release:
  # If set to auto, will mark the release as not ready for production in case there is an indicator for this in the
  # tag e.g. v1.0.0-rc1 .If set to true, will mark the release as not ready for production.
  prerelease: auto

  # If set to true, will not auto-publish the release. This is done to allow us to review the changelog before publishing.
  draft: true

signs:
  - artifacts: checksum
    args: ["--output", "${signature}", "--detach-sign", "${artifact}"]

builds:
  - binary: syft
    env:
      - CGO_ENABLED=0
    goos:
      # windows not supported yet (due to jotframe)
      # - windows
      - linux
      - darwin
    goarch:
      - amd64
    # Set the modified timestamp on the output binary to the git timestamp (to ensure a reproducible build)
    mod_timestamp: '{{ .CommitTimestamp }}'
    ldflags: |
      -w
      -s
      -extldflags '-static'
      -X github.com/anchore/syft/internal/version.version={{.Version}}
      -X github.com/anchore/syft/internal/version.gitCommit={{.Commit}}
      -X github.com/anchore/syft/internal/version.buildDate={{.Date}}
      -X github.com/anchore/syft/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}}

nfpms:
  - license: "Apache 2.0"
    maintainer: "Anchore, Inc"
    homepage: &website "https://github.com/anchore/syft"
    description: &description "A tool that generates a Software Bill Of Materials (SBOM) from container images and filesystems"
    formats:
      - rpm
      - deb

brews:
  - tap:
      owner: anchore
      name: homebrew-syft
    homepage: *website
    description: *description

archives:
  - format: tar.gz
    format_overrides:
      - goos: windows
        format: zip