oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 08:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix usage of goreleaser's artifact pipeline

Browse Source 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
This commit is contained in:
Dan Luhring 2020-11-11 14:29:55 -05:00
parent 2c82c7c0f0
commit 8627ea88ce
No known key found for this signature in database
GPG Key ID: 9CEE23D079426CEF
1 changed files with 1 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.goreleaser.yaml
View File

@ -6,10 +6,6 @@ release:
# If set to true, will not auto-publish the release. This is done to allow us to review the changelog before publishing.
draft: true
# This ensures any macOS signed artifacts get included with the release.
extra_files:
- glob: "./dist/*.dmg"
builds:
- binary: syft
id: syft
@ -61,15 +57,11 @@ archives:
- syft-macos
signs:
- artifacts: checksum
ids:
- syft # i.e. Linux only
args: ["--output", "${signature}", "--detach-sign", "${artifact}"]
- id: syft-macos-signing
signature: "./dist/syft_{{ .Version }}_darwin_amd64.dmg"
ids:
- syft-macos
cmd: ./.github/scripts/mac-sign-and-notarize.sh
signature: "syft_${VERSION}_darwin_amd64.dmg" # This is somewhat unintuitive. This gets the DMG file recognized as an artifact. In fact, both a DMG and a ZIP file are being produced by this signing step.
args:
- "{{ .IsSnapshot }}"
- "gon.hcl"