2021-03-11 17:41:10 +00:00
|
|
|
release:
|
|
|
|
|
prerelease: auto
|
2022-06-01 15:55:33 +00:00
|
|
|
draft: false
|
2021-03-11 17:41:10 +00:00
|
|
|
|
2022-02-04 21:49:42 +00:00
|
|
|
before:
|
|
|
|
|
hooks:
|
|
|
|
|
- ./.github/scripts/apple-signing/setup.sh {{ .IsSnapshot }}
|
|
|
|
|
|
2021-03-11 17:41:10 +00:00
|
|
|
builds:
|
2022-02-04 17:41:37 +00:00
|
|
|
- id: linux-build
|
2022-04-26 18:23:03 +00:00
|
|
|
dir: ./cmd/syft
|
2022-02-04 17:41:37 +00:00
|
|
|
binary: syft
|
2021-03-11 17:41:10 +00:00
|
|
|
goos:
|
|
|
|
|
- linux
|
|
|
|
|
goarch:
|
|
|
|
|
- amd64
|
2022-01-10 19:52:31 +00:00
|
|
|
- arm64
|
2022-07-21 13:12:52 +00:00
|
|
|
- ppc64le
|
2022-07-27 20:33:54 +00:00
|
|
|
- s390x
|
2022-02-04 17:41:37 +00:00
|
|
|
# set the modified timestamp on the output binary to the git timestamp to ensure a reproducible build
|
|
|
|
|
mod_timestamp: &build-timestamp '{{ .CommitTimestamp }}'
|
|
|
|
|
env: &build-env
|
|
|
|
|
- CGO_ENABLED=0
|
|
|
|
|
ldflags: &build-ldflags |
|
2021-03-11 17:41:10 +00:00
|
|
|
-w
|
|
|
|
|
-s
|
|
|
|
|
-extldflags '-static'
|
|
|
|
|
-X github.com/anchore/syft/internal/version.version={{.Version}}
|
|
|
|
|
-X github.com/anchore/syft/internal/version.gitCommit={{.Commit}}
|
|
|
|
|
-X github.com/anchore/syft/internal/version.buildDate={{.Date}}
|
2022-02-04 17:41:37 +00:00
|
|
|
-X github.com/anchore/syft/internal/version.gitDescription={{.Summary}}
|
2021-10-26 13:42:35 +00:00
|
|
|
|
2022-02-04 17:41:37 +00:00
|
|
|
- id: darwin-build
|
2022-04-26 18:23:03 +00:00
|
|
|
dir: ./cmd/syft
|
2022-02-04 17:41:37 +00:00
|
|
|
binary: syft
|
2021-03-11 17:41:10 +00:00
|
|
|
goos:
|
|
|
|
|
- darwin
|
|
|
|
|
goarch:
|
|
|
|
|
- amd64
|
2021-10-26 13:42:35 +00:00
|
|
|
- arm64
|
2022-02-04 17:41:37 +00:00
|
|
|
mod_timestamp: *build-timestamp
|
|
|
|
|
env: *build-env
|
|
|
|
|
ldflags: *build-ldflags
|
2022-02-07 21:55:15 +00:00
|
|
|
hooks:
|
|
|
|
|
post:
|
2022-02-25 16:32:57 +00:00
|
|
|
# we must have signing as a build hook instead of the signs section. The signs section must register a new
|
|
|
|
|
# asset, where we want to replace an existing asset. A post-build hook has the advantage of not needing to
|
|
|
|
|
# unpackage and repackage a tar.gz with a signed binary
|
2022-02-07 21:55:15 +00:00
|
|
|
- ./.github/scripts/apple-signing/sign.sh "{{ .Path }}" "{{ .IsSnapshot }}" "{{ .Target }}"
|
2022-02-04 17:41:37 +00:00
|
|
|
|
|
|
|
|
- id: windows-build
|
2022-04-26 18:23:03 +00:00
|
|
|
dir: ./cmd/syft
|
2022-02-04 17:41:37 +00:00
|
|
|
binary: syft
|
|
|
|
|
goos:
|
|
|
|
|
- windows
|
|
|
|
|
goarch:
|
|
|
|
|
- amd64
|
|
|
|
|
mod_timestamp: *build-timestamp
|
|
|
|
|
env: *build-env
|
|
|
|
|
ldflags: *build-ldflags
|
2021-03-11 17:41:10 +00:00
|
|
|
|
|
|
|
|
archives:
|
2022-02-04 17:41:37 +00:00
|
|
|
- id: linux-archives
|
|
|
|
|
builds:
|
|
|
|
|
- linux-build
|
2022-01-10 19:52:31 +00:00
|
|
|
|
2022-02-04 17:41:37 +00:00
|
|
|
# note: the signing process is depending on tar.gz archives. If this format changes then .github/scripts/apple-signing/*.sh will need to be adjusted
|
|
|
|
|
- id: darwin-archives
|
2021-03-11 17:41:10 +00:00
|
|
|
builds:
|
2022-02-04 17:41:37 +00:00
|
|
|
- darwin-build
|
|
|
|
|
|
|
|
|
|
- id: windows-archives
|
|
|
|
|
format: zip
|
|
|
|
|
builds:
|
|
|
|
|
- windows-build
|
2021-03-11 17:41:10 +00:00
|
|
|
|
|
|
|
|
nfpms:
|
|
|
|
|
- license: "Apache 2.0"
|
|
|
|
|
maintainer: "Anchore, Inc"
|
|
|
|
|
homepage: &website "https://github.com/anchore/syft"
|
|
|
|
|
description: &description "A tool that generates a Software Bill Of Materials (SBOM) from container images and filesystems"
|
|
|
|
|
formats:
|
|
|
|
|
- rpm
|
|
|
|
|
- deb
|
|
|
|
|
|
|
|
|
|
brews:
|
|
|
|
|
- tap:
|
|
|
|
|
owner: anchore
|
|
|
|
|
name: homebrew-syft
|
2022-01-10 19:52:31 +00:00
|
|
|
ids:
|
2022-02-04 17:41:37 +00:00
|
|
|
- darwin-archives
|
|
|
|
|
- linux-archives
|
2021-03-11 17:41:10 +00:00
|
|
|
homepage: *website
|
|
|
|
|
description: *description
|
2022-01-10 19:52:31 +00:00
|
|
|
license: "Apache License 2.0"
|
