Added sops.

.github/workflows/build-sops.yml

@@ -0,0 +1,96 @@
+---
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+################################################################################
+# DO NOT EDIT THIS FILE!
+# 
+# 1. Edit the *.gotmpl.yml files instead.
+# 2. Run 'go run generate-workflow.go -p {package} -t {template}'.
+################################################################################
+
+name: Build sops
+on:
+  workflow_dispatch:
+  push:
+    branches: [main]
+    paths:
+      - ".github/workflows/build-sops.yml"
+  pull_request:
+    branches: [main]
+    paths:
+      - ".github/workflows/build-sops.yml"
+    schedule:
+      - cron: '50 13 * * *'
+
+# Variables available to all jobs defined in this file
+env:
+  DOCKER_BUILDKIT: 1
+  REGISTRY: ${{ vars.REGISTRY }}
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  lookup:
+    runs-on: ubuntu-latest
+    name: Lookup current version
+    permissions:
+      packages: write
+      contents: read
+    strategy:
+      fail-fast: false
+
+    container:
+      image: ghcr.io/northwood-labs/package-builder/ubuntu-v22.04:latest
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    outputs:
+      cache_hit: ${{ steps.check.outputs.cache-hit }}
+      package_version: ${{ steps.lookup_version.outputs.package_version }}
+
+    steps:
+      - name: Lookup latest version of package
+        id: lookup_version
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          echo "package_version=$(download-asset latest-tag -r 'getsops/sops' -s)" >> $GITHUB_OUTPUT
+
+      - name: Check to see if we've already built this version
+        uses: actions/cache/restore@v4
+        id: check
+        with:
+          key: "tenv-${{ steps.lookup_version.outputs.package_version }}"
+          path: "packages/sops/dist"
+          lookup-only: true
+
+  build:
+    if: needs.lookup.outputs.cache_hit != 'true'
+    needs: lookup
+    name: Build and cache
+    uses: northwood-labs/package-building/.github/workflows/build-and-cache.yml@main
+    secrets: inherit
+    with:
+      package-name: "sops"
+      package-version: ${{ needs.lookup.outputs.package_version }}
+
+  upload:
+    if: needs.lookup.outputs.cache_hit != 'true'
+    needs: build
+    name: Upload to S3
+    uses: northwood-labs/package-building/.github/workflows/upload-to-s3.yml@main
+    secrets: inherit
+    with:
+      package-name: "sops"
+      package-version: ${{ needs.lookup.outputs.package_version }}
+
+  metadata:
+    if: needs.lookup.outputs.cache_hit != 'true'
+    needs: upload
+    name: Generate metadata
+    uses: northwood-labs/package-building/.github/workflows/generate-rpm-meta.yml@main
+    secrets: inherit

packages/sops/.goreleaser.yml

@@ -0,0 +1,23 @@
+---
+# https://goreleaser.com/customization/project/
+project_name: sops
+
+variables:
+  Vendor: Mozilla
+  VendorHomepage: https://getsops.io
+  License: MPL-2.0
+  Description: |
+    Simple and flexible tool for managing secrets.
+
+# https://goreleaser.com/customization/includes/
+includes:
+  - from_file:
+      path: ../shared.yml
+
+# https://goreleaser.com/customization/hooks/
+before:
+  hooks:
+    - cmd: |
+        bash ./download.sh
+      output: true
+      dir: .

packages/sops/download.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# linux/amd64 (Intel64)
+download-asset get \
+    --owner-repo "getsops/sops" \
+    --pattern "sops-v{{.Ver}}.linux.amd64" \
+    --archive-path "" \
+    --write-to-bin "sops_amd64" \
+    ;
+
+# linux/arm64 (ARM64)
+download-asset get \
+    --owner-repo "getsops/sops" \
+    --pattern "sops-v{{.Ver}}.linux.arm64" \
+    --archive-path "" \
+    --write-to-bin "sops_arm64" \
+    ;