This changes the logic of parsing the `version.go` file from a certain
branch to instead make use of the GitHub latest release redirect or
API[1] endpoints for checking if `sops` is on the latest version.
Detaching any future release of SOPS from specific file structures
and/or branches, and (theoretically) freeing it from the requirement of
having to bump the version in-code during release (as this is also done
using `-ldflags` during build). Were it not for the fact that we have
to maintain it for backwards compatibility.
[1]: https://docs.github.com/en/free-pro-team@latest/rest/releases/releases?apiVersion=2022-11-28#get-the-latest-release
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This adds the base for releasing using GoReleaser going forward in a
backwards compatible manner, which means:
- Publishing of artifacts in the same formats as previous releases
- Publishing of RPM and deb artifacts in the same formats as previous
releases (although the metadata may need a bit of tweaking)
In addition, it includes:
- SBOM inclusion per binary artifact
It still needs work around:
- Artifact signing
- SLSA compliance
- Docker images
- GitHub release
- Changelog generation
- GitHub Action workflow
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This commit renames the Go module from `go.mozilla.org/sops/v3` to
`github.com/getsops/sops/v3` without a major version bump, to align
with new stewardship.
For more information around this change, refer to
https://github.com/getsops/sops/issues/1246.
For a one-liner to change the `go.mod` and any import paths in your
Go project making use of this module, run:
```
find /path/to/repo -type f \( -name "*.go" -o -name "go.mod" \) -exec sed -i 's|go.mozilla.org/sops/v3|github.com/getsops/sops/v3|g' {} \;
find /path/to/repo -type f \( -name "*.go" -o -name "go.mod" \) -exec sed -i '' 's|go.mozilla.org/sops/v3|github.com/getsops/sops/v3|g' {} \;
```
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
* kms encryption ctx auto fix
Code to do the migration is still rough and needs clean up and further
testing.
* Added some further polish to enc ctx fix code path
* Attempt to decrypt using other keys before trying enc ctx variations
* just re-encrypt datakey instead of all of the values
* Move KMS enc ctx fix code to new function
* Fix RetrieveLatestVersionFromUpstream with pkg move
* Fixes from code review
* Include err in message displayed to user
* Remove duplicate file.Close() calls in Fix kms func
* move file.Close() to defer
Hidde Beydals
Brian Kemper
Stoned Elipot
Felix Fontein
daurnimator
AJ Bahnken
Mikhail Katychev
AJ Bahnken
Adriano