One time only. This should not be repeated unless the key is compromised or lost.
- Insert a blank USB stick.
- Launch the MacOS disk utility:
open "/System/Applications/Utilities/Disk Utility.app" - In the Disk Utility application:
- click on the disk icon (not a partition) to select it.
- select
Erase- Name:
terraform-provider-apstra signing key - Format:
Mac OS Extended (Journaled) - Scheme:
Master Boot Record [Erase]
- Name:
- Generate a new keypair (enter a passphrase when prompted):
cat << EOF | gpg --batch --gen-key Key-Type: 1 Key-Length: 4096 Subkey-Type: 1 Subkey-Length: 4096 Name-Real: Terraform Provider Apstra developers Name-Email: terraform-provider-apstra@juniper.net Expire-Date: 0 EOF
- Export the private key:
gpg --output "/Volumes/terraform-provider-apstra signing key/terraform-provider-apstra.pgp" --armor --export-secret-key terraform-provider-apstra@juniper.net - Delete the private key from the keychain and eject the USB stick:
gpg --delete-secret-and-public-key terraform-provider-apstra@juniper.net diskutil eject "/Volumes/terraform-provider-apstra signing key"
These tokens expire, will need to be refreshed before goreleaser can deliver a build to the Github releases area.
- Click here while logged in to Github...
- ...or go click-by-click:
- Log in to the Github web UI.
- Click on your avatar at the top right, and then settings.
- Click on <> Developer settings.
- Click on Personal access tokens and then Fine-grained tokens.
- If an appropriate token has been previously created, but is expired, it can be refreshed:
- Click on the token.
- Click on
[Regenerate token] - Select an expiration interval and then click
[Regenerate token] - Copy the token string.
- If an appropriate token does not exist, create one:
- Click on
[Generate new token] - Token name:
Release terraform-provider-apstra - Resource owner:
Juniper - Repository access
- Only select repositories
- Select
terraform-provider-apstra
- Repository permissions
- Contents: Read and Write
- Metadata: Read-only
[Generate token]- Note the token string. If you're planning to hang onto the token think about how you'll store it securely. It's a nuclear bomb, definitely better NOT written to disk.
- Click on
- Confirm that you have a Github API token.
- Confirm that you know the signing key passphrase.
- Confirm that you're on the
mainbranch, and there are no un-committed changes.git status
- Insert the USB stick with the signing key, import the key, and note the key fingerprint. The
fingerprint should be
4EACB71B2FC20EC8499576BDCB9C922903A66F3Fgpg --import "/Volumes/terraform-provider-apstra signing key/terraform-provider-apstra.pgp" gpg --list-keys terraform-provider-apstra@juniper.net - Put the Github token into the environment.
# Use `read -s` to get the Github API token into the environment without leaking it into the shell history. read -s GITHUB_TOKEN # paste the token string and then hit <ctrl>+d # Use `export` to convert the shell variable into an environment variable. export GITHUB_TOKEN
- Tag the release with a new version number:
git tag vX.X.X # don't use 'X's, but do use a leading `v` - Run
goreleaserusing the recipe in theMakefileto publish a draft release to github:make release
- Delete the private key from the keychain:
gpg --delete-secret-and-public-key terraform-provider-apstra@juniper.net
- Navigate to the Github Releases page for this project.
The new release will be in draft form, not yet visible to the public.
- Hit the pencil (edit) button for the new release.
- Press the
Generate release notesbutton. - Review the release notes, clean up as appropriate.
- Press the
Publish Releasebutton.
- Navigate to the provider page on the Terraform Registry
- Within a minute or so of publishing the release, the registry should update with the latest version.