Add GoReleaser for automated binary releases

thebenignhacker · thebenignhacker · commit 65e4cac08464 · 2025-12-25T18:55:43.000-07:00
- Add .goreleaser.yaml with multi-platform builds (linux/darwin/windows, amd64/arm64)
- Update CI workflow to run GoReleaser on version tags
- Add snapshot builds on main branch pushes
- Include Homebrew tap and deb/rpm package support
- Update .gitignore to exclude AI assistant config files
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -3,6 +3,8 @@ name: CI
 on:
   push:
     branches: [main]
+    tags:
+      - 'v*'
   pull_request:
     branches: [main]
 
@@ -47,6 +49,32 @@ jobs:
           version: latest
 
   release:
+    needs: [test, lint]
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/v')
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.21'
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser
+          version: '~> v2'
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  # Build binaries on main branch pushes (without releasing)
+  build:
     needs: [test, lint]
     runs-on: ubuntu-latest
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
@@ -60,19 +88,12 @@ jobs:
         with:
           go-version: '1.21'
 
-      - name: Build binaries
-        run: |
-          mkdir -p dist
-          VERSION=$(git describe --tags --always --dirty 2>/dev/null || echo "dev")
-          COMMIT=$(git rev-parse --short HEAD)
-          DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
-          LDFLAGS="-X main.version=${VERSION} -X main.commit=${COMMIT} -X main.date=${DATE}"
-
-          GOOS=darwin GOARCH=amd64 go build -ldflags="${LDFLAGS}" -o dist/cryptoscan-darwin-amd64 ./cmd/cryptoscan
-          GOOS=darwin GOARCH=arm64 go build -ldflags="${LDFLAGS}" -o dist/cryptoscan-darwin-arm64 ./cmd/cryptoscan
-          GOOS=linux GOARCH=amd64 go build -ldflags="${LDFLAGS}" -o dist/cryptoscan-linux-amd64 ./cmd/cryptoscan
-          GOOS=linux GOARCH=arm64 go build -ldflags="${LDFLAGS}" -o dist/cryptoscan-linux-arm64 ./cmd/cryptoscan
-          GOOS=windows GOARCH=amd64 go build -ldflags="${LDFLAGS}" -o dist/cryptoscan-windows-amd64.exe ./cmd/cryptoscan
+      - name: Build snapshot
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser
+          version: '~> v2'
+          args: build --snapshot --clean
 
       - name: Upload artifacts
         uses: actions/upload-artifact@v4
diff --git a/.gitignore b/.gitignore
@@ -39,3 +39,9 @@ build/
 .env
 .env.local
 config.local.yaml
+
+# AI assistant files
+CLAUDE.md
+.cursorrules
+.aider*
+.copilot/
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -0,0 +1,135 @@
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# GoReleaser configuration for CryptoScan
+# Documentation: https://goreleaser.com
+
+version: 2
+
+project_name: cryptoscan
+
+before:
+  hooks:
+    - go mod tidy
+    - go generate ./...
+
+builds:
+  - id: cryptoscan
+    main: ./cmd/cryptoscan
+    binary: cryptoscan
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - darwin
+      - windows
+    goarch:
+      - amd64
+      - arm64
+    ldflags:
+      - -s -w
+      - -X main.version={{.Version}}
+      - -X main.commit={{.ShortCommit}}
+      - -X main.date={{.Date}}
+
+archives:
+  - id: default
+    format: tar.gz
+    name_template: >-
+      {{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}
+    format_overrides:
+      - goos: windows
+        format: zip
+    files:
+      - LICENSE
+      - README.md
+
+checksum:
+  name_template: 'checksums.txt'
+  algorithm: sha256
+
+snapshot:
+  version_template: "{{ incpatch .Version }}-next"
+
+changelog:
+  sort: asc
+  use: github
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+      - '^ci:'
+      - '^chore:'
+      - Merge pull request
+      - Merge branch
+  groups:
+    - title: Features
+      regexp: '^.*?feat(\([[:word:]]+\))??!?:.+$'
+      order: 0
+    - title: Bug Fixes
+      regexp: '^.*?fix(\([[:word:]]+\))??!?:.+$'
+      order: 1
+    - title: Security
+      regexp: '^.*?sec(\([[:word:]]+\))??!?:.+$'
+      order: 2
+    - title: Others
+      order: 999
+
+release:
+  github:
+    owner: csnp
+    name: qramm-cryptoscan
+  draft: false
+  prerelease: auto
+  mode: replace
+  header: |
+    ## CryptoScan {{ .Tag }}
+
+    **Cryptographic discovery tool for the post-quantum era**
+
+    Part of the [QRAMM Toolkit](https://qramm.org) by [CSNP](https://csnp.org)
+  footer: |
+    ---
+
+    ### Quick Install
+
+    ```bash
+    # Using Go
+    go install github.com/csnp/qramm-cryptoscan/cmd/cryptoscan@{{ .Tag }}
+
+    # Or download binary from assets below
+    ```
+
+    ### Checksums
+
+    Verify your download with the checksums.txt file.
+
+brews:
+  - name: cryptoscan
+    repository:
+      owner: csnp
+      name: homebrew-tap
+      token: "{{ .Env.HOMEBREW_TAP_TOKEN }}"
+    skip_upload: auto
+    directory: Formula
+    homepage: https://qramm.org
+    description: Cryptographic discovery tool for the post-quantum era
+    license: Apache-2.0
+    install: |
+      bin.install "cryptoscan"
+    test: |
+      system "#{bin}/cryptoscan", "--version"
+
+nfpms:
+  - id: packages
+    package_name: cryptoscan
+    vendor: CSNP
+    homepage: https://qramm.org
+    maintainer: CSNP <info@csnp.org>
+    description: Cryptographic discovery tool for the post-quantum era
+    license: Apache-2.0
+    formats:
+      - deb
+      - rpm
+    bindir: /usr/bin
+
+announce:
+  skip: "true"
