diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5d4f57d4e..6e9393c3a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -83,6 +83,8 @@ jobs: needs: [wait-for-checks] runs-on: macos-latest # Due to our code signing process, it's vital that we run our release steps on macOS. steps: + - uses: docker-practice/actions-setup-docker@v1 + - uses: actions/setup-go@v2 with: go-version: ${{ env.GO_VERSION }} @@ -104,6 +106,10 @@ jobs: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}- ${{ runner.os }}-go-${{ env.GO_VERSION }}- + - name: Bootstrap project dependencies + if: steps.bootstrap-cache.outputs.cache-hit != 'true' + run: make bootstrap + - name: Import GPG key id: import_gpg uses: crazy-max/ghaction-import-gpg@v2 diff --git a/.goreleaser.yaml b/.goreleaser.yaml index f1fd98345..bd8c7749e 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -90,3 +90,20 @@ brews: name: homebrew-syft homepage: *website description: *description + +dockers: + - + binaries: + - syft + dockerfile: Dockerfile + image_templates: + - "anchore/syft:latest" + - "anchore/syft:{{ .Tag }}" + - "anchore/syft:v{{ .Major }}" + - "anchore/syft:v{{ .Major }}.{{ .Minor }}" + + build_flag_templates: + - "--build-arg=BUILD_DATE={{.Date}}" + - "--build-arg=BUILD_VERSION={{.Version}}" + - "--build-arg=VCS_REF={{.FullCommit}}" + - "--build-arg=VCS_URL={{.GitURL}}" diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..7843e305e --- /dev/null +++ b/Dockerfile @@ -0,0 +1,28 @@ +FROM alpine:latest AS build + +RUN apk --no-cache add ca-certificates + +FROM scratch +# needed for version check HTTPS request +COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt + +# create the /tmp dir, which is needed for image content cache +WORKDIR /tmp + +COPY syft / + +ARG BUILD_DATE +ARG BUILD_VERSION +ARG VCS_REF +ARG VCS_URL + +LABEL org.label-schema.schema-version="1.0" +LABEL org.label-schema.build-date=$BUILD_DATE +LABEL org.label-schema.name="syft" +LABEL org.label-schema.description="CLI tool and library for generating a Software Bill of Materials from container images and filesystems" +LABEL org.label-schema.vcs-url=$VCS_URL +LABEL org.label-schema.vcs-ref=$VCS_REF +LABEL org.label-schema.vendor="Anchore, Inc." +LABEL org.label-schema.version=$BUILD_VERSION + +ENTRYPOINT ["/syft"] diff --git a/Makefile b/Makefile index e77a2d96c..a8455af00 100644 --- a/Makefile +++ b/Makefile @@ -78,10 +78,6 @@ help: ci-bootstrap: DEBIAN_FRONTEND=noninteractive sudo apt update && sudo -E apt install -y bc jq libxml2-utils -.PHONY: -ci-bootstrap-mac: - github_changelog_generator --version || sudo gem install github_changelog_generator - .PHONY: bootstrap bootstrap: ## Download and install all go dependencies (+ prep tooling in the ./tmp dir) $(call title,Bootstrapping dependencies) @@ -226,8 +222,9 @@ acceptance-test-rpm-package-install: $(SNAPSHOTDIR) .PHONY: changlog-release changelog-release: @echo "Last tag: $(SECOND_TO_LAST_TAG)" - @echo "Current tag: $(VERSION)" - @github_changelog_generator \ + @docker run --rm \ + -v "$(shell pwd)":/usr/local/src/your-app \ + ferrarimarco/github-changelog-generator \ --user anchore \ --project $(BIN) \ -t ${GITHUB_TOKEN} \ @@ -259,7 +256,7 @@ changelog-unreleased: ## show the current changelog that will be produced on the /CHANGELOG.md .PHONY: release -release: clean-dist ci-bootstrap-mac changelog-release ## Build and publish final binaries and packages. Intended to be run only on macOS. +release: clean-dist changelog-release ## Build and publish final binaries and packages. Intended to be run only on macOS. $(call title,Publishing release artifacts) # Prepare for macOS-specific signing process @@ -284,6 +281,7 @@ release: clean-dist ci-bootstrap-mac changelog-release ## Build and publish fina # upload the version file that supports the application version update check (excluding pre-releases) .github/scripts/update-version-file.sh "$(DISTDIR)" "$(VERSION)" + .PHONY: clean clean: clean-dist clean-snapshot ## Remove previous builds and result reports rm -rf $(RESULTSDIR)/*