From db1d1443cfb93b0fea8dc2c3fbcf13bb15e21fcc Mon Sep 17 00:00:00 2001
From: Jerry Jacobs <jerry.jacobs@xor-gate.org>
Date: Fri, 26 Jul 2024 08:57:53 +0200
Subject: [PATCH] Initial release production build with github actions for
 Darwin AMD64 and Windows AMD64

---
 .github/workflows/build.yml | 44 +++++++++++++++++++++++--------------
 .gitignore                  |  4 +++-
 Makefile                    | 15 +++++++++----
 docs/release-management.md  |  8 +++++++
 4 files changed, 50 insertions(+), 21 deletions(-)
 create mode 100644 docs/release-management.md

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d5b3bd7..844ef71 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,5 +1,4 @@
-name: GitHub Actions Demo
-run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
+name: Build go-socks5-ssh-proxy 
 
 on:
   pull_request:
@@ -13,28 +12,41 @@ env:
   # The go version to use for builds. We set check-latest to true when
   # installing, so we get the latest patch version that matches the
   # expression.
-  GO_VERSION: "~1.22.3"
+  GO_VERSION: "~1.22.5"
 
 jobs:
-  Explore-GitHub-Actions:
+  build-release:
+    name: Build release
+    environment: prod
     runs-on: ubuntu-latest
     steps:
-      - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
-      - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
-      - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
       - name: Check out repository code
         uses: actions/checkout@v4
+
       - uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
           cache: true
           check-latest: true
-      - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
-      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
-      - name: List files in the repository
-        run: |
-          ls ${{ github.workspace }}
-      - run: echo "🍏 This job's status is ${{ job.status }}."
-      - run: make ci
-        env:
-          CONFIG_RELEASE_GO_FILE: ${{ secrets.CONFIG_RELEASE_GO_FILE }}
+
+      - name: Use config_release.go from action secrets
+        uses: mobiledevops/secret-to-file-action@v1 # TODO native in Makefile, can be unsafe...
+        with:
+          base64-encoded-secret: ${{ secrets.CONFIG_RELEASE_GO_FILE }}
+          filename: "config_release.go"
+
+      - name: Use resources/ssh_private_key from action secrets
+        uses: mobiledevops/secret-to-file-action@v1 # TODO native in Makefile, can be unsafe...
+        with:
+          base64-encoded-secret: ${{ secrets.RESOURCES_SSH_PRIVATE_KEY }}
+          filename: "ssh_private_key"
+          working-directory: "./resources"
+
+      - run: make release
+
+      - name: Store release artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist-folder
+          path: |
+            dist
diff --git a/.gitignore b/.gitignore
index 60af020..2a1cd6e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,9 @@
 .DS_Store
 socks5-ssh-proxy
 resources/ssh_*
-config_release.go
+config_release*.go
+config_template_*.go
 socks5-ssh-proxy.release
+*.base64
 *.exe
 *.zip
diff --git a/Makefile b/Makefile
index c2ff136..7b60608 100644
--- a/Makefile
+++ b/Makefile
@@ -4,10 +4,10 @@ GO_ENV_VARS = CGO_ENABLED=0
 
 all: socks5-ssh-proxy
 
-ci: secrets release
-secrets:
-	cat $(CONFIG_RELEASE_GO_FILE) > config_release.go
+ci: release
 release: socks5-ssh-proxy.release socks5-ssh-proxy.exe
+	mkdir -v -p dist
+	cp -v $^ dist
 
 test: socks5-ssh-proxy
 	cp socks5-ssh-proxy ~/.ssh; cd ~/.ssh; ~/.ssh/socks5-ssh-proxy
@@ -16,7 +16,8 @@ test-release: socks5-ssh-proxy.release
 socks5-ssh-proxy: $(SOURCES) 
 	go build -o $@
 socks5-ssh-proxy.release: resources $(SOURCES)
-	$(GO_ENV_VARS) go build -tags release -o $@
+	GOOS=darwin GOARCH=amd64 $(GO_ENV_VARS) go build -tags release -o $@
+	upx $@
 win: socks5-ssh-proxy.exe
 socks5-ssh-proxy.exe: resources $(GARBLE_BIN) $(SOURCES)
 	GOOS=windows GOARCH=amd64 $(GARBLE_BIN) build -ldflags -H=windowsgui -tags release -o $@
@@ -41,6 +42,8 @@ clean-key:
 config_release.go:
 	cp config_template.go $@
 	sed -i '' 's/!release/release/g' $@
+config_release.go.base64: config_release.go
+	base64 -i $< -o $@
 
 resources: resources/ssh_private_key
 resources/ssh_private_key:
@@ -49,5 +52,9 @@ resources/ssh_private_key:
 	@echo "====================================="
 	@cat $@.pub
 	@echo "====================================="
+resources/ssh_private_key.base64: resources/ssh_private_key
+	base64 -i $< -o $@
+
+secrets: config_release.go.base64 resources/ssh_private_key.base64
 
 .phony: clean test win
diff --git a/docs/release-management.md b/docs/release-management.md
new file mode 100644
index 0000000..fea694a
--- /dev/null
+++ b/docs/release-management.md
@@ -0,0 +1,8 @@
+# release management with github actions
+
+* Generate `resources/ssh_private_key` with `make resources/ssh_private_key`
+* Base64 encode `resources/ssh_private_key` with base64
+
+## See also
+
+* <https://github.com/marketplace/actions/secret-to-file>