mirror of
https://github.com/anchore/grype
synced 2024-09-20 06:21:56 +00:00
5754360376
- Remove old apple signing flow in favor of [quill](https://github.com/anchore/quill) - Update changelog generation to be in sync with syft's flow - Remove old goreleaser docker workflow in favor of single file - Remove individual bootstrap options in favor of single bootstrap action - Update release and validation workflows to use trigger based approach seen in syft - Update golangci.yaml to be equivalent to syft patterns - Remove unused Dockerfile.dev - Remove docker-compose development cycle - Add organized test-fixture Makefile targets Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
246 lines
7 KiB
YAML
246 lines
7 KiB
YAML
release:
|
|
prerelease: auto
|
|
draft: false
|
|
|
|
env:
|
|
# required to support multi architecture docker builds
|
|
- DOCKER_CLI_EXPERIMENTAL=enabled
|
|
- CGO_ENABLED=0
|
|
|
|
builds:
|
|
- id: linux-build
|
|
binary: grype
|
|
goos:
|
|
- linux
|
|
goarch:
|
|
- amd64
|
|
- arm64
|
|
- ppc64le
|
|
- s390x
|
|
# set the modified timestamp on the output binary to the git timestamp to ensure a reproducible build
|
|
mod_timestamp: &build-timestamp '{{ .CommitTimestamp }}'
|
|
ldflags: &build-ldflags |
|
|
-w
|
|
-s
|
|
-extldflags '-static'
|
|
-X github.com/anchore/grype/internal/version.version={{.Version}}
|
|
-X github.com/anchore/grype/internal/version.gitCommit={{.Commit}}
|
|
-X github.com/anchore/grype/internal/version.buildDate={{.Date}}
|
|
-X github.com/anchore/grype/internal/version.gitDescription={{.Summary}}
|
|
|
|
- id: darwin-build
|
|
binary: grype
|
|
goos:
|
|
- darwin
|
|
goarch:
|
|
- amd64
|
|
- arm64
|
|
mod_timestamp: *build-timestamp
|
|
ldflags: *build-ldflags
|
|
hooks:
|
|
post:
|
|
- cmd: .tmp/quill sign-and-notarize "{{ .Path }}" --dry-run={{ .IsSnapshot }} --ad-hoc={{ .IsSnapshot }} -vv
|
|
env:
|
|
- QUILL_LOG_FILE=/tmp/quill-{{ .Target }}.log
|
|
|
|
- id: windows-build
|
|
binary: grype
|
|
goos:
|
|
- windows
|
|
goarch:
|
|
- amd64
|
|
mod_timestamp: *build-timestamp
|
|
ldflags: *build-ldflags
|
|
|
|
archives:
|
|
- id: linux-archives
|
|
builds:
|
|
- linux-build
|
|
|
|
- id: darwin-archives
|
|
builds:
|
|
- darwin-build
|
|
|
|
- id: windows-archives
|
|
format: zip
|
|
builds:
|
|
- windows-build
|
|
|
|
nfpms:
|
|
- license: "Apache 2.0"
|
|
maintainer: "Anchore, Inc"
|
|
homepage: &website "https://github.com/anchore/grype"
|
|
description: &description "A vulnerability scanner for container images and filesystems"
|
|
formats:
|
|
- rpm
|
|
- deb
|
|
|
|
brews:
|
|
- tap:
|
|
owner: anchore
|
|
name: homebrew-grype
|
|
token: "{{.Env.GITHUB_BREW_TOKEN}}"
|
|
ids:
|
|
- darwin-archives
|
|
- linux-archives
|
|
homepage: *website
|
|
description: *description
|
|
license: "Apache License 2.0"
|
|
|
|
dockers:
|
|
- image_templates:
|
|
- anchore/grype:debug
|
|
- anchore/grype:{{.Tag}}-debug
|
|
- ghcr.io/anchore/grype:debug
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug
|
|
goarch: amd64
|
|
dockerfile: Dockerfile.debug
|
|
use: buildx
|
|
build_flag_templates:
|
|
- "--platform=linux/amd64"
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
- image_templates:
|
|
- anchore/grype:debug-arm64v8
|
|
- anchore/grype:{{.Tag}}-debug-arm64v8
|
|
- ghcr.io/anchore/grype:debug-arm64v8
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug-arm64v8
|
|
goarch: arm64
|
|
dockerfile: Dockerfile.debug
|
|
use: buildx
|
|
build_flag_templates:
|
|
- "--platform=linux/arm64/v8"
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
- image_templates:
|
|
- anchore/grype:debug-ppc64le
|
|
- anchore/grype:{{.Tag}}-debug-ppc64le
|
|
- ghcr.io/anchore/grype:debug-ppc64le
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug-ppc64le
|
|
goarch: ppc64le
|
|
dockerfile: Dockerfile.debug
|
|
use: buildx
|
|
build_flag_templates:
|
|
- "--platform=linux/ppc64le"
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
- image_templates:
|
|
- anchore/grype:debug-s390x
|
|
- anchore/grype:{{.Tag}}-debug-s390x
|
|
- ghcr.io/anchore/grype:debug-s390x
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug-s390x
|
|
goarch: s390x
|
|
dockerfile: Dockerfile.debug
|
|
use: buildx
|
|
build_flag_templates:
|
|
- "--platform=linux/s390x"
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
- image_templates:
|
|
- anchore/grype:latest
|
|
- anchore/grype:{{.Tag}}
|
|
- ghcr.io/anchore/grype:latest
|
|
- ghcr.io/anchore/grype:{{.Tag}}
|
|
goarch: amd64
|
|
dockerfile: Dockerfile
|
|
use: buildx
|
|
build_flag_templates:
|
|
- "--platform=linux/amd64"
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
- image_templates:
|
|
- anchore/grype:{{.Tag}}-arm64v8
|
|
- ghcr.io/anchore/grype:{{.Tag}}-arm64v8
|
|
goarch: arm64
|
|
dockerfile: Dockerfile
|
|
use: buildx
|
|
build_flag_templates:
|
|
- "--platform=linux/arm64/v8"
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
- image_templates:
|
|
- anchore/grype:{{.Tag}}-ppc64le
|
|
- ghcr.io/anchore/grype:{{.Tag}}-ppc64le
|
|
goarch: ppc64le
|
|
dockerfile: Dockerfile
|
|
use: buildx
|
|
build_flag_templates:
|
|
- "--platform=linux/ppc64le"
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
- image_templates:
|
|
- anchore/grype:{{.Tag}}-s390x
|
|
- ghcr.io/anchore/grype:{{.Tag}}-s390x
|
|
goarch: s390x
|
|
dockerfile: Dockerfile
|
|
use: buildx
|
|
build_flag_templates:
|
|
- "--platform=linux/s390x"
|
|
- "--build-arg=BUILD_DATE={{.Date}}"
|
|
- "--build-arg=BUILD_VERSION={{.Version}}"
|
|
- "--build-arg=VCS_REF={{.FullCommit}}"
|
|
- "--build-arg=VCS_URL={{.GitURL}}"
|
|
|
|
docker_manifests:
|
|
- name_template: anchore/grype:latest
|
|
image_templates:
|
|
- anchore/grype:{{.Tag}}
|
|
- anchore/grype:{{.Tag}}-arm64v8
|
|
- anchore/grype:{{.Tag}}-ppc64le
|
|
- anchore/grype:{{.Tag}}-s390x
|
|
|
|
- name_template: anchore/grype:debug
|
|
- anchore/grype:{{.Tag}}-debug
|
|
- anchore/grype:{{.Tag}}-debug-arm64v8
|
|
- anchore/grype:{{.Tag}}-debug-ppc64le
|
|
- anchore/grype:{{.Tag}}-debug-s390x
|
|
|
|
- name_template: anchore/grype:{{.Tag}}
|
|
image_templates:
|
|
- anchore/grype:{{.Tag}}
|
|
- anchore/grype:{{.Tag}}-arm64v8
|
|
- anchore/grype:{{.Tag}}-ppc64le
|
|
- anchore/grype:{{.Tag}}-s390x
|
|
|
|
- name_template: ghcr.io/anchore/grype:latest
|
|
image_templates:
|
|
- ghcr.io/anchore/grype:{{.Tag}}
|
|
- ghcr.io/anchore/grype:{{.Tag}}-arm64v8
|
|
- ghcr.io/anchore/grype:{{.Tag}}-ppc64le
|
|
- ghcr.io/anchore/grype:{{.Tag}}-s390x
|
|
|
|
- name_template: ghcr.io/anchore/grype:debug
|
|
image_templates:
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug-arm64v8
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug-ppc64le
|
|
- ghcr.io/anchore/grype:{{.Tag}}-debug-s390x
|
|
|
|
- name_template: ghcr.io/anchore/grype:{{.Tag}}
|
|
image_templates:
|
|
- ghcr.io/anchore/grype:{{.Tag}}
|
|
- ghcr.io/anchore/grype:{{.Tag}}-arm64v8
|
|
- ghcr.io/anchore/grype:{{.Tag}}-ppc64le
|
|
- ghcr.io/anchore/grype:{{.Tag}}-s390x
|
|
|