2020-07-25 15:05:10 +00:00
release :
# If set to auto, will mark the release as not ready for production
# in case there is an indicator for this in the tag e.g. v1.0.0-rc1
# If set to true, will mark the release as not ready for production.
2020-09-29 20:33:33 +00:00
prerelease : auto
2020-07-25 15:05:10 +00:00
2020-09-26 03:39:12 +00:00
# If set to true, will not auto-publish the release. This is done to allow us to review the changelog before publishing.
draft : true
2020-07-24 01:26:03 +00:00
builds :
2020-07-24 01:29:05 +00:00
- binary : grype
2020-11-05 13:50:58 +00:00
id : grype
2020-07-24 01:26:03 +00:00
env :
- CGO_ENABLED=0
goos :
- linux
goarch :
- amd64
2021-10-25 16:56:55 +00:00
- arm64
2020-07-24 01:26:03 +00:00
# Set the modified timestamp on the output binary to the git timestamp (to ensure a reproducible build)
mod_timestamp : '{{ .CommitTimestamp }}'
ldflags : |
-w
-s
-extldflags '-static'
2020-07-24 01:29:05 +00:00
-X github.com/anchore/grype/internal/version.version={{.Version}}
2021-09-16 20:08:07 +00:00
-X github.com/anchore/grype/internal/version.syftVersion={{.Env.SYFT_VERSION}}
2020-07-24 01:29:05 +00:00
-X github.com/anchore/grype/internal/version.gitCommit={{.Commit}}
-X github.com/anchore/grype/internal/version.buildDate={{.Date}}
-X github.com/anchore/grype/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}}
2021-10-25 16:56:55 +00:00
2021-10-20 21:11:14 +00:00
- binary : grype
2021-10-25 16:56:55 +00:00
id : grype-win
2021-10-20 21:11:14 +00:00
env :
- CGO_ENABLED=0
goos :
2021-10-25 16:56:55 +00:00
- windows
2021-10-20 21:11:14 +00:00
goarch :
2021-10-25 16:56:55 +00:00
- amd64
2021-10-20 21:11:14 +00:00
# Set the modified timestamp on the output binary to the git timestamp (to ensure a reproducible build)
mod_timestamp : '{{ .CommitTimestamp }}'
ldflags : |
-w
-s
-extldflags '-static'
-X github.com/anchore/grype/internal/version.version={{.Version}}
-X github.com/anchore/grype/internal/version.syftVersion={{.Env.SYFT_VERSION}}
-X github.com/anchore/grype/internal/version.gitCommit={{.Commit}}
-X github.com/anchore/grype/internal/version.buildDate={{.Date}}
-X github.com/anchore/grype/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}}
2020-11-05 13:50:58 +00:00
# For more info on this macOS build, see: https://github.com/mitchellh/gon#usage-with-goreleaser
- binary : grype
id : grype-macos
env :
- CGO_ENABLED=0
goos :
- darwin
goarch :
- amd64
2021-10-25 16:56:55 +00:00
- arm64
2020-11-05 13:50:58 +00:00
# Set the modified timestamp on the output binary to the git timestamp (to ensure a reproducible build)
mod_timestamp : '{{ .CommitTimestamp }}'
ldflags : |
-w
-s
-extldflags '-static'
-X github.com/anchore/grype/internal/version.version={{.Version}}
2021-09-16 20:08:07 +00:00
-X github.com/anchore/grype/internal/version.syftVersion={{.Env.SYFT_VERSION}}
2020-11-05 13:50:58 +00:00
-X github.com/anchore/grype/internal/version.gitCommit={{.Commit}}
-X github.com/anchore/grype/internal/version.buildDate={{.Date}}
-X github.com/anchore/grype/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}}
2020-11-11 22:30:50 +00:00
archives :
- format : tar.gz
builds :
- grype # i.e. Linux only
2021-10-25 16:56:55 +00:00
- format : zip # This is a hack for grype-macos! We don't actually intend to use _this_ ZIP file, we just need goreleaser to consider the ZIP file produced by gon (which will have the same file name) to be an artifact so we can use it downstream in publishing (e.g. to a homebrew tap)
2020-11-11 22:30:50 +00:00
id : grype-zip
builds :
- grype-macos
2021-10-25 16:56:55 +00:00
- grype-win
2020-11-05 13:50:58 +00:00
signs :
- artifacts : checksum
2020-11-11 22:30:50 +00:00
cmd : sh
args :
- '-c'
# we should not include the zip artifact, as the artifact is mutated throughout the next macOS notarization step
# note: sed -i is not portable
- 'sed "/.*\.zip/d" ${artifact} > tmpfile && mv tmpfile ${artifact} && gpg --output ${signature} --detach-sign ${artifact}'
- id : grype-macos-signing
ids :
- grype-macos
cmd : ./.github/scripts/mac-sign-and-notarize.sh
signature : "grype_${VERSION}_darwin_amd64.dmg" # This is somewhat unintuitive. This gets the DMG file recognized as an artifact. In fact, both a DMG and a ZIP file are being produced by this signing step.
args :
- "{{ .IsSnapshot }}"
- "gon.hcl"
- "./dist/grype_{{ .Version }}_darwin_amd64"
artifacts : all
2020-07-24 01:26:03 +00:00
nfpms :
- license : "Apache 2.0"
maintainer : "Anchore, Inc"
2020-07-24 01:29:05 +00:00
homepage : &website "https://github.com/anchore/grype"
2020-07-24 01:26:03 +00:00
description : &description "A vulnerability scanner for container images and filesystems"
formats :
- rpm
- deb
2020-08-10 22:57:03 +00:00
brews :
- tap :
owner : anchore
name : homebrew-grype
2021-01-12 17:14:24 +00:00
install : |
bin.install "grype"
# Install bash completion
output = Utils.popen_read("#{bin}/grype completion bash")
(bash_completion/"grype").write output
# Install zsh completion
output = Utils.popen_read("#{bin}/grype completion zsh")
(zsh_completion/"_grype").write output
2020-08-10 22:57:03 +00:00
homepage : *website
description : *description
2021-03-23 10:37:06 +00:00
dockers :
2021-10-25 16:56:55 +00:00
- image_templates :
2021-11-22 21:15:43 +00:00
- "anchore/grype:latest"
- "anchore/grype:{{ .Tag }}-amd64"
2021-10-25 16:56:55 +00:00
- "anchore/grype:v{{ .Major }}-amd64"
- "anchore/grype:v{{ .Major }}.{{ .Minor }}-amd64"
dockerfile : Dockerfile
use : buildx
2021-03-23 10:37:06 +00:00
build_flag_templates :
2021-10-25 16:56:55 +00:00
- "--platform=linux/amd64"
2021-03-23 10:37:06 +00:00
- "--build-arg=BUILD_DATE={{.Date}}"
- "--build-arg=BUILD_VERSION={{.Version}}"
- "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}"
2021-10-25 16:56:55 +00:00
- image_templates :
2021-11-22 21:15:43 +00:00
- "anchore/grype:{{ .Tag }}-arm64v8"
2021-10-25 16:56:55 +00:00
- "anchore/grype:v{{ .Major }}-arm64v8"
- "anchore/grype:v{{ .Major }}.{{ .Minor }}-arm64v8"
goarch : arm64
dockerfile : Dockerfile
2021-10-01 13:37:36 +00:00
use : buildx
2021-10-25 16:56:55 +00:00
build_flag_templates :
- "--platform=linux/arm64/v8"
- "--build-arg=BUILD_DATE={{.Date}}"
- "--build-arg=BUILD_VERSION={{.Version}}"
- "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}"
2021-10-26 14:04:38 +00:00
docker_manifests :
2021-11-22 21:15:43 +00:00
- name_template : anchore/grype:{{ .Tag }}
2021-10-26 14:04:38 +00:00
image_templates :
2021-11-22 21:15:43 +00:00
- anchore/grype:{{ .Tag }}-amd64
2021-10-26 14:04:38 +00:00
- anchore/grype:v{{ .Major }}-amd64
- anchore/grype:v{{ .Major }}.{{ .Minor }}-amd64
2021-11-22 21:15:43 +00:00
- anchore/grype:{{ .Tag }}-arm64v8
2021-10-26 14:04:38 +00:00
- anchore/grype:v{{ .Major }}-arm64v8
- anchore/grype:v{{ .Major }}.{{ .Minor }}-arm64v8
- name_template : anchore/grype:latest
image_templates :
2021-11-22 21:15:43 +00:00
- anchore/grype:{{ .Tag }}-amd64
2021-10-26 14:04:38 +00:00
- anchore/grype:v{{ .Major }}-amd64
- anchore/grype:v{{ .Major }}.{{ .Minor }}-amd64
2021-11-22 21:15:43 +00:00
- anchore/grype:{{ .Tag }}-arm64v8
2021-10-26 14:04:38 +00:00
- anchore/grype:v{{ .Major }}-arm64v8
- anchore/grype:v{{ .Major }}.{{ .Minor }}-arm64v8
