all: add goreleaser and setup release workflow (#1)

* analysis: add missing license header

* all: add goreleaser and setup release workflow

Author: joshuasing

.github/release.yml

@@ -0,0 +1,28 @@
+changelog:
+  exclude:
+    labels:
+      - "type: dependencies"
+  categories:
+    - title: "⚠️ Breaking changes"
+      labels:
+        - "status: breaking"
+    - title: "✨ Additions"
+      labels:
+        - "type: feature"
+    - title: "🐛 Fixes"
+      labels:
+        - "type: bug"
+        - "type: broken metric"
+    - title: "🔧 Improvements"
+      labels:
+        - "type: enhancement"
+        - "type: refactor"
+    - title: "📖 Documentation"
+      labels:
+        - "type: documentation"
+    - title: "🧪 Test coverage"
+      labels:
+        - "type: test"
+    - title: "⚙️ Other"
+      labels:
+        - "*"

.github/workflows/release.yml

@@ -0,0 +1,98 @@
+# Copyright (c) 2025 Joshua Sing <joshua@joshuasing.dev>
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+# GitHub Actions workflow to create releases using GoReleaser.
+name: "Release"
+
+on:
+  push:
+    tags: [ "v*.*.*" ]
+
+env:
+  GO_VERSION: "1.24.x"
+
+jobs:
+  release:
+    name: "Release"
+    runs-on: "ubuntu-latest"
+    environment:
+      name: "release"
+    permissions:
+      contents: write
+      id-token: write
+      packages: write
+      attestations: write
+    env:
+      DOCKER_CLI_EXPERIMENTAL: enabled
+    steps:
+      - name: "Checkout repository"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: "Setup Go ${{ env.GO_VERSION }}"
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: "${{ env.GO_VERSION }}"
+          cache: true
+          check-latest: true
+
+      - name: "Install cosign"
+        uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
+
+      - name: "Install Syft"
+        uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
+
+      - name: "Setup QEMU"
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+
+      - name: "Setup Docker Buildx"
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+
+      - name: "Login to DockerHub"
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          username: "${{ secrets.DOCKERHUB_USERNAME }}"
+          password: "${{ secrets.DOCKERHUB_TOKEN }}"
+
+      - name: "Login to GitHub Container Registry"
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          registry: "ghcr.io"
+          username: "${{ github.repository_owner }}"
+          password: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: "Release"
+        uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
+        with:
+          args: "release --clean"
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: "Attest release artifacts"
+        uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
+        with:
+          subject-path: |
+            dist/**/starlink_exporter
+            dist/*.tar.gz
+            dist/*.zip
+            dist/*.txt
+            dist/*.pem
+            dist/*.sig

.goreleaser.Dockerfile

@@ -0,0 +1,61 @@
+# Copyright (c) 2025 Joshua Sing <joshua@joshuasing.dev>
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+# Build stage
+FROM alpine:3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c AS builder
+
+# Add ca-certificates, timezone data
+RUN apk --no-cache add --update ca-certificates tzdata
+
+# Create non-root user
+RUN addgroup --gid 65532 golicenser && \
+    adduser  --disabled-password --gecos "" \
+    --no-create-home --shell="/sbin/nologin" \
+    -G golicenser --uid 65532 golicenser
+
+# Run stage
+FROM scratch
+
+# Build metadata
+ARG VERSION
+ARG VCS_REF
+ARG BUILD_DATE
+
+LABEL maintainer="Joshua Sing <joshua@joshuasing.dev>"
+LABEL org.opencontainers.image.created=$BUILD_DATE \
+      org.opencontainers.image.authors="Joshua Sing <joshua@joshuasing.dev>" \
+      org.opencontainers.image.url="https://github.com/joshuasing/golicenser" \
+      org.opencontainers.image.source="https://github.com/joshuasing/golicenser" \
+      org.opencontainers.image.version=$VERSION \
+      org.opencontainers.image.revision=$VCS_REF \
+      org.opencontainers.image.licenses="MIT" \
+      org.opencontainers.image.vendor="Joshua Sing <joshua@joshuasing.dev>" \
+      org.opencontainers.image.title="golicenser" \
+      org.opencontainers.image.description="A fast, easy-to-use, license header linter for Go"
+
+# Copy files
+COPY --from=builder /etc/group /etc/group
+COPY --from=builder /etc/passwd /etc/passwd
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
+COPY golicenser /usr/local/bin/golicenser
+
+USER golicenser:golicenser
+ENTRYPOINT ["/usr/local/bin/golicenser"]

.goreleaser.yml

@@ -0,0 +1,201 @@
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj
+version: 2
+
+project_name: "golicenser"
+report_sizes: true
+
+env:
+  - AUTHOR=Joshua Sing <joshua@joshuasing.dev>
+  - GITHUB_USER=joshuasing
+  - DOCKER_HUB_USER=joshuasing
+  - DESCRIPTION=A fast, easy-to-use, license header linter for Go
+  - LICENSE=MIT
+
+before:
+  hooks:
+    - "go mod tidy"
+    - "go mod download"
+    - "go mod verify"
+
+builds:
+  - binary: "{{ .ProjectName }}"
+    main: "./cmd/{{ .ProjectName }}/"
+    env: [ "CGO_ENABLED=0", "GOGC=off" ]
+    ldflags: >-
+      -s -w
+    flags: [ "-trimpath" ]
+    goos:
+      - "linux"
+      - "windows"
+      - "darwin"
+    goarch:
+      - "amd64"
+      - "arm"
+      - "arm64"
+    goarm: [ "7" ]
+    ignore:
+      - goos: "windows"
+        goarch: "arm"
+
+archives:
+  - formats: "tar.gz"
+    wrap_in_directory: true
+    name_template: >-
+      {{ .ProjectName }}_v{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}
+    format_overrides:
+      - goos: "windows"
+        formats: "zip"
+    files:
+      - "README*"
+      - "LICENSE*"
+
+# Create sources archive.
+source:
+  enabled: true
+  name_template: "{{ .ProjectName }}_v{{ .Version }}_sources"
+  format: "tar.gz"
+
+# Create checksums file.
+checksum:
+  name_template: "{{ .ProjectName }}_v{{ .Version }}_checksums.txt"
+  algorithm: "sha256"
+
+# Create SBOMs for all archives and the source archive.
+sboms:
+  - id: "archive"
+    artifacts: "archive"
+  - id: "source"
+    artifacts: "source"
+
+# Sign the checksum file, which includes the checksums for all files (including SBOMs).
+signs:
+  - cmd: "cosign"
+    certificate: "${artifact}.pem"
+    args:
+      - "sign-blob"
+      - "--output-certificate=${certificate}"
+      - "--output-signature=${signature}"
+      - "${artifact}"
+      - "--yes"
+    artifacts: "checksum"
+    output: true
+
+# Create Docker images.
+dockers:
+  # linux/amd64
+  - id: "{{ .ProjectName }}-amd64"
+    goos: "linux"
+    goarch: "amd64"
+    dockerfile: ".goreleaser.Dockerfile"
+    use: buildx
+    image_templates:
+      - "{{ .Env.DOCKER_HUB_USER }}/{{ .ProjectName }}:{{ .Version }}-amd64"
+      - "ghcr.io/{{ .Env.GITHUB_USER }}/{{ .ProjectName }}:{{ .Version }}-amd64"
+    build_flag_templates:
+      - "--platform=linux/amd64"
+      - "--build-arg=VERSION={{ .Version }}"
+      - "--build-arg=VCS_REF={{ .FullCommit }}"
+      - "--build-arg=BUILD_DATE={{ .Date }}"
+
+  # linux/arm64/v8
+  - id: "{{ .ProjectName }}-arm64"
+    goos: "linux"
+    goarch: "arm64"
+    dockerfile: ".goreleaser.Dockerfile"
+    use: buildx
+    image_templates:
+      - "{{ .Env.DOCKER_HUB_USER }}/{{ .ProjectName }}:{{ .Version }}-arm64"
+      - "ghcr.io/{{ .Env.GITHUB_USER }}/{{ .ProjectName }}:{{ .Version }}-arm64"
+    build_flag_templates:
+      - "--platform=linux/arm64/v8"
+      - "--build-arg=VERSION={{ .Version }}"
+      - "--build-arg=VCS_REF={{ .FullCommit }}"
+      - "--build-arg=BUILD_DATE={{ .Date }}"
+
+  # linux/arm/v7
+  - id: "{{ .ProjectName }}-armv7"
+    goos: "linux"
+    goarch: "arm"
+    goarm: "7"
+    dockerfile: ".goreleaser.Dockerfile"
+    use: buildx
+    image_templates:
+      - "{{ .Env.DOCKER_HUB_USER }}/{{ .ProjectName }}:{{ .Version }}-armv7"
+      - "ghcr.io/{{ .Env.GITHUB_USER }}/{{ .ProjectName }}:{{ .Version }}-armv7"
+    build_flag_templates:
+      - "--platform=linux/arm/v7"
+      - "--build-arg=VERSION={{ .Version }}"
+      - "--build-arg=VCS_REF={{ .FullCommit }}"
+      - "--build-arg=BUILD_DATE={{ .Date }}"
+
+# Create Docker manifests for each image, containing the images for each
+# supported system architecture.
+docker_manifests:
+  # Docker Hub
+  - name_template: "{{ .Env.DOCKER_HUB_USER }}/{{ .ProjectName }}:latest"
+    image_templates:
+      - "{{ .Env.DOCKER_HUB_USER }}/{{ .ProjectName }}:{{ .Version }}-amd64"
+      - "{{ .Env.DOCKER_HUB_USER }}/{{ .ProjectName }}:{{ .Version }}-arm64"
+      - "{{ .Env.DOCKER_HUB_USER }}/{{ .ProjectName }}:{{ .Version }}-armv7"
+  - name_template: "{{ .Env.DOCKER_HUB_USER }}/{{ .ProjectName }}:{{ .Version }}"
+    image_templates:
+      - "{{ .Env.DOCKER_HUB_USER }}/{{ .ProjectName }}:{{ .Version }}-amd64"
+      - "{{ .Env.DOCKER_HUB_USER }}/{{ .ProjectName }}:{{ .Version }}-arm64"
+      - "{{ .Env.DOCKER_HUB_USER }}/{{ .ProjectName }}:{{ .Version }}-armv7"
+  - name_template: "{{ .Env.DOCKER_HUB_USER }}/{{ .ProjectName }}:{{ .Major }}.{{ .Minor }}"
+    image_templates:
+      - "{{ .Env.DOCKER_HUB_USER }}/{{ .ProjectName }}:{{ .Version }}-amd64"
+      - "{{ .Env.DOCKER_HUB_USER }}/{{ .ProjectName }}:{{ .Version }}-arm64"
+      - "{{ .Env.DOCKER_HUB_USER }}/{{ .ProjectName }}:{{ .Version }}-armv7"
+
+  # GitHub Container Registry
+  - name_template: "ghcr.io/{{ .Env.GITHUB_USER }}/{{ .ProjectName }}:latest"
+    image_templates:
+      - "ghcr.io/{{ .Env.GITHUB_USER }}/{{ .ProjectName }}:{{ .Version }}-amd64"
+      - "ghcr.io/{{ .Env.GITHUB_USER }}/{{ .ProjectName }}:{{ .Version }}-arm64"
+      - "ghcr.io/{{ .Env.GITHUB_USER }}/{{ .ProjectName }}:{{ .Version }}-armv7"
+  - name_template: "ghcr.io/{{ .Env.GITHUB_USER }}/{{ .ProjectName }}:{{ .Version }}"
+    image_templates:
+      - "ghcr.io/{{ .Env.GITHUB_USER }}/{{ .ProjectName }}:{{ .Version }}-amd64"
+      - "ghcr.io/{{ .Env.GITHUB_USER }}/{{ .ProjectName }}:{{ .Version }}-arm64"
+      - "ghcr.io/{{ .Env.GITHUB_USER }}/{{ .ProjectName }}:{{ .Version }}-armv7"
+  - name_template: "ghcr.io/{{ .Env.GITHUB_USER }}/{{ .ProjectName }}:{{ .Major }}.{{ .Minor }}"
+    image_templates:
+      - "ghcr.io/{{ .Env.GITHUB_USER }}/{{ .ProjectName }}:{{ .Version }}-amd64"
+      - "ghcr.io/{{ .Env.GITHUB_USER }}/{{ .ProjectName }}:{{ .Version }}-arm64"
+      - "ghcr.io/{{ .Env.GITHUB_USER }}/{{ .ProjectName }}:{{ .Version }}-armv7"
+
+# Sign Docker images and manifests.
+docker_signs:
+  - artifacts: "all"
+    cmd: "cosign"
+    args:
+      - "sign"
+      - "${artifact}"
+      - "--yes"
+
+# Snapshot version settings.
+snapshot:
+  version_template: "{{ incpatch .Version }}-{{ .ShortCommit }}"
+
+# Generate changelog for releases.
+changelog:
+  use: "github-native"
+
+# Create GitHub release.
+release:
+  name_template: "golicenser v{{ .Version }}"
+  github:
+    owner: "joshuasing"
+    name: "golicenser"
+  prerelease: auto
+  mode: "append"
+
+# Close milestones for the released tag.
+milestones:
+  - repo:
+      owner: "joshuasing"
+      name: "golicenser"
+    close: true
+    name_template: "{{ .Tag }}"