* Support gomod configuration in goreleaser
Signed-off-by: Conor Nosal <cnosal@vmware.com>
* switch to goreleaser build for snapshots + bump version
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* modify goreleaser buildx option due to deprecation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add snapshot flag to builds
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
This change both adds a test to identify and fixes differences between loading sboms from json and loading sboms from Syft as a library.
* adds integration test that compares SBOM input vs image input
* fix integration test cache path
* Add handler for ApkMetadataType in partialSyftPackage.UnmarshalJSON
* Fix Epoch missing from Package.New RpmdbMetadataType handler and update RpmDbMetadata test in TestNew_MetadataExtraction
* bump syft to version 0.24.0
* update license check for packageurl-go
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Vijay Pillai <vijay.pillai@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Vijay Pillai <vijay.pillai@anchore.com>
Previous install of goreleaser v 0.160.0 was being done with curl command to https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh, but there have been changes to that script that broke bootstrap. Copied the shell script to repo and changed the checksum file name to goreleaser_checksums.txt
Signed-off-by: Zane Burstein <zane.burstein@anchore.com>
* Add first issue/PR welcome message action
Signed-off-by: Robert Prince <robert.prince@anchore.com>
* update first-pr-issue message with a simple greeting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* simplify first message to a greeting
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
* disable prerelease version update check
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use prerelease flag as source of truth for user notifications
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add installer script + brew tap
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* use correct token on release
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add inline-compare as acceptance tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* improve RPM matching with source indirection matching
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* add comments to compare-* make targets
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* clean inline-compare image test names
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* bump syft version to get rpm field enhancements
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
