version: 2

release:
  prerelease: auto
  draft: false

env:
  # required to support multi architecture docker builds
  - DOCKER_CLI_EXPERIMENTAL=enabled
  - CGO_ENABLED=0

builds:
  - id: linux-build
    dir: ./cmd/syft
    binary: syft
    goos:
      - windows
    goarch:
      - amd64
    # set the modified timestamp on the output binary to the git timestamp to ensure a reproducible build
    mod_timestamp: &build-timestamp '{{ .CommitTimestamp }}'
    ldflags: &build-ldflags |
      -w
      -s
      -extldflags '-static'
      -X main.version={{.Version}}
      -X main.gitCommit={{.Commit}}
      -X main.buildDate={{.Date}}
      -X main.gitDescription={{.Summary}}

#  - id: darwin-build
#    dir: ./cmd/syft
#    binary: syft
#    goos:
#      - darwin
#    goarch:
#      - amd64
#      - arm64
#    mod_timestamp: *build-timestamp
#    ldflags: *build-ldflags
#    hooks:
#      post:
#        - cmd: .tool/quill sign-and-notarize "{{ .Path }}" --dry-run={{ .IsSnapshot }} --ad-hoc={{ .IsSnapshot }} -vv
#          env:
#            - QUILL_LOG_FILE=/tmp/quill-{{ .Target }}.log
#
#  - id: windows-build
#    dir: ./cmd/syft
#    binary: syft
#    goos:
#      - windows
#    goarch:
#      - amd64
#    mod_timestamp: *build-timestamp
#    ldflags: *build-ldflags

#archives:
#  - id: linux-archives
#    builds:
#      - linux-build
#
#  # note: the signing process is depending on tar.gz archives. If this format changes then .github/scripts/apple-signing/*.sh will need to be adjusted
#  - id: darwin-archives
#    builds:
#      - darwin-build
#
#  - id: windows-archives
#    format: zip
#    builds:
#      - windows-build
#
#nfpms:
#  - license: "Apache 2.0"
#    maintainer: "Anchore, Inc"
#    homepage: &website "https://github.com/anchore/syft"
#    description: &description "A tool that generates a Software Bill Of Materials (SBOM) from container images and filesystems"
#    formats:
#      - rpm
#      - deb
#
#brews:
#  - repository:
#      owner: anchore
#      name: homebrew-syft
#      token: "{{.Env.GITHUB_BREW_TOKEN}}"
#    ids:
#      - darwin-archives
#      - linux-archives
#    homepage: *website
#    description: *description
#    license: "Apache License 2.0"
#
#dockers:
#  - image_templates:
#      - anchore/syft:debug
#      - anchore/syft:{{.Tag}}-debug
#      - ghcr.io/anchore/syft:debug
#      - ghcr.io/anchore/syft:{{.Tag}}-debug
#    goarch: amd64
#    dockerfile: Dockerfile.debug
#    use: buildx
#    build_flag_templates:
#      - "--platform=linux/amd64"
#      - "--build-arg=BUILD_DATE={{.Date}}"
#      - "--build-arg=BUILD_VERSION={{.Version}}"
#      - "--build-arg=VCS_REF={{.FullCommit}}"
#      - "--build-arg=VCS_URL={{.GitURL}}"
#
#  - image_templates:
#      - anchore/syft:debug-arm64v8
#      - anchore/syft:{{.Tag}}-debug-arm64v8
#      - ghcr.io/anchore/syft:debug-arm64v8
#      - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8
#    goarch: arm64
#    dockerfile: Dockerfile.debug
#    use: buildx
#    build_flag_templates:
#      - "--platform=linux/arm64/v8"
#      - "--build-arg=BUILD_DATE={{.Date}}"
#      - "--build-arg=BUILD_VERSION={{.Version}}"
#      - "--build-arg=VCS_REF={{.FullCommit}}"
#      - "--build-arg=VCS_URL={{.GitURL}}"
#
#  - image_templates:
#      - anchore/syft:debug-ppc64le
#      - anchore/syft:{{.Tag}}-debug-ppc64le
#      - ghcr.io/anchore/syft:debug-ppc64le
#      - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le
#    goarch: ppc64le
#    dockerfile: Dockerfile.debug
#    use: buildx
#    build_flag_templates:
#      - "--platform=linux/ppc64le"
#      - "--build-arg=BUILD_DATE={{.Date}}"
#      - "--build-arg=BUILD_VERSION={{.Version}}"
#      - "--build-arg=VCS_REF={{.FullCommit}}"
#      - "--build-arg=VCS_URL={{.GitURL}}"
#
#  - image_templates:
#      - anchore/syft:debug-s390x
#      - anchore/syft:{{.Tag}}-debug-s390x
#      - ghcr.io/anchore/syft:debug-s390x
#      - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x
#    goarch: s390x
#    dockerfile: Dockerfile.debug
#    use: buildx
#    build_flag_templates:
#      - "--platform=linux/s390x"
#      - "--build-arg=BUILD_DATE={{.Date}}"
#      - "--build-arg=BUILD_VERSION={{.Version}}"
#      - "--build-arg=VCS_REF={{.FullCommit}}"
#      - "--build-arg=VCS_URL={{.GitURL}}"
#
#  - image_templates:
#      - anchore/syft:latest
#      - anchore/syft:{{.Tag}}
#      - ghcr.io/anchore/syft:latest
#      - ghcr.io/anchore/syft:{{.Tag}}
#    goarch: amd64
#    dockerfile: Dockerfile
#    use: buildx
#    build_flag_templates:
#      - "--platform=linux/amd64"
#      - "--build-arg=BUILD_DATE={{.Date}}"
#      - "--build-arg=BUILD_VERSION={{.Version}}"
#      - "--build-arg=VCS_REF={{.FullCommit}}"
#      - "--build-arg=VCS_URL={{.GitURL}}"
#
#  - image_templates:
#      - anchore/syft:{{.Tag}}-arm64v8
#      - ghcr.io/anchore/syft:{{.Tag}}-arm64v8
#    goarch: arm64
#    dockerfile: Dockerfile
#    use: buildx
#    build_flag_templates:
#      - "--platform=linux/arm64/v8"
#      - "--build-arg=BUILD_DATE={{.Date}}"
#      - "--build-arg=BUILD_VERSION={{.Version}}"
#      - "--build-arg=VCS_REF={{.FullCommit}}"
#      - "--build-arg=VCS_URL={{.GitURL}}"
#
#  - image_templates:
#      - anchore/syft:{{.Tag}}-ppc64le
#      - ghcr.io/anchore/syft:{{.Tag}}-ppc64le
#    goarch: ppc64le
#    dockerfile: Dockerfile
#    use: buildx
#    build_flag_templates:
#      - "--platform=linux/ppc64le"
#      - "--build-arg=BUILD_DATE={{.Date}}"
#      - "--build-arg=BUILD_VERSION={{.Version}}"
#      - "--build-arg=VCS_REF={{.FullCommit}}"
#      - "--build-arg=VCS_URL={{.GitURL}}"
#
#  - image_templates:
#      - anchore/syft:{{.Tag}}-s390x
#      - ghcr.io/anchore/syft:{{.Tag}}-s390x
#    goarch: s390x
#    dockerfile: Dockerfile
#    use: buildx
#    build_flag_templates:
#      - "--platform=linux/s390x"
#      - "--build-arg=BUILD_DATE={{.Date}}"
#      - "--build-arg=BUILD_VERSION={{.Version}}"
#      - "--build-arg=VCS_REF={{.FullCommit}}"
#      - "--build-arg=VCS_URL={{.GitURL}}"
#
#docker_manifests:
#  - name_template: anchore/syft:latest
#    image_templates:
#      - anchore/syft:{{.Tag}}
#      - anchore/syft:{{.Tag}}-arm64v8
#      - anchore/syft:{{.Tag}}-ppc64le
#      - anchore/syft:{{.Tag}}-s390x
#
#  - name_template: anchore/syft:debug
#      - anchore/syft:{{.Tag}}-debug
#      - anchore/syft:{{.Tag}}-debug-arm64v8
#      - anchore/syft:{{.Tag}}-debug-ppc64le
#      - anchore/syft:{{.Tag}}-debug-s390x
#
#  - name_template: anchore/syft:{{.Tag}}
#    image_templates:
#      - anchore/syft:{{.Tag}}
#      - anchore/syft:{{.Tag}}-arm64v8
#      - anchore/syft:{{.Tag}}-ppc64le
#      - anchore/syft:{{.Tag}}-s390x
#
#  - name_template: ghcr.io/anchore/syft:latest
#    image_templates:
#      - ghcr.io/anchore/syft:{{.Tag}}
#      - ghcr.io/anchore/syft:{{.Tag}}-arm64v8
#      - ghcr.io/anchore/syft:{{.Tag}}-ppc64le
#      - ghcr.io/anchore/syft:{{.Tag}}-s390x
#
#  - name_template: ghcr.io/anchore/syft:debug
#    image_templates:
#      - ghcr.io/anchore/syft:{{.Tag}}-debug
#      - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8
#      - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le
#      - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x
#
#  - name_template: ghcr.io/anchore/syft:{{.Tag}}
#    image_templates:
#      - ghcr.io/anchore/syft:{{.Tag}}
#      - ghcr.io/anchore/syft:{{.Tag}}-arm64v8
#      - ghcr.io/anchore/syft:{{.Tag}}-ppc64le
#      - ghcr.io/anchore/syft:{{.Tag}}-s390x
#
#sboms:
#  - artifacts: archive
#    # this is relative to the snapshot/dist directory, not the root of the repo
#    cmd: ../.tool/syft
#    documents:
#      - "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}.sbom"
#    args:
#      - "scan"
#      - "$artifact"
#      - "--output"
#      - "json=$document"
#
#signs:
#  - cmd: .tool/cosign
#    signature: "${artifact}.sig"
#    certificate: "${artifact}.pem"
#    args:
#      - "sign-blob"
#      - "--oidc-issuer=https://token.actions.githubusercontent.com"
#      - "--output-certificate=${certificate}"
#      - "--output-signature=${signature}"
#      - "${artifact}"
#      - "--yes"
#    artifacts: checksum