2020-07-25 15:05:10 +00:00
|
|
|
release:
|
2020-09-29 20:33:33 +00:00
|
|
|
prerelease: auto
|
2022-05-26 20:44:22 +00:00
|
|
|
draft: false
|
2020-09-26 03:39:12 +00:00
|
|
|
|
2023-03-03 21:17:44 +00:00
|
|
|
env:
|
|
|
|
# required to support multi architecture docker builds
|
|
|
|
- DOCKER_CLI_EXPERIMENTAL=enabled
|
|
|
|
- CGO_ENABLED=0
|
2022-02-11 19:24:25 +00:00
|
|
|
|
2020-07-24 01:26:03 +00:00
|
|
|
builds:
|
2022-02-11 19:24:25 +00:00
|
|
|
- id: linux-build
|
2023-07-13 17:13:48 +00:00
|
|
|
dir: ./cmd/grype
|
2022-02-11 19:24:25 +00:00
|
|
|
binary: grype
|
2020-07-24 01:26:03 +00:00
|
|
|
goos:
|
|
|
|
- linux
|
2021-10-20 21:11:14 +00:00
|
|
|
goarch:
|
2021-10-25 16:56:55 +00:00
|
|
|
- amd64
|
2022-01-14 18:13:17 +00:00
|
|
|
- arm64
|
2022-11-29 22:44:59 +00:00
|
|
|
- ppc64le
|
2022-08-18 20:28:10 +00:00
|
|
|
- s390x
|
2022-02-11 19:24:25 +00:00
|
|
|
# set the modified timestamp on the output binary to the git timestamp to ensure a reproducible build
|
|
|
|
mod_timestamp: &build-timestamp '{{ .CommitTimestamp }}'
|
|
|
|
ldflags: &build-ldflags |
|
2021-10-20 21:11:14 +00:00
|
|
|
-w
|
|
|
|
-s
|
|
|
|
-extldflags '-static'
|
2023-09-11 19:10:06 +00:00
|
|
|
-X main.version={{.Version}}
|
|
|
|
-X main.gitCommit={{.Commit}}
|
|
|
|
-X main.buildDate={{.Date}}
|
|
|
|
-X main.gitDescription={{.Summary}}
|
2021-10-20 21:11:14 +00:00
|
|
|
|
2022-02-11 19:24:25 +00:00
|
|
|
- id: darwin-build
|
2023-07-13 17:13:48 +00:00
|
|
|
dir: ./cmd/grype
|
2022-02-11 19:24:25 +00:00
|
|
|
binary: grype
|
2020-11-05 13:50:58 +00:00
|
|
|
goos:
|
|
|
|
- darwin
|
|
|
|
goarch:
|
|
|
|
- amd64
|
2021-10-25 16:56:55 +00:00
|
|
|
- arm64
|
2022-02-11 19:24:25 +00:00
|
|
|
mod_timestamp: *build-timestamp
|
|
|
|
ldflags: *build-ldflags
|
|
|
|
hooks:
|
|
|
|
post:
|
2023-03-03 21:17:44 +00:00
|
|
|
- cmd: .tmp/quill sign-and-notarize "{{ .Path }}" --dry-run={{ .IsSnapshot }} --ad-hoc={{ .IsSnapshot }} -vv
|
|
|
|
env:
|
|
|
|
- QUILL_LOG_FILE=/tmp/quill-{{ .Target }}.log
|
2022-02-11 19:24:25 +00:00
|
|
|
|
|
|
|
- id: windows-build
|
2023-07-13 17:13:48 +00:00
|
|
|
dir: ./cmd/grype
|
2022-02-11 19:24:25 +00:00
|
|
|
binary: grype
|
|
|
|
goos:
|
|
|
|
- windows
|
|
|
|
goarch:
|
|
|
|
- amd64
|
|
|
|
mod_timestamp: *build-timestamp
|
|
|
|
ldflags: *build-ldflags
|
2020-11-11 22:30:50 +00:00
|
|
|
|
|
|
|
archives:
|
2022-02-11 19:24:25 +00:00
|
|
|
- id: linux-archives
|
|
|
|
builds:
|
|
|
|
- linux-build
|
2022-01-14 18:13:17 +00:00
|
|
|
|
2022-02-11 19:24:25 +00:00
|
|
|
- id: darwin-archives
|
2020-11-11 22:30:50 +00:00
|
|
|
builds:
|
2022-02-11 19:24:25 +00:00
|
|
|
- darwin-build
|
2020-11-05 13:50:58 +00:00
|
|
|
|
2022-02-11 19:24:25 +00:00
|
|
|
- id: windows-archives
|
|
|
|
format: zip
|
|
|
|
builds:
|
|
|
|
- windows-build
|
2020-07-24 01:26:03 +00:00
|
|
|
|
|
|
|
nfpms:
|
|
|
|
- license: "Apache 2.0"
|
|
|
|
maintainer: "Anchore, Inc"
|
2020-07-24 01:29:05 +00:00
|
|
|
homepage: &website "https://github.com/anchore/grype"
|
2020-07-24 01:26:03 +00:00
|
|
|
description: &description "A vulnerability scanner for container images and filesystems"
|
|
|
|
formats:
|
|
|
|
- rpm
|
|
|
|
- deb
|
|
|
|
|
2020-08-10 22:57:03 +00:00
|
|
|
brews:
|
|
|
|
- tap:
|
|
|
|
owner: anchore
|
|
|
|
name: homebrew-grype
|
2023-03-03 21:17:44 +00:00
|
|
|
token: "{{.Env.GITHUB_BREW_TOKEN}}"
|
2022-01-14 18:13:17 +00:00
|
|
|
ids:
|
2022-02-11 19:24:25 +00:00
|
|
|
- darwin-archives
|
|
|
|
- linux-archives
|
2020-08-10 22:57:03 +00:00
|
|
|
homepage: *website
|
|
|
|
description: *description
|
2022-02-11 19:24:25 +00:00
|
|
|
license: "Apache License 2.0"
|
2023-03-03 21:17:44 +00:00
|
|
|
|
|
|
|
dockers:
|
|
|
|
- image_templates:
|
|
|
|
- anchore/grype:debug
|
|
|
|
- anchore/grype:{{.Tag}}-debug
|
|
|
|
- ghcr.io/anchore/grype:debug
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug
|
|
|
|
goarch: amd64
|
|
|
|
dockerfile: Dockerfile.debug
|
|
|
|
use: buildx
|
|
|
|
build_flag_templates:
|
|
|
|
- "--platform=linux/amd64"
|
|
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
|
|
|
|
- image_templates:
|
|
|
|
- anchore/grype:debug-arm64v8
|
|
|
|
- anchore/grype:{{.Tag}}-debug-arm64v8
|
|
|
|
- ghcr.io/anchore/grype:debug-arm64v8
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug-arm64v8
|
|
|
|
goarch: arm64
|
|
|
|
dockerfile: Dockerfile.debug
|
|
|
|
use: buildx
|
|
|
|
build_flag_templates:
|
|
|
|
- "--platform=linux/arm64/v8"
|
|
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
|
|
|
|
- image_templates:
|
|
|
|
- anchore/grype:debug-ppc64le
|
|
|
|
- anchore/grype:{{.Tag}}-debug-ppc64le
|
|
|
|
- ghcr.io/anchore/grype:debug-ppc64le
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug-ppc64le
|
|
|
|
goarch: ppc64le
|
|
|
|
dockerfile: Dockerfile.debug
|
|
|
|
use: buildx
|
|
|
|
build_flag_templates:
|
|
|
|
- "--platform=linux/ppc64le"
|
|
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
|
|
|
|
- image_templates:
|
|
|
|
- anchore/grype:debug-s390x
|
|
|
|
- anchore/grype:{{.Tag}}-debug-s390x
|
|
|
|
- ghcr.io/anchore/grype:debug-s390x
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug-s390x
|
|
|
|
goarch: s390x
|
|
|
|
dockerfile: Dockerfile.debug
|
|
|
|
use: buildx
|
|
|
|
build_flag_templates:
|
|
|
|
- "--platform=linux/s390x"
|
|
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
|
|
|
|
- image_templates:
|
|
|
|
- anchore/grype:latest
|
|
|
|
- anchore/grype:{{.Tag}}
|
|
|
|
- ghcr.io/anchore/grype:latest
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}
|
|
|
|
goarch: amd64
|
|
|
|
dockerfile: Dockerfile
|
|
|
|
use: buildx
|
|
|
|
build_flag_templates:
|
|
|
|
- "--platform=linux/amd64"
|
|
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
|
|
|
|
- image_templates:
|
|
|
|
- anchore/grype:{{.Tag}}-arm64v8
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-arm64v8
|
|
|
|
goarch: arm64
|
|
|
|
dockerfile: Dockerfile
|
|
|
|
use: buildx
|
|
|
|
build_flag_templates:
|
|
|
|
- "--platform=linux/arm64/v8"
|
|
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
|
|
|
|
- image_templates:
|
|
|
|
- anchore/grype:{{.Tag}}-ppc64le
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-ppc64le
|
|
|
|
goarch: ppc64le
|
|
|
|
dockerfile: Dockerfile
|
|
|
|
use: buildx
|
|
|
|
build_flag_templates:
|
|
|
|
- "--platform=linux/ppc64le"
|
|
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
|
|
|
|
- image_templates:
|
|
|
|
- anchore/grype:{{.Tag}}-s390x
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-s390x
|
|
|
|
goarch: s390x
|
|
|
|
dockerfile: Dockerfile
|
|
|
|
use: buildx
|
|
|
|
build_flag_templates:
|
|
|
|
- "--platform=linux/s390x"
|
|
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
|
|
|
|
docker_manifests:
|
|
|
|
- name_template: anchore/grype:latest
|
|
|
|
image_templates:
|
|
|
|
- anchore/grype:{{.Tag}}
|
|
|
|
- anchore/grype:{{.Tag}}-arm64v8
|
|
|
|
- anchore/grype:{{.Tag}}-ppc64le
|
|
|
|
- anchore/grype:{{.Tag}}-s390x
|
|
|
|
|
|
|
|
- name_template: anchore/grype:debug
|
|
|
|
- anchore/grype:{{.Tag}}-debug
|
|
|
|
- anchore/grype:{{.Tag}}-debug-arm64v8
|
|
|
|
- anchore/grype:{{.Tag}}-debug-ppc64le
|
|
|
|
- anchore/grype:{{.Tag}}-debug-s390x
|
|
|
|
|
|
|
|
- name_template: anchore/grype:{{.Tag}}
|
|
|
|
image_templates:
|
|
|
|
- anchore/grype:{{.Tag}}
|
|
|
|
- anchore/grype:{{.Tag}}-arm64v8
|
|
|
|
- anchore/grype:{{.Tag}}-ppc64le
|
|
|
|
- anchore/grype:{{.Tag}}-s390x
|
|
|
|
|
|
|
|
- name_template: ghcr.io/anchore/grype:latest
|
|
|
|
image_templates:
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-arm64v8
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-ppc64le
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-s390x
|
|
|
|
|
|
|
|
- name_template: ghcr.io/anchore/grype:debug
|
|
|
|
image_templates:
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug-arm64v8
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug-ppc64le
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug-s390x
|
|
|
|
|
|
|
|
- name_template: ghcr.io/anchore/grype:{{.Tag}}
|
|
|
|
image_templates:
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-arm64v8
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-ppc64le
|
|
|
|
- ghcr.io/anchore/grype:{{.Tag}}-s390x
|
|
|
|
|
2023-10-12 19:38:30 +00:00
|
|
|
|
|
|
|
signs:
|
|
|
|
- cmd: cosign
|
|
|
|
signature: "${artifact}.sig"
|
|
|
|
certificate: "${artifact}.pem"
|
|
|
|
args:
|
|
|
|
- "sign-blob"
|
|
|
|
- "--oidc-issuer=https://token.actions.githubusercontent.com"
|
|
|
|
- "--output-certificate=${certificate}"
|
|
|
|
- "--output-signature=${signature}"
|
|
|
|
- "${artifact}"
|
|
|
|
- "--yes"
|
|
|
|
artifacts: checksum
|