Use GitHub actions for release (#2)

Author: zph

.github/workflows/codeql-analysis.yml

@@ -38,7 +38,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
@@ -48,11 +48,11 @@ jobs:
         # If you wish to specify custom queries, you can do so here or in a config file.
         # By default, queries listed here will override any specified in a config file.
         # Prefix the list here with "+" to use these queries and those in the config file.
-        
+
         # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         queries: security-extended,security-and-quality
 
-        
+
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
@@ -61,7 +61,7 @@ jobs:
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
-    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
     #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
 
     # - run: |

.github/workflows/main.yml

@@ -0,0 +1,89 @@
+name: Main (test, releases)
+on:
+  # # Indicates I want to run this workflow on all branches, PR, and tags
+  push:
+    branches: ["*"]
+    tags: ["*"]
+  pull_request:
+    branches: [ "master" ]
+jobs:
+  lint:
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        command:
+        - make vet
+        - make fmtcheck
+    steps:
+      - name: Checkout Git repo
+        uses: actions/checkout@v4
+      - name: Running ${{ matrix.command }}
+        run: ${{ matrix.command }}
+
+  tests:
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        target:
+        - testversion5.6
+        - testversion5.7
+        - testversion8.0
+        - testpercona5.7
+        - testpercona8.0
+        - testmariadb10.3
+        - testmariadb10.8
+        - testmariadb10.10
+        # Track https://github.com/pingcap/tidb/tags
+        - testtidb6.1.0
+        - testtidb6.5.3
+        # Fails because not yet available? 20240705
+        # - testtidb6.5.10
+        - testtidb7.1.5
+        - testtidb7.5.2
+        - testtidb8.1.0
+    steps:
+      - name: Checkout Git repo
+        uses: actions/checkout@v4
+      - name: Install mysql client
+        run: |
+          sudo apt-get update
+          sudo apt-get -f -y install mysql-client
+      - name: Run tests {{ matrix.target }}
+        run: make ${{ matrix.target }}
+  # DISABLED to figure out GPG signing issue on Github Actions
+  #         possibly due to lack of TTY inside docker?
+  # release:
+  #   name: Release
+  #   needs: [tests]
+  #   # Can't use non-semvar for the testing tag
+  #   # https://github.com/orgs/goreleaser/discussions/3708
+  #   if: ( startsWith( github.ref, 'refs/tags/v' ) ||
+  #           startsWith(github.ref, 'refs/tags/v0.0.0-rc') )
+  #   runs-on: ubuntu-22.04
+  #   steps:
+  #     - name: Checkout Git repo
+  #       uses: actions/checkout@v4
+
+  #     # Goreleaser
+  #     - name: Set up Go
+  #       uses: actions/setup-go@v4
+  #     - name: Run GoReleaser
+  #       uses: goreleaser/goreleaser-action@v6
+  #       with:
+  #         distribution: goreleaser
+  #         version: '~> v2'
+  #         # Run goreleaser and ignore non-committed files (downloaded artifacts)
+  #         args: release --clean --skip=validate --verbose
+  #       env:
+  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  # terraform-provider-release:
+  #   needs: [release]
+  #   name: 'Terraform Provider Release'
+  #   uses: hashicorp/ghaction-terraform-provider-release/.github/workflows/community.yml@v5
+  #   secrets:
+  #     gpg-private-key: '${{ secrets.GPG_PRIVATE_KEY }}'
+  #   with:
+  #     setup-go-version-file: 'go.mod'

.goreleaser.yml

@@ -1,5 +1,6 @@
 # Visit https://goreleaser.com for documentation on how to customize this
 # behavior.
+version: 2
 before:
   hooks:
     # this is just an example and not a requirement for provider building/publishing
@@ -49,6 +50,6 @@ signs:
       - "${artifact}"
 release:
   # If you want to manually examine the release before its live, uncomment this line:
-  # draft: true
+  draft: true
 changelog:
   use: git

GNUmakefile

@@ -6,6 +6,9 @@ TERRAFORM_VERSION=0.14.7
 TERRAFORM_OS=$(shell uname -s | tr A-Z a-z)
 TEST_USER=root
 TEST_PASSWORD=my-secret-pw
+DATESTAMP=$(shell date "+%Y%m%d%H%M%S")
+SHA_SHORT=$(shell git describe --match=FORCE_NEVER_MATCH --always --abbrev=40 --dirty --abbrev)
+MOST_RECENT_UPSTREAM_TAG=$(shell git for-each-ref refs/tags --sort=-taggerdate --format="%(refname)" | head -1 | grep -E -o "v\d+\.\d+\.\d+")
 
 default: build
 
@@ -118,4 +121,12 @@ endif
 
 	@$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME)
 
-.PHONY: build test testacc vet fmt fmtcheck errcheck vendor-status test-compile website website-test
+format-tag:
+	@echo $(MOST_RECENT_UPSTREAM_TAG)-$(DATESTAMP)-$(SHA_SHORT)
+
+tag:
+	@echo git tag -a $(MOST_RECENT_UPSTREAM_TAG)-$(DATESTAMP)-$(SHA_SHORT) -m $(MOST_RECENT_UPSTREAM_TAG)-$(DATESTAMP)-$(SHA_SHORT)
+	@git tag -a $(MOST_RECENT_UPSTREAM_TAG)-$(DATESTAMP)-$(SHA_SHORT) -m $(MOST_RECENT_UPSTREAM_TAG)-$(DATESTAMP)-$(SHA_SHORT)
+
+
+.PHONY: build test testacc vet fmt fmtcheck errcheck vendor-status test-compile website website-test tag

README.md

@@ -1,3 +1,44 @@
+zph/terraform-provider-mysql
+
+# Purpose
+
+zph fork of terraform-provider-mysql exists for the following goals:
+1. To design and trial TiDB integrations or patches before committing upstream
+2. To validate design changes for the project before offering upstream.
+
+Changes here are intended to be upstreamed to petoju's fork to avoid ecosystem
+fragmentation. We will update this readme if those design choices change.
+
+## Release Naming
+
+zph fork will use release naming in the following form:
+
+v3.0.62-20240705125429-3c7af6a
+
+{petoju version}-{date}-{sha}
+
+This indicates that the base is v3.0.62 from petoju, with modifications from zph
+repo using {sha} and built on {date}.
+
+It allows for keeping patches alive on this fork until they land upstream and are
+released there.
+
+## Security / Chain of Custody
+
+We sign releases with a GPG key currently using goreleaser locally on the personal
+equipment of @ZPH. As the maintainer of this fork, I, @ZPH, attest that the builds
+represent the exact SHA of the version control with no alterations.
+
+The near term goal is to setup github actions to provide this guarantee
+so that even if I were a malicious actor or coerced,
+I could not introduce opaque security issues into binary releases.
+
+In the meantime, I certify by my professional reputation and career as:
+https://www.linkedin.com/in/zph/ that appropriate safeguards are being taken.
+
+## Original Readme
+Below is from petoju/terraform-provider-mysql:
+
 **This repository is an unofficial fork**
 
 The fork is mostly based of the official (now archived) repo.

terraform-registry-manifest.json

@@ -0,0 +1,6 @@
+{
+  "version": 1,
+  "metadata": {
+    "protocol_versions": ["6.0"]
+  }
+}