Skip to content

Commit

Permalink
ci: update goreleaser configs
Browse files Browse the repository at this point in the history
Signed-off-by: Carlos Alexandro Becker <[email protected]>
  • Loading branch information
caarlos0 committed Jun 5, 2024
1 parent 402950f commit b5fcb83
Showing 1 changed file with 45 additions and 44 deletions.
89 changes: 45 additions & 44 deletions .goreleaser.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,29 +3,30 @@
#
# See also: .github/workflows/release.yml

version: 2

project_name: supply-chain-example

# setups builds for linux and darwin on amd64 and arm64
# https://goreleaser.com/customization/build
builds:
- env:
- CGO_ENABLED=0
goos:
- linux
- darwin
goarch:
- amd64
- arm64
# ensures mod timestamp to be the commit timestamp
mod_timestamp: '{{ .CommitTimestamp }}'
flags:
# trims path
- -trimpath
ldflags:
# use commit date instead of current date as main.date
# only needed if you actually use those things in your main package, otherwise can be ignored.
- -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{ .CommitDate }}
- env:
- CGO_ENABLED=0
goos:
- linux
- darwin
goarch:
- amd64
- arm64
# ensures mod timestamp to be the commit timestamp
mod_timestamp: "{{ .CommitTimestamp }}"
flags:
# trims path
- -trimpath
ldflags:
# use commit date instead of current date as main.date
# only needed if you actually use those things in your main package, otherwise can be ignored.
- -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{ .CommitDate }}

# proxies from the go mod proxy before building
# https://goreleaser.com/customization/gomod
Expand All @@ -35,7 +36,7 @@ gomod:
# config the checksum filename
# https://goreleaser.com/customization/checksum
checksum:
name_template: 'checksums.txt'
name_template: "checksums.txt"

# create a source tarball
# https://goreleaser.com/customization/source/
Expand All @@ -53,43 +54,43 @@ sboms:
# all files (including the sboms) are included in the checksum, so we don't need to sign each one if we don't want to
# https://goreleaser.com/customization/sign
signs:
- cmd: cosign
env:
- COSIGN_EXPERIMENTAL=1
certificate: '${artifact}.pem'
args:
- sign-blob
- '--output-certificate=${certificate}'
- '--output-signature=${signature}'
- '${artifact}'
- "--yes" # needed on cosign 2.0.0+
artifacts: checksum
output: true
- cmd: cosign
env:
- COSIGN_EXPERIMENTAL=1
certificate: "${artifact}.pem"
args:
- sign-blob
- "--output-certificate=${certificate}"
- "--output-signature=${signature}"
- "${artifact}"
- "--yes" # needed on cosign 2.0.0+
artifacts: checksum
output: true

# create a docker image
# https://goreleaser.com/customization/docker
dockers:
- image_templates:
- 'ghcr.io/goreleaser/supply-chain-example:{{ .Tag }}'
dockerfile: Dockerfile
build_flag_templates:
- "--pull"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.name={{.ProjectName}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.source={{.GitURL}}"
- image_templates:
- "ghcr.io/goreleaser/supply-chain-example:{{ .Tag }}"
dockerfile: Dockerfile
build_flag_templates:
- "--pull"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.name={{.ProjectName}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.source={{.GitURL}}"

# signs our docker image
# https://goreleaser.com/customization/docker_sign
docker_signs:
- cmd: cosign
env:
- COSIGN_EXPERIMENTAL=1
- COSIGN_EXPERIMENTAL=1
artifacts: images
output: true
args:
- 'sign'
- '${artifact}'
- "--yes" # needed on cosign 2.0.0+
- "sign"
- "${artifact}"
- "--yes" # needed on cosign 2.0.0+

0 comments on commit b5fcb83

Please sign in to comment.