grype/.goreleaser.yaml

56 lines
1.5 KiB
YAML
Raw Normal View History

release:
# If set to auto, will mark the release as not ready for production
# in case there is an indicator for this in the tag e.g. v1.0.0-rc1
# If set to true, will mark the release as not ready for production.
prerelease: auto
signs:
- artifacts: checksum
args: ["--output", "${signature}", "--detach-sign", "${artifact}"]
builds:
2020-07-24 01:29:05 +00:00
- binary: grype
env:
- CGO_ENABLED=0
goos:
# windows not supported yet (due to jotframe)
# - windows
- linux
- darwin
goarch:
- amd64
# Set the modified timestamp on the output binary to the git timestamp (to ensure a reproducible build)
mod_timestamp: '{{ .CommitTimestamp }}'
ldflags: |
-w
-s
-extldflags '-static'
2020-07-24 01:29:05 +00:00
-X github.com/anchore/grype/internal/version.version={{.Version}}
-X github.com/anchore/grype/internal/version.gitCommit={{.Commit}}
-X github.com/anchore/grype/internal/version.buildDate={{.Date}}
-X github.com/anchore/grype/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}}
nfpms:
- license: "Apache 2.0"
maintainer: "Anchore, Inc"
2020-07-24 01:29:05 +00:00
homepage: &website "https://github.com/anchore/grype"
description: &description "A vulnerability scanner for container images and filesystems"
formats:
- rpm
- deb
# TODO: add back in when open sourced
#brews:
# - tap:
# owner: anchore
# name: homebrew-grype
# homepage: *website
# description: *description
archives:
- format: tar.gz
format_overrides:
- goos: windows
format: zip