOLANGCI_LINT_VERSION }}
+  go-mod-checks:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
-
-      - name: Check and get dependencies
+      - name: Check if go.mod is tidy
         run: |
           go mod tidy
-          git diff --exit-code go.mod
-          git diff --exit-code go.sum
-
-      - name: vendoring
-        run: go mod vendor
-
-      - name: vendoring diff
-        run: git diff --exit-code vendor/
-
-      # https://golangci-lint.run/usage/install#other-ci
-      - name: Install golangci-lint ${{ env.GOLANGCI_LINT_VERSION }}
+          git diff --exit-code go.mod go.sum ||
+            (echo "::error::go.mod and go.sum need to be tidy" && exit 1)
+      - name: Check if vendor directory is up to date
         run: |
-          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
-          golangci-lint run
-
-
+          go mod vendor
+          git diff --exit-code vendor ||
+            (echo "::error::vendor directory needs to be updated" && exit 1)

.github/workflows/go-cross.yml

@@ -1,38 +1,34 @@
-name: Go Matrix
+name: Go Build Matrix
 on:
   push:
     branches:
       - main
   pull_request:
-
 permissions:
   contents: read
   pull-requests: read
-
 jobs:
-
   cross:
-    name: Build
+    name: Build on ${{ matrix.os }} with Go ${{ matrix.go-version }}
     runs-on: ${{ matrix.os }}
     env:
       CGO_ENABLED: 0
-
     strategy:
       matrix:
-        go-version: [ oldstable, stable ]
-        os: [ubuntu-latest, macos-latest, windows-latest]
-
+        go-version:
+          - oldstable
+          - stable
+        os:
+          - ubuntu-latest
+          - macos-14 # M1 runners
+          - macos-latest
+          - windows-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
           go-version: ${{ matrix.go-version }}
-
-      - name: Build pebble
-        run: go build -v -ldflags "-s -w" -trimpath -o pebble ./cmd/pebble
-
-      - name: Build pebble-challtestsrv
-        run: go build -v -ldflags "-s -w" -trimpath -o pebble-challtestsrv ./cmd/pebble-challtestsrv
+      - name: Build the module
+        run: go build -v ./...

.github/workflows/release.yml

@@ -0,0 +1,157 @@
+name: Build Release
+# Run on semver tags.
+on:
+  push:
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+permissions:
+  contents: read
+  packages: write # Allow docker/build-push-action to publish to GitHub Container Registry
+env:
+  DOCKER_PLATFORMS: linux/amd64, linux/arm64, windows/amd64
+  DOCKER_IMAGE_BASENAME: ghcr.io/${{ github.repository_owner }}
+jobs:
+  go-build:
+    env:
+      CGO_ENABLED: 0
+      GOARCH: ${{ matrix.go-arch }}
+      GOOS: ${{ matrix.go-os }}
+      LDFLAGS: -s -w -X 'main.version=${{ github.ref_name }} (${{ github.sha }})'
+      OUTPUTDIR: /tmp/dist/${{ matrix.go-os }}/${{ matrix.go-arch }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        app:
+          - pebble
+          - pebble-challtestsrv
+        go-arch:
+          - amd64
+          - arm64
+        go-os:
+          - darwin
+          - linux
+          - windows
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          check-latest: true
+          go-version-file: go.mod
+      - name: Build ${{ matrix.app }} for ${{ matrix.go-os }}/${{ matrix.go-arch }}
+        run: |
+          go build \
+            -ldflags="${LDFLAGS}" \
+            -o "${OUTPUTDIR}/" \
+            -trimpath \
+            -v \
+            ./cmd/${{ matrix.app }}
+      - name: Display ${{ matrix.app }} artifacts
+        run: tree /tmp/dist
+      - name: Store ${{ matrix.app }} artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.app }}-${{ matrix.go-os }}-${{ matrix.go-arch }}
+          path: /tmp/dist
+  docker-build:
+    needs:
+      - go-build
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        app:
+          - pebble
+          - pebble-challtestsrv
+    steps:
+      - uses: actions/checkout@v4
+      - name: Download ${{ matrix.app }} artifacts
+        uses: actions/download-artifact@v4
+        with:
+          merge-multiple: true
+          path: /tmp/dist
+          pattern: ${{ matrix.app }}-*-*
+      - name: Display ${{ matrix.app }} artifacts
+        run: tree /tmp/dist
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.DOCKER_IMAGE_BASENAME }}/${{ matrix.app }}
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{version}}
+            type=sha
+            type=raw,value=latest
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push ${{ github.repository }}/${{ matrix.app }} for ${{ env.DOCKER_PLATFORMS }}
+        uses: docker/build-push-action@v5
+        with:
+          build-args: APP=${{ matrix.app }}
+          build-contexts: dist-files=/tmp/dist
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          file: Dockerfile.release
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: ${{ env.DOCKER_PLATFORMS }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+  docker-version:
+    needs:
+      - docker-build
+    runs-on: ${{ matrix.docker-os }}
+    strategy:
+      matrix:
+        docker-os:
+          - ubuntu-latest
+          - windows-latest
+    steps:
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Display pebble version in container image
+        run: docker run ${{ env.DOCKER_IMAGE_BASENAME }}/pebble:latest -version
+  create-release:
+    needs:
+      - go-build
+    permissions:
+      contents: write # Allow creation of a release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+      - name: Display build artifacts
+        run: tree .
+      - name: Create release
+        # https://cli.github.com/manual/gh_release_create
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        run: |
+          gh release create ${{ github.ref_name }} \
+            --repo ${{ github.repository }} \
+            --title "${{ github.ref_name }}" \
+            --verify-tag
+        continue-on-error: true
+      - name: Upload release files
+        # https://cli.github.com/manual/gh_release_upload
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        run: |
+          for artifact in *; do
+            tar czf ${artifact}.tar.gz ${artifact}
+            zip -r ${artifact}.zip ${artifact}
+            gh release upload ${{ github.ref_name }} ${artifact}.* \
+              --repo ${{ github.repository }};
+          done