oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 08:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

restore goreleaser config

Browse Source 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
This commit is contained in:
Alex Goodman 2025-10-29 11:58:00 -04:00
parent 16fb680b15
commit c3e196bea5
1 changed files with 249 additions and 252 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

501
.goreleaser.yaml
View File

@ -14,11 +14,7 @@ builds:
dir: ./cmd/syft dir: ./cmd/syft
binary: syft binary: syft
goos: [linux] goos: [linux]
goarch: goarch: [amd64, arm64, ppc64le, s390x]
- amd64
- arm64
# - ppc64le
# - s390x
mod_timestamp: &build-timestamp '{{ .CommitTimestamp }}' mod_timestamp: &build-timestamp '{{ .CommitTimestamp }}'
ldflags: &build-ldflags | ldflags: &build-ldflags |
-w -w
@ -29,53 +25,53 @@ builds:
-X main.buildDate={{.Date}} -X main.buildDate={{.Date}}
-X main.gitDescription={{.Summary}} -X main.gitDescription={{.Summary}}
# - id: darwin-build - id: darwin-build
# dir: ./cmd/syft dir: ./cmd/syft
# binary: syft binary: syft
# goos: [darwin] goos: [darwin]
# goarch: [amd64, arm64] goarch: [amd64, arm64]
# mod_timestamp: *build-timestamp mod_timestamp: *build-timestamp
# ldflags: *build-ldflags ldflags: *build-ldflags
# hooks: hooks:
# post: post:
# - cmd: .tool/quill sign-and-notarize "{{ .Path }}" --dry-run={{ .IsSnapshot }} --ad-hoc={{ .IsSnapshot }} -vv - cmd: .tool/quill sign-and-notarize "{{ .Path }}" --dry-run={{ .IsSnapshot }} --ad-hoc={{ .IsSnapshot }} -vv
# env: env:
# - QUILL_LOG_FILE=/tmp/quill-{{ .Target }}.log - QUILL_LOG_FILE=/tmp/quill-{{ .Target }}.log
#
# - id: windows-build - id: windows-build
# dir: ./cmd/syft dir: ./cmd/syft
# binary: syft binary: syft
# goos: [windows] goos: [windows]
# goarch: [amd64, arm64] goarch: [amd64, arm64]
# mod_timestamp: *build-timestamp mod_timestamp: *build-timestamp
# ldflags: *build-ldflags ldflags: *build-ldflags
archives: archives:
- id: linux-archives - id: linux-archives
ids: [linux-build] ids: [linux-build]
# - id: darwin-archives - id: darwin-archives
# ids: [darwin-build] ids: [darwin-build]
# - id: windows-archives - id: windows-archives
# formats: formats:
# - zip - zip
# ids: [windows-build] ids: [windows-build]
#nfpms: nfpms:
# - license: "Apache 2.0" - license: "Apache 2.0"
# maintainer: "Anchore, Inc" maintainer: "Anchore, Inc"
# homepage: &website "https://github.com/anchore/syft" homepage: &website "https://github.com/anchore/syft"
# description: &description "A tool that generates a Software Bill Of Materials (SBOM) from container images and filesystems" description: &description "A tool that generates a Software Bill Of Materials (SBOM) from container images and filesystems"
# formats: [rpm, deb] formats: [rpm, deb]
#
#brews: brews:
# - repository: - repository:
# owner: anchore owner: anchore
# name: homebrew-syft name: homebrew-syft
# token: "{{.Env.GITHUB_BREW_TOKEN}}" token: "{{.Env.GITHUB_BREW_TOKEN}}"
# ids: [darwin-archives, linux-archives] ids: [darwin-archives, linux-archives]
# homepage: *website homepage: *website
# description: *description description: *description
# license: "Apache License 2.0" license: "Apache License 2.0"
dockers: dockers:
# production images... # production images...
@ -105,31 +101,31 @@ dockers:
- "--build-arg=VCS_REF={{.FullCommit}}" - "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}" - "--build-arg=VCS_URL={{.GitURL}}"
# - image_templates: - image_templates:
# - anchore/syft:{{.Tag}}-ppc64le - anchore/syft:{{.Tag}}-ppc64le
# - ghcr.io/anchore/syft:{{.Tag}}-ppc64le - ghcr.io/anchore/syft:{{.Tag}}-ppc64le
# goarch: ppc64le goarch: ppc64le
# dockerfile: Dockerfile dockerfile: Dockerfile
# use: buildx use: buildx
# build_flag_templates: build_flag_templates:
# - "--platform=linux/ppc64le" - "--platform=linux/ppc64le"
# - "--build-arg=BUILD_DATE={{.Date}}" - "--build-arg=BUILD_DATE={{.Date}}"
# - "--build-arg=BUILD_VERSION={{.Version}}" - "--build-arg=BUILD_VERSION={{.Version}}"
# - "--build-arg=VCS_REF={{.FullCommit}}" - "--build-arg=VCS_REF={{.FullCommit}}"
# - "--build-arg=VCS_URL={{.GitURL}}" - "--build-arg=VCS_URL={{.GitURL}}"
#
# - image_templates: - image_templates:
# - anchore/syft:{{.Tag}}-s390x - anchore/syft:{{.Tag}}-s390x
# - ghcr.io/anchore/syft:{{.Tag}}-s390x - ghcr.io/anchore/syft:{{.Tag}}-s390x
# goarch: s390x goarch: s390x
# dockerfile: Dockerfile dockerfile: Dockerfile
# use: buildx use: buildx
# build_flag_templates: build_flag_templates:
# - "--platform=linux/s390x" - "--platform=linux/s390x"
# - "--build-arg=BUILD_DATE={{.Date}}" - "--build-arg=BUILD_DATE={{.Date}}"
# - "--build-arg=BUILD_VERSION={{.Version}}" - "--build-arg=BUILD_VERSION={{.Version}}"
# - "--build-arg=VCS_REF={{.FullCommit}}" - "--build-arg=VCS_REF={{.FullCommit}}"
# - "--build-arg=VCS_URL={{.GitURL}}" - "--build-arg=VCS_URL={{.GitURL}}"
# nonroot images... # nonroot images...
- image_templates: - image_templates:
@ -158,192 +154,193 @@ dockers:
- "--build-arg=VCS_REF={{.FullCommit}}" - "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}" - "--build-arg=VCS_URL={{.GitURL}}"
# - image_templates: - image_templates:
# - anchore/syft:{{.Tag}}-nonroot-ppc64le - anchore/syft:{{.Tag}}-nonroot-ppc64le
# - ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le - ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le
# goarch: ppc64le goarch: ppc64le
# dockerfile: Dockerfile.nonroot dockerfile: Dockerfile.nonroot
# use: buildx use: buildx
# build_flag_templates: build_flag_templates:
# - "--platform=linux/ppc64le" - "--platform=linux/ppc64le"
# - "--build-arg=BUILD_DATE={{.Date}}" - "--build-arg=BUILD_DATE={{.Date}}"
# - "--build-arg=BUILD_VERSION={{.Version}}" - "--build-arg=BUILD_VERSION={{.Version}}"
# - "--build-arg=VCS_REF={{.FullCommit}}" - "--build-arg=VCS_REF={{.FullCommit}}"
# - "--build-arg=VCS_URL={{.GitURL}}" - "--build-arg=VCS_URL={{.GitURL}}"
#
# - image_templates:
# - anchore/syft:{{.Tag}}-nonroot-s390x
# - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x
# goarch: s390x
# dockerfile: Dockerfile.nonroot
# use: buildx
# build_flag_templates:
# - "--platform=linux/s390x"
# - "--build-arg=BUILD_DATE={{.Date}}"
# - "--build-arg=BUILD_VERSION={{.Version}}"
# - "--build-arg=VCS_REF={{.FullCommit}}"
# - "--build-arg=VCS_URL={{.GitURL}}"
# # debug images... - image_templates:
# - image_templates: - anchore/syft:{{.Tag}}-nonroot-s390x
# - anchore/syft:{{.Tag}}-debug-amd64 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x
# - ghcr.io/anchore/syft:{{.Tag}}-debug-amd64 goarch: s390x
# goarch: amd64 dockerfile: Dockerfile.nonroot
# dockerfile: Dockerfile.debug use: buildx
# use: buildx build_flag_templates:
# build_flag_templates: - "--platform=linux/s390x"
# - "--platform=linux/amd64" - "--build-arg=BUILD_DATE={{.Date}}"
# - "--build-arg=BUILD_DATE={{.Date}}" - "--build-arg=BUILD_VERSION={{.Version}}"
# - "--build-arg=BUILD_VERSION={{.Version}}" - "--build-arg=VCS_REF={{.FullCommit}}"
# - "--build-arg=VCS_REF={{.FullCommit}}" - "--build-arg=VCS_URL={{.GitURL}}"
# - "--build-arg=VCS_URL={{.GitURL}}"
# # debug images...
# - image_templates: - image_templates:
# - anchore/syft:{{.Tag}}-debug-arm64v8 - anchore/syft:{{.Tag}}-debug-amd64
# - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8 - ghcr.io/anchore/syft:{{.Tag}}-debug-amd64
# goarch: arm64 goarch: amd64
# dockerfile: Dockerfile.debug dockerfile: Dockerfile.debug
# use: buildx use: buildx
# build_flag_templates: build_flag_templates:
# - "--platform=linux/arm64/v8" - "--platform=linux/amd64"
# - "--build-arg=BUILD_DATE={{.Date}}" - "--build-arg=BUILD_DATE={{.Date}}"
# - "--build-arg=BUILD_VERSION={{.Version}}" - "--build-arg=BUILD_VERSION={{.Version}}"
# - "--build-arg=VCS_REF={{.FullCommit}}" - "--build-arg=VCS_REF={{.FullCommit}}"
# - "--build-arg=VCS_URL={{.GitURL}}" - "--build-arg=VCS_URL={{.GitURL}}"
#
# - image_templates: - image_templates:
# - anchore/syft:{{.Tag}}-debug-ppc64le - anchore/syft:{{.Tag}}-debug-arm64v8
# - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8
# goarch: ppc64le goarch: arm64
# dockerfile: Dockerfile.debug dockerfile: Dockerfile.debug
# use: buildx use: buildx
# build_flag_templates: build_flag_templates:
# - "--platform=linux/ppc64le" - "--platform=linux/arm64/v8"
# - "--build-arg=BUILD_DATE={{.Date}}" - "--build-arg=BUILD_DATE={{.Date}}"
# - "--build-arg=BUILD_VERSION={{.Version}}" - "--build-arg=BUILD_VERSION={{.Version}}"
# - "--build-arg=VCS_REF={{.FullCommit}}" - "--build-arg=VCS_REF={{.FullCommit}}"
# - "--build-arg=VCS_URL={{.GitURL}}" - "--build-arg=VCS_URL={{.GitURL}}"
#
# - image_templates: - image_templates:
# - anchore/syft:{{.Tag}}-debug-s390x - anchore/syft:{{.Tag}}-debug-ppc64le
# - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le
# goarch: s390x goarch: ppc64le
# dockerfile: Dockerfile.debug dockerfile: Dockerfile.debug
# use: buildx use: buildx
# build_flag_templates: build_flag_templates:
# - "--platform=linux/s390x" - "--platform=linux/ppc64le"
# - "--build-arg=BUILD_DATE={{.Date}}" - "--build-arg=BUILD_DATE={{.Date}}"
# - "--build-arg=BUILD_VERSION={{.Version}}" - "--build-arg=BUILD_VERSION={{.Version}}"
# - "--build-arg=VCS_REF={{.FullCommit}}" - "--build-arg=VCS_REF={{.FullCommit}}"
# - "--build-arg=VCS_URL={{.GitURL}}" - "--build-arg=VCS_URL={{.GitURL}}"
- image_templates:
- anchore/syft:{{.Tag}}-debug-s390x
- ghcr.io/anchore/syft:{{.Tag}}-debug-s390x
goarch: s390x
dockerfile: Dockerfile.debug
use: buildx
build_flag_templates:
- "--platform=linux/s390x"
- "--build-arg=BUILD_DATE={{.Date}}"
- "--build-arg=BUILD_VERSION={{.Version}}"
- "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}"
docker_manifests: docker_manifests:
- name_template: anchore/syft:latest - name_template: anchore/syft:latest
image_templates: image_templates:
- anchore/syft:{{.Tag}}-amd64 - anchore/syft:{{.Tag}}-amd64
- anchore/syft:{{.Tag}}-arm64v8 - anchore/syft:{{.Tag}}-arm64v8
# - anchore/syft:{{.Tag}}-ppc64le - anchore/syft:{{.Tag}}-ppc64le
# - anchore/syft:{{.Tag}}-s390x - anchore/syft:{{.Tag}}-s390x
# - name_template: ghcr.io/anchore/syft:latest - name_template: ghcr.io/anchore/syft:latest
# image_templates: image_templates:
# - ghcr.io/anchore/syft:{{.Tag}}-amd64 - ghcr.io/anchore/syft:{{.Tag}}-amd64
# - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 - ghcr.io/anchore/syft:{{.Tag}}-arm64v8
# - ghcr.io/anchore/syft:{{.Tag}}-ppc64le - ghcr.io/anchore/syft:{{.Tag}}-ppc64le
# - ghcr.io/anchore/syft:{{.Tag}}-s390x - ghcr.io/anchore/syft:{{.Tag}}-s390x
#
# - name_template: anchore/syft:{{.Tag}}
# image_templates:
# - anchore/syft:{{.Tag}}-amd64
# - anchore/syft:{{.Tag}}-arm64v8
# - anchore/syft:{{.Tag}}-ppc64le
# - anchore/syft:{{.Tag}}-s390x
#
# - name_template: ghcr.io/anchore/syft:{{.Tag}}
# image_templates:
# - ghcr.io/anchore/syft:{{.Tag}}-amd64
# - ghcr.io/anchore/syft:{{.Tag}}-arm64v8
# - ghcr.io/anchore/syft:{{.Tag}}-ppc64le
# - ghcr.io/anchore/syft:{{.Tag}}-s390x
#
# # nonroot images...
# - name_template: anchore/syft:nonroot
# image_templates:
# - anchore/syft:{{.Tag}}-nonroot-amd64
# - anchore/syft:{{.Tag}}-nonroot-arm64v8
# - anchore/syft:{{.Tag}}-nonroot-ppc64le
# - anchore/syft:{{.Tag}}-nonroot-s390x
#
# - name_template: ghcr.io/anchore/syft:nonroot
# image_templates:
# - ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64
# - ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8
# - ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le
# - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x
#
# - name_template: anchore/syft:{{.Tag}}-nonroot
# image_templates:
# - anchore/syft:{{.Tag}}-nonroot-amd64
# - anchore/syft:{{.Tag}}-nonroot-arm64v8
# - anchore/syft:{{.Tag}}-nonroot-ppc64le
# - anchore/syft:{{.Tag}}-nonroot-s390x
#
# - name_template: ghcr.io/anchore/syft:{{.Tag}}-nonroot
# image_templates:
# - ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64
# - ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8
# - ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le
# - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x
#
# # debug images...
# - name_template: anchore/syft:debug
# image_templates:
# - anchore/syft:{{.Tag}}-debug-amd64
# - anchore/syft:{{.Tag}}-debug-arm64v8
# - anchore/syft:{{.Tag}}-debug-ppc64le
# - anchore/syft:{{.Tag}}-debug-s390x
#
# - name_template: ghcr.io/anchore/syft:debug
# image_templates:
# - ghcr.io/anchore/syft:{{.Tag}}-debug-amd64
# - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8
# - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le
# - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x
#
# - name_template: anchore/syft:{{.Tag}}-debug
# image_templates:
# - anchore/syft:{{.Tag}}-debug-amd64
# - anchore/syft:{{.Tag}}-debug-arm64v8
# - anchore/syft:{{.Tag}}-debug-ppc64le
# - anchore/syft:{{.Tag}}-debug-s390x
#
# - name_template: ghcr.io/anchore/syft:{{.Tag}}-debug
# image_templates:
# - ghcr.io/anchore/syft:{{.Tag}}-debug-amd64
# - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8
# - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le
# - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x
#sboms: - name_template: anchore/syft:{{.Tag}}
# - artifacts: archive image_templates:
# cmd: ../.tool/syft - anchore/syft:{{.Tag}}-amd64
# documents: - anchore/syft:{{.Tag}}-arm64v8
# - "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}.sbom" - anchore/syft:{{.Tag}}-ppc64le
# args: - anchore/syft:{{.Tag}}-s390x
# - "scan"
# - "$artifact" - name_template: ghcr.io/anchore/syft:{{.Tag}}
# - "--output" image_templates:
# - "json=$document" - ghcr.io/anchore/syft:{{.Tag}}-amd64
# - ghcr.io/anchore/syft:{{.Tag}}-arm64v8
#signs: - ghcr.io/anchore/syft:{{.Tag}}-ppc64le
# - cmd: .tool/cosign - ghcr.io/anchore/syft:{{.Tag}}-s390x
# signature: "${artifact}.sig"
# certificate: "${artifact}.pem" # nonroot images...
# args: - name_template: anchore/syft:nonroot
# - "sign-blob" image_templates:
# - "--oidc-issuer=https://token.actions.githubusercontent.com" - anchore/syft:{{.Tag}}-nonroot-amd64
# - "--output-certificate=${certificate}" - anchore/syft:{{.Tag}}-nonroot-arm64v8
# - "--output-signature=${signature}" - anchore/syft:{{.Tag}}-nonroot-ppc64le
# - "${artifact}" - anchore/syft:{{.Tag}}-nonroot-s390x
# - "--yes"
# artifacts: checksum - name_template: ghcr.io/anchore/syft:nonroot
image_templates:
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x
- name_template: anchore/syft:{{.Tag}}-nonroot
image_templates:
- anchore/syft:{{.Tag}}-nonroot-amd64
- anchore/syft:{{.Tag}}-nonroot-arm64v8
- anchore/syft:{{.Tag}}-nonroot-ppc64le
- anchore/syft:{{.Tag}}-nonroot-s390x
- name_template: ghcr.io/anchore/syft:{{.Tag}}-nonroot
image_templates:
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le
- ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x
# debug images...
- name_template: anchore/syft:debug
image_templates:
- anchore/syft:{{.Tag}}-debug-amd64
- anchore/syft:{{.Tag}}-debug-arm64v8
- anchore/syft:{{.Tag}}-debug-ppc64le
- anchore/syft:{{.Tag}}-debug-s390x
- name_template: ghcr.io/anchore/syft:debug
image_templates:
- ghcr.io/anchore/syft:{{.Tag}}-debug-amd64
- ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8
- ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le
- ghcr.io/anchore/syft:{{.Tag}}-debug-s390x
- name_template: anchore/syft:{{.Tag}}-debug
image_templates:
- anchore/syft:{{.Tag}}-debug-amd64
- anchore/syft:{{.Tag}}-debug-arm64v8
- anchore/syft:{{.Tag}}-debug-ppc64le
- anchore/syft:{{.Tag}}-debug-s390x
- name_template: ghcr.io/anchore/syft:{{.Tag}}-debug
image_templates:
- ghcr.io/anchore/syft:{{.Tag}}-debug-amd64
- ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8
- ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le
- ghcr.io/anchore/syft:{{.Tag}}-debug-s390x
sboms:
- artifacts: archive
cmd: ../.tool/syft
documents:
- "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}.sbom"
args:
- "scan"
- "$artifact"
- "--output"
- "json=$document"
signs:
- cmd: .tool/cosign
signature: "${artifact}.sig"
certificate: "${artifact}.pem"
args:
- "sign-blob"
- "--use-signing-config=false"
- "--oidc-issuer=https://token.actions.githubusercontent.com"
- "--output-certificate=${certificate}"
- "--output-signature=${signature}"
- "${artifact}"
- "--yes"
artifacts: checksum