search

go-acme / lego

Let's Encrypt/ACME client and library written in Go
https://go-acme.github.io/lego/
MIT License
7.44k stars 987 forks source link

chore: add snap to release packages #2134

Closed gruyaume closed 3 months ago

gruyaume commented 3 months ago

Description

The LEGO snap makes it easy to install and use LEGO on any Linux distribution that supports snaps. This PR adds the snap to go releaser to automatically build and publish the snap.

Usage

sudo snap install lego
sudo lego \
  --email="you@example.com" \
  --domains="example.com" \
  --server=https://acme-staging-v02.api.letsencrypt.org/directory \
  --http \
  --http.port :8080 \
  run

Note: The LEGO snap can only write to the /var/snap/lego/common/.lego directory.

Confinement

The snap is strictly confined, meaning it only has access to what it requires to work and for LEGO that means network binding.

Snap publishing

For the snap publishing to succeed, it will be necessary to do the following before merging this PR:

  1. Create a snapcraft account
  2. Make a request in the snapcraft forum to have the ownership of the lego snap name switched from myself to this new account. I can make the request myself once we have step 1 completed.
  3. Generate a snapcraft login token attached to this specific snap with a reasonable ttl
  4. Place this token in a GitHub secret named SNAPCRAFT_STORE_CREDENTIALS

Once all of those are completed, I will move the PR from draft to live.

Channel

With the current state of the change proposed here, the snap will be automatically published to the edge channel. This means that promotion from edge -> beta -> candidate -> stable would have to be done manually through the Snapcraft UI.

Related to https://github.com/go-acme/lego/discussions/2133

ldez commented 3 months ago

I already have a Snapcraft account: ldez But I don't have Snapcraft forum login.

gruyaume commented 3 months ago

I already have a Snapcraft account: ldez But I don't have Snapcraft forum login.

Ok, I just made the request:

ldez commented 3 months ago

Before the transfer can you add the v4.16.0 to the current snap?

gruyaume commented 3 months ago

Before the transfer can you add the v4.16.0 to the current snap?

Done!

gruyaume commented 3 months ago

@ldez As you can see in the snapcraft request, I first need to add you as a collaborator on the snap and I need your email for this.

image

ldez commented 3 months ago

My email is: -

ldez commented 3 months ago

I accepted the invitation

gruyaume commented 3 months ago

@ldez The transfer is complete. Let me know when the snapcraft token is in the repo secrets and I'll move the PR to live.

ldez commented 3 months ago

I can't find the Snapcraft token inside my Snapcraft account, where is it?

gruyaume commented 3 months ago

I can't find the Snapcraft token inside my Snapcraft account, where is it?

You will have to generate one for yourself via snapcraft CLI:

ldez commented 3 months ago

It's unexpected to be forced to install a CLI to generate a token, but :shrug:

ldez commented 3 months ago

I added the token to the secrets.

gruyaume commented 3 months ago

It's unexpected to be forced to install a CLI to generate a token, but 🤷

Well the token is used by the CLI, you are "forced" to install the cli to use the token as well...

ldez commented 3 months ago

Everything is ok? Ready for review?

gruyaume commented 3 months ago

Everything is ok? Ready for review?

I think so, but it's hard to test the PR without running the release.

ldez commented 3 months ago

We will see with the next release :smile:

ldez commented 1 month ago

The release fails:

Run snapcraft login
  snapcraft login
  shell: /usr/bin/bash -e {0}
  env:
    GO_VERSION: stable
    CGO_ENABLED: 0
    SNAPCRAFT_STORE_CREDENTIALS: ***
Cannot login with 'SNAPCRAFT_STORE_CREDENTIALS' set.
Recommended resolution: Unset 'SNAPCRAFT_STORE_CREDENTIALS' and try again.
Full execution log: '/home/runner/.local/state/snapcraft/log/snapcraft-20240528-105206.532861.log'
Error: Process completed with exit code 1.

https://github.com/go-acme/lego/actions/runs/9267967862/job/25495567069

ldez commented 1 month ago

I fixed the first problem but there is another one:

  ⨯ release failed after 44m55s              error=failed to generate snap package: exit status 1: Packing...
Creating snap package...
Command '['snap', 'pack', '--filename', 'lego_4.17.2_linux_armv7.snap', 'dist/lego_4.17.2_linux_armv7/prime', PosixPath('/home/runner/work/lego/lego/dist')]' returned non-zero exit status 1.
Full execution log: '/home/runner/.local/state/snapcraft/log/snapcraft-20240528-135337.553506.log'
Error: The process '/opt/hostedtoolcache/goreleaser-action/1.26.2/x64/goreleaser' failed with exit code 1

https://github.com/go-acme/lego/actions/runs/9269740662/job/25501184725

ldez commented 1 month ago

I'm not able to debug that, there is not enough information. Each try takes about 1 hour, I already created 2 bug-fix releases so I will disable the snap step.