From 61dff5de88b6c7052f65a7eb0bb06fb22636f867 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Date: Fri, 6 Feb 2026 15:59:16 -0500
Subject: [PATCH] chore: migrate .goreleaser build to docker_v2

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---
 .goreleaser.yaml         | 296 ++++++++-------------------------------
 Dockerfile               |  20 +--
 Dockerfile.debug         |  24 +---
 Dockerfile.debug-nonroot |  11 ++
 Dockerfile.nonroot       |  20 +--
 5 files changed, 74 insertions(+), 297 deletions(-)
 create mode 100644 Dockerfile.debug-nonroot

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index eaf89dfc3..3a3b5c0fb 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -73,252 +73,68 @@ brews:
     description: *description
     license: "Apache License 2.0"
 
-dockers:
-  # production images...
-  - image_templates:
-      - anchore/syft:{{.Tag}}-amd64
-      - ghcr.io/anchore/syft:{{.Tag}}-amd64
-    goarch: amd64
+dockers_v2:
+  # production images (scratch base, root)
+  - id: production
     dockerfile: Dockerfile
-    use: buildx
-    build_flag_templates:
-      - "--platform=linux/amd64"
-      - "--build-arg=BUILD_DATE={{.Date}}"
-      - "--build-arg=BUILD_VERSION={{.Version}}"
-      - "--build-arg=VCS_REF={{.FullCommit}}"
-      - "--build-arg=VCS_URL={{.GitURL}}"
+    ids: &docker-ids
+      - linux-build
+    images: &docker-images
+      - anchore/syft
+      - ghcr.io/anchore/syft
+    platforms: &docker-platforms
+      - linux/amd64
+      - linux/arm64
+      - linux/ppc64le
+      - linux/s390x
+    labels: &docker-labels
+      "org.opencontainers.image.created": "{{.Date}}"
+      "org.opencontainers.image.title": "syft"
+      "org.opencontainers.image.description": "CLI tool and library for generating a Software Bill of Materials from container images and filesystems"
+      "org.opencontainers.image.source": "{{.GitURL}}"
+      "org.opencontainers.image.revision": "{{.FullCommit}}"
+      "org.opencontainers.image.vendor": "Anchore, Inc."
+      "org.opencontainers.image.version": "{{.Version}}"
+      "org.opencontainers.image.licenses": "Apache-2.0"
+      "io.artifacthub.package.readme-url": "https://raw.githubusercontent.com/anchore/syft/main/README.md"
+      "io.artifacthub.package.logo-url": "https://user-images.githubusercontent.com/5199289/136844524-1527b09f-c5cb-4aa9-be54-5aa92a6086c1.png"
+      "io.artifacthub.package.license": "Apache-2.0"
+    tags:
+      - latest
+      - "{{.Tag}}"
 
-  - image_templates:
-      - anchore/syft:{{.Tag}}-arm64v8
-      - ghcr.io/anchore/syft:{{.Tag}}-arm64v8
-    goarch: arm64
-    dockerfile: Dockerfile
-    use: buildx
-    build_flag_templates:
-      - "--platform=linux/arm64/v8"
-      - "--build-arg=BUILD_DATE={{.Date}}"
-      - "--build-arg=BUILD_VERSION={{.Version}}"
-      - "--build-arg=VCS_REF={{.FullCommit}}"
-      - "--build-arg=VCS_URL={{.GitURL}}"
-
-  - image_templates:
-      - anchore/syft:{{.Tag}}-ppc64le
-      - ghcr.io/anchore/syft:{{.Tag}}-ppc64le
-    goarch: ppc64le
-    dockerfile: Dockerfile
-    use: buildx
-    build_flag_templates:
-      - "--platform=linux/ppc64le"
-      - "--build-arg=BUILD_DATE={{.Date}}"
-      - "--build-arg=BUILD_VERSION={{.Version}}"
-      - "--build-arg=VCS_REF={{.FullCommit}}"
-      - "--build-arg=VCS_URL={{.GitURL}}"
-
-  - image_templates:
-      - anchore/syft:{{.Tag}}-s390x
-      - ghcr.io/anchore/syft:{{.Tag}}-s390x
-    goarch: s390x
-    dockerfile: Dockerfile
-    use: buildx
-    build_flag_templates:
-      - "--platform=linux/s390x"
-      - "--build-arg=BUILD_DATE={{.Date}}"
-      - "--build-arg=BUILD_VERSION={{.Version}}"
-      - "--build-arg=VCS_REF={{.FullCommit}}"
-      - "--build-arg=VCS_URL={{.GitURL}}"
-
-  # nonroot images...
-  - image_templates:
-      - anchore/syft:{{.Tag}}-nonroot-amd64
-      - ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64
-    goarch: amd64
+  # nonroot images
+  - id: nonroot
     dockerfile: Dockerfile.nonroot
-    use: buildx
-    build_flag_templates:
-      - "--platform=linux/amd64"
-      - "--build-arg=BUILD_DATE={{.Date}}"
-      - "--build-arg=BUILD_VERSION={{.Version}}"
-      - "--build-arg=VCS_REF={{.FullCommit}}"
-      - "--build-arg=VCS_URL={{.GitURL}}"
+    ids: *docker-ids
+    images: *docker-images
+    platforms: *docker-platforms
+    labels: *docker-labels
+    tags:
+      - nonroot
+      - "{{.Tag}}-nonroot"
 
-  - image_templates:
-      - anchore/syft:{{.Tag}}-nonroot-arm64v8
-      - ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8
-    goarch: arm64
-    dockerfile: Dockerfile.nonroot
-    use: buildx
-    build_flag_templates:
-      - "--platform=linux/arm64/v8"
-      - "--build-arg=BUILD_DATE={{.Date}}"
-      - "--build-arg=BUILD_VERSION={{.Version}}"
-      - "--build-arg=VCS_REF={{.FullCommit}}"
-      - "--build-arg=VCS_URL={{.GitURL}}"
-
-  - image_templates:
-      - anchore/syft:{{.Tag}}-nonroot-ppc64le
-      - ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le
-    goarch: ppc64le
-    dockerfile: Dockerfile.nonroot
-    use: buildx
-    build_flag_templates:
-      - "--platform=linux/ppc64le"
-      - "--build-arg=BUILD_DATE={{.Date}}"
-      - "--build-arg=BUILD_VERSION={{.Version}}"
-      - "--build-arg=VCS_REF={{.FullCommit}}"
-      - "--build-arg=VCS_URL={{.GitURL}}"
-
-  - image_templates:
-      - anchore/syft:{{.Tag}}-nonroot-s390x
-      - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x
-    goarch: s390x
-    dockerfile: Dockerfile.nonroot
-    use: buildx
-    build_flag_templates:
-      - "--platform=linux/s390x"
-      - "--build-arg=BUILD_DATE={{.Date}}"
-      - "--build-arg=BUILD_VERSION={{.Version}}"
-      - "--build-arg=VCS_REF={{.FullCommit}}"
-      - "--build-arg=VCS_URL={{.GitURL}}"
-
-  # debug images...
-  - image_templates:
-      - anchore/syft:{{.Tag}}-debug-amd64
-      - ghcr.io/anchore/syft:{{.Tag}}-debug-amd64
-    goarch: amd64
+  # debug images (root)
+  - id: debug
     dockerfile: Dockerfile.debug
-    use: buildx
-    build_flag_templates:
-      - "--platform=linux/amd64"
-      - "--build-arg=BUILD_DATE={{.Date}}"
-      - "--build-arg=BUILD_VERSION={{.Version}}"
-      - "--build-arg=VCS_REF={{.FullCommit}}"
-      - "--build-arg=VCS_URL={{.GitURL}}"
+    ids: *docker-ids
+    images: *docker-images
+    platforms: *docker-platforms
+    labels: *docker-labels
+    tags:
+      - debug
+      - "{{.Tag}}-debug"
 
-  - image_templates:
-      - anchore/syft:{{.Tag}}-debug-arm64v8
-      - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8
-    goarch: arm64
-    dockerfile: Dockerfile.debug
-    use: buildx
-    build_flag_templates:
-      - "--platform=linux/arm64/v8"
-      - "--build-arg=BUILD_DATE={{.Date}}"
-      - "--build-arg=BUILD_VERSION={{.Version}}"
-      - "--build-arg=VCS_REF={{.FullCommit}}"
-      - "--build-arg=VCS_URL={{.GitURL}}"
-
-  - image_templates:
-      - anchore/syft:{{.Tag}}-debug-ppc64le
-      - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le
-    goarch: ppc64le
-    dockerfile: Dockerfile.debug
-    use: buildx
-    build_flag_templates:
-      - "--platform=linux/ppc64le"
-      - "--build-arg=BUILD_DATE={{.Date}}"
-      - "--build-arg=BUILD_VERSION={{.Version}}"
-      - "--build-arg=VCS_REF={{.FullCommit}}"
-      - "--build-arg=VCS_URL={{.GitURL}}"
-
-  - image_templates:
-      - anchore/syft:{{.Tag}}-debug-s390x
-      - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x
-    goarch: s390x
-    dockerfile: Dockerfile.debug
-    use: buildx
-    build_flag_templates:
-      - "--platform=linux/s390x"
-      - "--build-arg=BUILD_DATE={{.Date}}"
-      - "--build-arg=BUILD_VERSION={{.Version}}"
-      - "--build-arg=VCS_REF={{.FullCommit}}"
-      - "--build-arg=VCS_URL={{.GitURL}}"
-
-docker_manifests:
-  - name_template: anchore/syft:latest
-    image_templates:
-      - anchore/syft:{{.Tag}}-amd64
-      - anchore/syft:{{.Tag}}-arm64v8
-      - anchore/syft:{{.Tag}}-ppc64le
-      - anchore/syft:{{.Tag}}-s390x
-
-  - name_template: ghcr.io/anchore/syft:latest
-    image_templates:
-      - ghcr.io/anchore/syft:{{.Tag}}-amd64
-      - ghcr.io/anchore/syft:{{.Tag}}-arm64v8
-      - ghcr.io/anchore/syft:{{.Tag}}-ppc64le
-      - ghcr.io/anchore/syft:{{.Tag}}-s390x
-
-  - name_template: anchore/syft:{{.Tag}}
-    image_templates:
-      - anchore/syft:{{.Tag}}-amd64
-      - anchore/syft:{{.Tag}}-arm64v8
-      - anchore/syft:{{.Tag}}-ppc64le
-      - anchore/syft:{{.Tag}}-s390x
-
-  - name_template: ghcr.io/anchore/syft:{{.Tag}}
-    image_templates:
-      - ghcr.io/anchore/syft:{{.Tag}}-amd64
-      - ghcr.io/anchore/syft:{{.Tag}}-arm64v8
-      - ghcr.io/anchore/syft:{{.Tag}}-ppc64le
-      - ghcr.io/anchore/syft:{{.Tag}}-s390x
-
-  # nonroot images...
-  - name_template: anchore/syft:nonroot
-    image_templates:
-      - anchore/syft:{{.Tag}}-nonroot-amd64
-      - anchore/syft:{{.Tag}}-nonroot-arm64v8
-      - anchore/syft:{{.Tag}}-nonroot-ppc64le
-      - anchore/syft:{{.Tag}}-nonroot-s390x
-
-  - name_template: ghcr.io/anchore/syft:nonroot
-    image_templates:
-      - ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64
-      - ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8
-      - ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le
-      - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x
-
-  - name_template: anchore/syft:{{.Tag}}-nonroot
-    image_templates:
-      - anchore/syft:{{.Tag}}-nonroot-amd64
-      - anchore/syft:{{.Tag}}-nonroot-arm64v8
-      - anchore/syft:{{.Tag}}-nonroot-ppc64le
-      - anchore/syft:{{.Tag}}-nonroot-s390x
-
-  - name_template: ghcr.io/anchore/syft:{{.Tag}}-nonroot
-    image_templates:
-      - ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64
-      - ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8
-      - ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le
-      - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x
-
-  # debug images...
-  - name_template: anchore/syft:debug
-    image_templates:
-      - anchore/syft:{{.Tag}}-debug-amd64
-      - anchore/syft:{{.Tag}}-debug-arm64v8
-      - anchore/syft:{{.Tag}}-debug-ppc64le
-      - anchore/syft:{{.Tag}}-debug-s390x
-
-  - name_template: ghcr.io/anchore/syft:debug
-    image_templates:
-      - ghcr.io/anchore/syft:{{.Tag}}-debug-amd64
-      - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8
-      - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le
-      - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x
-
-  - name_template: anchore/syft:{{.Tag}}-debug
-    image_templates:
-      - anchore/syft:{{.Tag}}-debug-amd64
-      - anchore/syft:{{.Tag}}-debug-arm64v8
-      - anchore/syft:{{.Tag}}-debug-ppc64le
-      - anchore/syft:{{.Tag}}-debug-s390x
-
-  - name_template: ghcr.io/anchore/syft:{{.Tag}}-debug
-    image_templates:
-      - ghcr.io/anchore/syft:{{.Tag}}-debug-amd64
-      - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8
-      - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le
-      - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x
+  # debug-nonroot images
+  - id: debug-nonroot
+    dockerfile: Dockerfile.debug-nonroot
+    ids: *docker-ids
+    images: *docker-images
+    platforms: *docker-platforms
+    labels: *docker-labels
+    tags:
+      - debug-nonroot
+      - "{{.Tag}}-debug-nonroot"
 
 sboms:
   - artifacts: archive
diff --git a/Dockerfile b/Dockerfile
index 9e682b2d6..ea66b318b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,23 +7,7 @@ COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certifica
 # create the /tmp dir, which is needed for image content cache
 WORKDIR /tmp
 
-COPY syft /
-
-ARG BUILD_DATE
-ARG BUILD_VERSION
-ARG VCS_REF
-ARG VCS_URL
-
-LABEL org.opencontainers.image.created=$BUILD_DATE
-LABEL org.opencontainers.image.title="syft"
-LABEL org.opencontainers.image.description="CLI tool and library for generating a Software Bill of Materials from container images and filesystems"
-LABEL org.opencontainers.image.source=$VCS_URL
-LABEL org.opencontainers.image.revision=$VCS_REF
-LABEL org.opencontainers.image.vendor="Anchore, Inc."
-LABEL org.opencontainers.image.version=$BUILD_VERSION
-LABEL org.opencontainers.image.licenses="Apache-2.0"
-LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/anchore/syft/main/README.md"
-LABEL io.artifacthub.package.logo-url="https://user-images.githubusercontent.com/5199289/136844524-1527b09f-c5cb-4aa9-be54-5aa92a6086c1.png"
-LABEL io.artifacthub.package.license="Apache-2.0"
+ARG TARGETPLATFORM
+COPY ${TARGETPLATFORM}/syft /
 
 ENTRYPOINT ["/syft"]
diff --git a/Dockerfile.debug b/Dockerfile.debug
index bfabed8db..6e6b318f0 100644
--- a/Dockerfile.debug
+++ b/Dockerfile.debug
@@ -1,27 +1,9 @@
-FROM gcr.io/distroless/static-debian12:debug-nonroot
+FROM gcr.io/distroless/static-debian12:debug
 
 # create the /tmp dir, which is needed for image content cache
 WORKDIR /tmp
 
-COPY syft /
-
-USER nonroot
-
-ARG BUILD_DATE
-ARG BUILD_VERSION
-ARG VCS_REF
-ARG VCS_URL
-
-LABEL org.opencontainers.image.created=$BUILD_DATE
-LABEL org.opencontainers.image.title="syft"
-LABEL org.opencontainers.image.description="CLI tool and library for generating a Software Bill of Materials from container images and filesystems"
-LABEL org.opencontainers.image.source=$VCS_URL
-LABEL org.opencontainers.image.revision=$VCS_REF
-LABEL org.opencontainers.image.vendor="Anchore, Inc."
-LABEL org.opencontainers.image.version=$BUILD_VERSION
-LABEL org.opencontainers.image.licenses="Apache-2.0"
-LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/anchore/syft/main/README.md"
-LABEL io.artifacthub.package.logo-url="https://user-images.githubusercontent.com/5199289/136844524-1527b09f-c5cb-4aa9-be54-5aa92a6086c1.png"
-LABEL io.artifacthub.package.license="Apache-2.0"
+ARG TARGETPLATFORM
+COPY ${TARGETPLATFORM}/syft /
 
 ENTRYPOINT ["/syft"]
diff --git a/Dockerfile.debug-nonroot b/Dockerfile.debug-nonroot
new file mode 100644
index 000000000..e0b732fba
--- /dev/null
+++ b/Dockerfile.debug-nonroot
@@ -0,0 +1,11 @@
+FROM gcr.io/distroless/static-debian12:debug-nonroot
+
+# create the /tmp dir, which is needed for image content cache
+WORKDIR /tmp
+
+ARG TARGETPLATFORM
+COPY ${TARGETPLATFORM}/syft /
+
+USER nonroot
+
+ENTRYPOINT ["/syft"]
diff --git a/Dockerfile.nonroot b/Dockerfile.nonroot
index 86b6b643f..5385c3c0e 100644
--- a/Dockerfile.nonroot
+++ b/Dockerfile.nonroot
@@ -3,25 +3,9 @@ FROM gcr.io/distroless/static-debian12:nonroot
 # create the /tmp dir, which is needed for image content cache
 WORKDIR /tmp
 
-COPY syft /
+ARG TARGETPLATFORM
+COPY ${TARGETPLATFORM}/syft /
 
 USER nonroot
 
-ARG BUILD_DATE
-ARG BUILD_VERSION
-ARG VCS_REF
-ARG VCS_URL
-
-LABEL org.opencontainers.image.created=$BUILD_DATE
-LABEL org.opencontainers.image.title="syft"
-LABEL org.opencontainers.image.description="CLI tool and library for generating a Software Bill of Materials from container images and filesystems"
-LABEL org.opencontainers.image.source=$VCS_URL
-LABEL org.opencontainers.image.revision=$VCS_REF
-LABEL org.opencontainers.image.vendor="Anchore, Inc."
-LABEL org.opencontainers.image.version=$BUILD_VERSION
-LABEL org.opencontainers.image.licenses="Apache-2.0"
-LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/anchore/syft/main/README.md"
-LABEL io.artifacthub.package.logo-url="https://user-images.githubusercontent.com/5199289/136844524-1527b09f-c5cb-4aa9-be54-5aa92a6086c1.png"
-LABEL io.artifacthub.package.license="Apache-2.0"
-
 ENTRYPOINT ["/syft"]