release: prerelease: auto draft: true env: # required to support multi architecture docker builds - DOCKER_CLI_EXPERIMENTAL=enabled before: hooks: - ./.github/scripts/apple-signing/setup.sh {{ .IsSnapshot }} builds: - id: linux-build binary: grype goos: - linux goarch: - amd64 - arm64 # set the modified timestamp on the output binary to the git timestamp to ensure a reproducible build mod_timestamp: &build-timestamp '{{ .CommitTimestamp }}' env: &build-env - CGO_ENABLED=0 ldflags: &build-ldflags | -w -s -extldflags '-static' -X github.com/anchore/grype/internal/version.version={{.Version}} -X github.com/anchore/grype/internal/version.syftVersion={{.Env.SYFT_VERSION}} -X github.com/anchore/grype/internal/version.gitCommit={{.Commit}} -X github.com/anchore/grype/internal/version.buildDate={{.Date}} -X github.com/anchore/grype/internal/version.gitDescription={{.Summary}} - id: darwin-build binary: grype goos: - darwin goarch: - amd64 - arm64 mod_timestamp: *build-timestamp env: *build-env ldflags: *build-ldflags hooks: post: # we must have signing as a build hook instead of the signs section. The signs section must register a new asset, where we want to replace an existing asset. # a post-build hook has the advantage of not needing to unpackage and repackage a tar.gz with a signed binary - ./.github/scripts/apple-signing/sign.sh "{{ .Path }}" "{{ .IsSnapshot }}" "{{ .Target }}" - id: windows-build binary: grype goos: - windows goarch: - amd64 mod_timestamp: *build-timestamp env: *build-env ldflags: *build-ldflags archives: - id: linux-archives builds: - linux-build - id: darwin-archives builds: - darwin-build - id: windows-archives format: zip builds: - windows-build nfpms: - license: "Apache 2.0" maintainer: "Anchore, Inc" homepage: &website "https://github.com/anchore/grype" description: &description "A vulnerability scanner for container images and filesystems" formats: - rpm - deb brews: - tap: owner: anchore name: homebrew-grype ids: - darwin-archives - linux-archives homepage: *website description: *description license: "Apache License 2.0" dockers: - image_templates: - "anchore/grype:latest" - "anchore/grype:{{ .Tag }}-amd64" - "anchore/grype:v{{ .Major }}-amd64" - "anchore/grype:v{{ .Major }}.{{ .Minor }}-amd64" dockerfile: Dockerfile use: buildx build_flag_templates: - "--platform=linux/amd64" - "--build-arg=BUILD_DATE={{.Date}}" - "--build-arg=BUILD_VERSION={{.Version}}" - "--build-arg=VCS_REF={{.FullCommit}}" - "--build-arg=VCS_URL={{.GitURL}}" - image_templates: - "anchore/grype:{{ .Tag }}-arm64v8" - "anchore/grype:v{{ .Major }}-arm64v8" - "anchore/grype:v{{ .Major }}.{{ .Minor }}-arm64v8" goarch: arm64 dockerfile: Dockerfile use: buildx build_flag_templates: - "--platform=linux/arm64/v8" - "--build-arg=BUILD_DATE={{.Date}}" - "--build-arg=BUILD_VERSION={{.Version}}" - "--build-arg=VCS_REF={{.FullCommit}}" - "--build-arg=VCS_URL={{.GitURL}}" docker_manifests: - name_template: anchore/grype:{{ .Tag }} image_templates: - anchore/grype:{{ .Tag }}-amd64 - anchore/grype:{{ .Tag }}-arm64v8 - name_template: anchore/grype:latest image_templates: - anchore/grype:{{ .Tag }}-amd64 - anchore/grype:{{ .Tag }}-arm64v8