mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 08:23:15 +01:00
dfefd2ea4e
* update goreleaser with windows checksums Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * update format to be closer to our previous implementation Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * remove linux replacement Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * typo Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
151 lines
5.2 KiB
YAML
151 lines
5.2 KiB
YAML
release:
|
|
# If set to auto, will mark the release as not ready for production in case there is an indicator for this in the
|
|
# tag e.g. v1.0.0-rc1 .If set to true, will mark the release as not ready for production.
|
|
prerelease: auto
|
|
|
|
# If set to true, will not auto-publish the release. This is done to allow us to review the changelog before publishing.
|
|
draft: true
|
|
|
|
builds:
|
|
- binary: syft
|
|
id: syft
|
|
env:
|
|
- CGO_ENABLED=0
|
|
goos:
|
|
- linux
|
|
- windows
|
|
goarch:
|
|
- amd64
|
|
- arm64
|
|
# Set the modified timestamp on the output binary to the git timestamp (to ensure a reproducible build)
|
|
mod_timestamp: '{{ .CommitTimestamp }}'
|
|
ldflags: |
|
|
-w
|
|
-s
|
|
-extldflags '-static'
|
|
-X github.com/anchore/syft/internal/version.version={{.Version}}
|
|
-X github.com/anchore/syft/internal/version.gitCommit={{.Commit}}
|
|
-X github.com/anchore/syft/internal/version.buildDate={{.Date}}
|
|
-X github.com/anchore/syft/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}}
|
|
|
|
# For more info on this macOS build, see: https://github.com/mitchellh/gon#usage-with-goreleaser
|
|
- binary: syft
|
|
id: syft-macos
|
|
env:
|
|
- CGO_ENABLED=0
|
|
goos:
|
|
- darwin
|
|
goarch:
|
|
- amd64
|
|
- arm64
|
|
# Set the modified timestamp on the output binary to the git timestamp (to ensure a reproducible build)
|
|
mod_timestamp: '{{ .CommitTimestamp }}'
|
|
ldflags: |
|
|
-w
|
|
-s
|
|
-extldflags '-static'
|
|
-X github.com/anchore/syft/internal/version.version={{.Version}}
|
|
-X github.com/anchore/syft/internal/version.gitCommit={{.Commit}}
|
|
-X github.com/anchore/syft/internal/version.buildDate={{.Date}}
|
|
-X github.com/anchore/syft/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}}
|
|
|
|
archives:
|
|
- name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
|
|
id: syft
|
|
replacements:
|
|
windows: Windows
|
|
amd64: x86_64
|
|
format_overrides:
|
|
- goos: windows
|
|
format: zip
|
|
|
|
- format: zip # This is a hack for syft-macos! We don't actually intend to use _this_ ZIP file, we just need goreleaser to consider the ZIP file produced by gon (which will have the same file name) to be an artifact so we can use it downstream in publishing (e.g. to a homebrew tap)
|
|
id: syft-exception
|
|
builds:
|
|
- syft-macos
|
|
|
|
signs:
|
|
- artifacts: checksum
|
|
cmd: sh
|
|
args:
|
|
- '-c'
|
|
# we should not include the zip artifact, as the artifact is mutated throughout the next macOS notarization step
|
|
# note: sed -i is not portable
|
|
- 'sed "/.*\.zip/d" ${artifact} > tmpfile && mv tmpfile ${artifact} && gpg --output ${signature} --detach-sign ${artifact}'
|
|
- id: syft-macos-signing
|
|
ids:
|
|
- syft-macos
|
|
cmd: ./.github/scripts/mac-sign-and-notarize.sh
|
|
signature: "syft_${VERSION}_darwin_amd64.dmg" # This is somewhat unintuitive. This gets the DMG file recognized as an artifact. In fact, both a DMG and a ZIP file are being produced by this signing step.
|
|
args:
|
|
- "{{ .IsSnapshot }}"
|
|
- "gon.hcl"
|
|
- "./dist/syft_{{ .Version }}_darwin_amd64"
|
|
artifacts: all
|
|
|
|
nfpms:
|
|
- license: "Apache 2.0"
|
|
maintainer: "Anchore, Inc"
|
|
homepage: &website "https://github.com/anchore/syft"
|
|
description: &description "A tool that generates a Software Bill Of Materials (SBOM) from container images and filesystems"
|
|
formats:
|
|
- rpm
|
|
- deb
|
|
|
|
brews:
|
|
- tap:
|
|
owner: anchore
|
|
name: homebrew-syft
|
|
ids:
|
|
- syft
|
|
homepage: *website
|
|
description: *description
|
|
license: "Apache License 2.0"
|
|
|
|
dockers:
|
|
- image_templates:
|
|
- "anchore/syft:latest"
|
|
- "anchore/syft:{{ .Tag }}-amd64"
|
|
- "anchore/syft:v{{ .Major }}-amd64"
|
|
- "anchore/syft:v{{ .Major }}.{{ .Minor }}-amd64"
|
|
dockerfile: Dockerfile
|
|
use: buildx
|
|
build_flag_templates:
|
|
- "--platform=linux/amd64"
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
- image_templates:
|
|
- "anchore/syft:{{ .Tag }}-arm64v8"
|
|
- "anchore/syft:v{{ .Major }}-arm64v8"
|
|
- "anchore/syft:v{{ .Major }}.{{ .Minor }}-arm64v8"
|
|
goarch: arm64
|
|
dockerfile: Dockerfile
|
|
use: buildx
|
|
build_flag_templates:
|
|
- "--platform=linux/arm64/v8"
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
docker_manifests:
|
|
- name_template: anchore/syft:{{ .Tag }}
|
|
image_templates:
|
|
- anchore/syft:{{ .Tag }}-amd64
|
|
- anchore/syft:v{{ .Major }}-amd64
|
|
- anchore/syft:v{{ .Major }}.{{ .Minor }}-amd64
|
|
- anchore/syft:{{ .Tag }}-arm64v8
|
|
- anchore/syft:v{{ .Major }}-arm64v8
|
|
- anchore/syft:v{{ .Major }}.{{ .Minor }}-arm64v8
|
|
- name_template: anchore/syft:latest
|
|
image_templates:
|
|
- anchore/syft:{{ .Tag }}-amd64
|
|
- anchore/syft:v{{ .Major }}-amd64
|
|
- anchore/syft:v{{ .Major }}.{{ .Minor }}-amd64
|
|
- anchore/syft:{{ .Tag }}-arm64v8
|
|
- anchore/syft:v{{ .Major }}-arm64v8
|
|
- anchore/syft:v{{ .Major }}.{{ .Minor }}-arm64v8
|