From b5fcb83eb8433a552f0fa7d51ff0c90c88c3fae5 Mon Sep 17 00:00:00 2001 From: Carlos Alexandro Becker Date: Wed, 5 Jun 2024 11:30:30 -0300 Subject: [PATCH] ci: update goreleaser configs Signed-off-by: Carlos Alexandro Becker --- .goreleaser.yaml | 89 ++++++++++++++++++++++++------------------------ 1 file changed, 45 insertions(+), 44 deletions(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 8c234d3..2783dd1 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -3,29 +3,30 @@ # # See also: .github/workflows/release.yml +version: 2 project_name: supply-chain-example # setups builds for linux and darwin on amd64 and arm64 # https://goreleaser.com/customization/build builds: -- env: - - CGO_ENABLED=0 - goos: - - linux - - darwin - goarch: - - amd64 - - arm64 - # ensures mod timestamp to be the commit timestamp - mod_timestamp: '{{ .CommitTimestamp }}' - flags: - # trims path - - -trimpath - ldflags: - # use commit date instead of current date as main.date - # only needed if you actually use those things in your main package, otherwise can be ignored. - - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{ .CommitDate }} + - env: + - CGO_ENABLED=0 + goos: + - linux + - darwin + goarch: + - amd64 + - arm64 + # ensures mod timestamp to be the commit timestamp + mod_timestamp: "{{ .CommitTimestamp }}" + flags: + # trims path + - -trimpath + ldflags: + # use commit date instead of current date as main.date + # only needed if you actually use those things in your main package, otherwise can be ignored. + - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{ .CommitDate }} # proxies from the go mod proxy before building # https://goreleaser.com/customization/gomod @@ -35,7 +36,7 @@ gomod: # config the checksum filename # https://goreleaser.com/customization/checksum checksum: - name_template: 'checksums.txt' + name_template: "checksums.txt" # create a source tarball # https://goreleaser.com/customization/source/ @@ -53,43 +54,43 @@ sboms: # all files (including the sboms) are included in the checksum, so we don't need to sign each one if we don't want to # https://goreleaser.com/customization/sign signs: -- cmd: cosign - env: - - COSIGN_EXPERIMENTAL=1 - certificate: '${artifact}.pem' - args: - - sign-blob - - '--output-certificate=${certificate}' - - '--output-signature=${signature}' - - '${artifact}' - - "--yes" # needed on cosign 2.0.0+ - artifacts: checksum - output: true + - cmd: cosign + env: + - COSIGN_EXPERIMENTAL=1 + certificate: "${artifact}.pem" + args: + - sign-blob + - "--output-certificate=${certificate}" + - "--output-signature=${signature}" + - "${artifact}" + - "--yes" # needed on cosign 2.0.0+ + artifacts: checksum + output: true # create a docker image # https://goreleaser.com/customization/docker dockers: -- image_templates: - - 'ghcr.io/goreleaser/supply-chain-example:{{ .Tag }}' - dockerfile: Dockerfile - build_flag_templates: - - "--pull" - - "--label=org.opencontainers.image.created={{.Date}}" - - "--label=org.opencontainers.image.name={{.ProjectName}}" - - "--label=org.opencontainers.image.revision={{.FullCommit}}" - - "--label=org.opencontainers.image.version={{.Version}}" - - "--label=org.opencontainers.image.source={{.GitURL}}" + - image_templates: + - "ghcr.io/goreleaser/supply-chain-example:{{ .Tag }}" + dockerfile: Dockerfile + build_flag_templates: + - "--pull" + - "--label=org.opencontainers.image.created={{.Date}}" + - "--label=org.opencontainers.image.name={{.ProjectName}}" + - "--label=org.opencontainers.image.revision={{.FullCommit}}" + - "--label=org.opencontainers.image.version={{.Version}}" + - "--label=org.opencontainers.image.source={{.GitURL}}" # signs our docker image # https://goreleaser.com/customization/docker_sign docker_signs: - cmd: cosign env: - - COSIGN_EXPERIMENTAL=1 + - COSIGN_EXPERIMENTAL=1 artifacts: images output: true args: - - 'sign' - - '${artifact}' - - "--yes" # needed on cosign 2.0.0+ + - "sign" + - "${artifact}" + - "--yes" # needed on cosign 2.0.0+