CI/CD: Release Pipeline with GoReleaser

[mertssmnoglu]

Issue: #23

• Run when someone push tag starts with v* (Not tested)
• Build the app in different os and archs (Tested manually) | Disabled windows and macos releases for now.
• Generate checksums for the artifacts (Tested manually)
• Create a new release page on GitHub (Not tested)
• Build the image with ko | (Not tested)
• Push image to the ghcr(GitHub Container Registry) | (Not tested)

Summary by CodeRabbit

• New Features

  • Introduced an automated release workflow for Go applications.
  • Added configuration for building and releasing the capture application.

• Documentation

  • Updated settings for generating checksums and changelogs.

• Chores

  • Created a new workflow file for managing releases.
  • Configured build targets and output formats for artifacts.

[coderabbitai]

Walkthrough

The changes introduced a new GitHub Actions workflow file named release.yml, which automates the release process for Go applications upon tagging. Additionally, a new configuration file .goreleaser.yml was added to define settings for GoReleaser, specifying the project name, version, build targets, supported operating systems, architectures, output formats, checksum generation, and changelog sorting.

Changes

File	Change Summary
.github/workflow/release.yml	New workflow created to automate the release process triggered by version tags. It includes steps for checkout, Go setup, and running GoReleaser.
.goreleaser.yml	New configuration file for GoReleaser, defining project name, version, build targets, supported OS and architectures, archive formats, checksum generation, and changelog sorting.

Poem

🐇 In the meadow where the code does play,
A new release brings joy today!
With tags that sparkle, like stars so bright,
GoReleaser hops in, ready for flight.
Tails a-wagging, artifacts in tow,
Let's celebrate this code, oh what a show! 🌟

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Experiment)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[mertssmnoglu]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 3

🧹 Outside diff range and nitpick comments (2)

.goreleaser.yml (2)

29-33: Consider adding signature verification for enhanced security

While SHA256 checksums are good for integrity verification, consider adding GPG signing for authenticity verification. This can be achieved by adding a signs section to the configuration.

 checksum:
   name_template: 'checksums.txt'
   algorithm: sha256
+
+signs:
+  - artifacts: checksum
+    args: ["--batch", "-u", "<key-id>", "--output", "${signature}", "--detach-sign", "${artifact}"]

---

35-36: Consider enhancing changelog configuration

The current changelog configuration is minimal. Consider adding more structure with filters and groupings for better release notes organization.

 changelog:
   sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+      - '^ci:'
+  groups:
+    - title: Features
+      regexp: "^.*feat[(\\w)]*:+.*$"
+      order: 0
+    - title: 'Bug fixes'
+      regexp: "^.*fix[(\\w)]*:+.*$"
+      order: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 186e2a1 and 9ff179c.

📒 Files selected for processing (2)

• .github/workflow/release.yml (1 hunks)
• .goreleaser.yml (1 hunks)

🔇 Additional comments (6)

.goreleaser.yml (3)

22-27: LGTM! Archive configuration follows best practices

The archive configuration is well-structured with appropriate format choices for different platforms and a comprehensive naming template.

---

4-20: Verify the main entry point and build configuration

The build configuration looks solid with good cross-platform support. A few points to verify:

1. Ensure ./cmd/api is the correct main entry point
2. Consider adding GOOS and GOARCH to the build environment for explicit control

#!/bin/bash
# Description: Verify main entry point and build structure

# Check if the main entry point exists
echo "Checking main entry point:"
if [ -f "cmd/api/main.go" ]; then
    echo "✓ Main entry point exists"
    # Look for main function
    ast-grep --pattern 'func main() { $$$ }' cmd/api/main.go
else
    echo "✗ Main entry point not found at cmd/api/main.go"
fi

# Check for potential other main packages
echo -e "\nChecking for other main packages:"
ast-grep --pattern 'package main'

---

1-36: Verify alignment with PR objectives and WIP items

The configuration implements most of the completed tasks mentioned in the PR objectives. However, there are some WIP items that need to be addressed:

1. Building the image
2. Signing the image
3. Pushing the image to the registry

Consider adding Docker configuration to handle these WIP items:

#!/bin/bash
# Description: Check for existing Docker configurations

# Check for Dockerfile
echo "Checking for Dockerfile:"
if [ -f "Dockerfile" ]; then
    cat Dockerfile
fi

# Check for Docker-related GitHub Actions
echo -e "\nChecking for Docker-related GitHub Actions:"
if [ -d ".github/workflows" ]; then
    rg -l "docker" .github/workflows/
fi

.github/workflow/release.yml (3)

1-8: LGTM! Workflow trigger configuration follows best practices.

The workflow is correctly configured to trigger on version tags, following semantic versioning conventions.

---

16-22: LGTM! Job configuration is properly set up.

The job permissions are correctly configured for creating releases and publishing packages.

---

1-42: Verify complete release setup and dependencies.

The workflow is part of a larger release automation setup. Let's verify the required components:

#!/bin/bash
# Check for required configuration files and dependencies

echo "Checking for GoReleaser config..."
fd .goreleaser.yml

echo "Checking for signing configurations..."
rg -A 5 'sign|signature|gpg' .goreleaser.yml

echo "Checking for build configurations..."
rg -A 5 'build|binary|main' .goreleaser.yml

echo "Checking for Go module initialization..."
fd go.mod

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (4)

.goreleaser.yml (4)

18-21: Remove redundant ignore rule

The ignore rule for Windows/arm64 is unnecessary since Windows builds are currently disabled.

-    ignore:
-      # Ignore the arm64 build on windows
-      - goos: windows
-        goarch: arm64

---

7-8: Document security implications of CGO_ENABLED=0

While disabling CGO is common for static builds, it's worth documenting that this means the binary won't use the system's DNS resolver and CA certificates.

Add a comment explaining the implications:

    env:
+     # Disabled CGO for static builds. Note: This means the binary won't use system DNS resolver and CA certificates
      - CGO_ENABLED=0

---

42-43: Remove trailing whitespace

There's unnecessary trailing whitespace on line 43.

-    bare: true
-    
+    bare: true

🧰 Tools

🪛 yamllint (1.35.1)

[error] 43-43: trailing spaces

(trailing-spaces)

---

48-50: Consider removing unused Windows format override

Since Windows builds are currently disabled, this format override is unused.

-    format_overrides:
-      - goos: windows
-        format: zip

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a337eb1 and 5a09be0.

📒 Files selected for processing (2)

• .github/workflow/release.yml (1 hunks)
• .goreleaser.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflow/release.yml

🧰 Additional context used

🪛 yamllint (1.35.1)

.goreleaser.yml

[error] 43-43: trailing spaces

(trailing-spaces)

🔇 Additional comments (3)

.goreleaser.yml (3)

1-2: LGTM: Basic configuration is correct

The GoReleaser version and project name are properly configured.

---

52-56: LGTM: Secure checksum configuration

The checksum configuration uses SHA256 and follows security best practices.

---

58-63: LGTM: Changelog configuration is well-structured

The changelog configuration properly filters out non-relevant commits and maintains a clear chronological order.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (3)

.goreleaser.yml (3)

42-42: Remove trailing spaces.

Remove the trailing spaces on line 42.

🧰 Tools

🪛 yamllint (1.35.1)

[error] 42-42: trailing spaces

(trailing-spaces)

---

23-42: Document the bare: true setting.

Consider adding a comment explaining why bare: true is set. This setting affects how the container image is built and should be documented for maintainability.

🧰 Tools

🪛 yamllint (1.35.1)

[error] 42-42: trailing spaces

(trailing-spaces)

---

57-62: Consider refining changelog filters.

The current filters exclude all documentation and test commits. Consider being more specific to avoid excluding important changes:

  filters:
    exclude:
-     - '^docs:'
-     - '^test:'
+     - '^docs:\s*typo'
+     - '^docs:\s*formatting'
+     - '^test:\s*refactor'

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5a09be0 and b726ef5.

📒 Files selected for processing (1)

• .goreleaser.yml (1 hunks)

🧰 Additional context used

🪛 yamllint (1.35.1)

.goreleaser.yml

[error] 42-42: trailing spaces

(trailing-spaces)

🔇 Additional comments (5)

.goreleaser.yml (5)

1-2: LGTM: Version and project name are correctly configured.

The GoReleaser version and project name are properly set.

---

44-50: LGTM: Archive configuration is well-structured.

The archive configuration follows best practices with appropriate format selection and naming template.

---

51-56: LGTM: Checksum configuration follows security best practices.

The SHA256 algorithm is appropriate for file integrity verification.

---

1-62: Verify integration with GitHub Actions workflow.

Let's ensure this configuration aligns with the GitHub Actions workflow file.

🧰 Tools

🪛 yamllint (1.35.1)

[error] 42-42: trailing spaces

(trailing-spaces)

---

4-22: Verify build configuration and platform support.

Let's verify the following aspects:

1. The main entry point path
2. Platform-specific code that may affect Windows/Darwin support
3. Architecture support in the codebase