forked from sigstore/timestamp-authority
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.goreleaser.yml
98 lines (87 loc) · 2.41 KB
/
.goreleaser.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
project_name: timestamp-authority
env:
- GO111MODULE=on
- CGO_ENABLED=0
- DOCKER_CLI_EXPERIMENTAL=enabled
- COSIGN_YES=true
# Prevents parallel builds from stepping on eachothers toes downloading modules
before:
hooks:
- go mod tidy
- /bin/bash -c 'if [ -n "$(git --no-pager diff --exit-code go.mod go.sum)" ]; then exit 1; fi'
# if running a release we will generate the images in this step
# if running in the CI the CI env va is set by github action runner and we dont run the ko steps
# this is needed because we are generating files that goreleaser was not aware to push to GH project release
- /bin/bash -c 'if [ -n "$CI" ]; then make sign-container-release; fi'
gomod:
proxy: true
sboms:
- artifacts: binary
builds:
- id: timestamp-server
binary: timestamp-server-linux-{{ .Arch }}
no_unique_dist_dir: true
main: ./cmd/timestamp-server
goos:
- linux
goarch:
- amd64
- arm64
- arm
goarm:
- 7
flags:
- -trimpath
mod_timestamp: '{{ .CommitTimestamp }}'
ldflags:
- "{{ .Env.LDFLAGS }}"
- id: timestamp-cli
binary: timestamp-cli-{{ .Os }}-{{ .Arch }}
no_unique_dist_dir: true
main: ./cmd/timestamp-cli
goos:
- linux
- darwin
- windows
goarch:
- amd64
- arm64
- arm
goarm:
- 7
ignore:
- goos: windows
goarch: arm64
flags:
- -trimpath
mod_timestamp: '{{ .CommitTimestamp }}'
ldflags:
- "{{ .Env.LDFLAGS }}"
signs:
# Keyless
- id: keyless
signature: "${artifact}-keyless.sig"
certificate: "${artifact}-keyless.pem"
cmd: cosign
args: ["sign-blob", "--output-signature", "${artifact}-keyless.sig", "--output-certificate", "${artifact}-keyless.pem", "${artifact}"]
artifacts: binary
- id: checksum-keyless
signature: "${artifact}-keyless.sig"
certificate: "${artifact}-keyless.pem"
cmd: cosign
args: ["sign-blob", "--output-signature", "${artifact}-keyless.sig", "--output-certificate", "${artifact}-keyless.pem", "${artifact}"]
artifacts: checksum
archives:
- format: binary
name_template: "{{ .Binary }}"
allow_different_binary_count: true
checksum:
name_template: "{{ .ProjectName }}_checksums.txt"
snapshot:
name_template: SNAPSHOT-{{ .ShortCommit }}
release:
prerelease: auto
draft: true # allow for manual edits
github:
owner: sigstore
name: timestamp-authority