2020-07-25 11:33:24 +00:00
|
|
|
release:
|
2020-08-27 12:10:56 +00:00
|
|
|
# If set to auto, will mark the release as not ready for production in case there is an indicator for this in the
|
|
|
|
|
# tag e.g. v1.0.0-rc1 .If set to true, will mark the release as not ready for production.
|
2020-09-29 20:33:40 +00:00
|
|
|
prerelease: auto
|
2020-07-25 11:33:24 +00:00
|
|
|
|
2020-08-27 12:10:56 +00:00
|
|
|
# If set to true, will not auto-publish the release. This is done to allow us to review the changelog before publishing.
|
|
|
|
|
draft: true
|
|
|
|
|
|
2020-11-04 20:47:55 +00:00
|
|
|
# This ensures any macOS signed artifacts get included with the release.
|
|
|
|
|
extra_files:
|
|
|
|
|
- glob: "./dist/*.dmg"
|
2020-07-25 11:47:14 +00:00
|
|
|
|
2020-07-23 14:52:44 +00:00
|
|
|
builds:
|
2020-07-24 00:54:04 +00:00
|
|
|
- binary: syft
|
2020-11-04 20:47:55 +00:00
|
|
|
id: syft
|
2020-07-23 14:52:44 +00:00
|
|
|
env:
|
|
|
|
|
- CGO_ENABLED=0
|
|
|
|
|
goos:
|
|
|
|
|
# windows not supported yet (due to jotframe)
|
|
|
|
|
# - windows
|
|
|
|
|
- linux
|
2020-11-04 20:47:55 +00:00
|
|
|
goarch:
|
|
|
|
|
- amd64
|
|
|
|
|
# Set the modified timestamp on the output binary to the git timestamp (to ensure a reproducible build)
|
|
|
|
|
mod_timestamp: '{{ .CommitTimestamp }}'
|
|
|
|
|
ldflags: |
|
|
|
|
|
-w
|
|
|
|
|
-s
|
|
|
|
|
-extldflags '-static'
|
|
|
|
|
-X github.com/anchore/syft/internal/version.version={{.Version}}
|
|
|
|
|
-X github.com/anchore/syft/internal/version.gitCommit={{.Commit}}
|
|
|
|
|
-X github.com/anchore/syft/internal/version.buildDate={{.Date}}
|
|
|
|
|
-X github.com/anchore/syft/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}}
|
|
|
|
|
# For more info on this macOS build, see: https://github.com/mitchellh/gon#usage-with-goreleaser
|
|
|
|
|
- binary: syft
|
|
|
|
|
id: syft-macos
|
|
|
|
|
env:
|
|
|
|
|
- CGO_ENABLED=0
|
|
|
|
|
goos:
|
2020-07-23 14:52:44 +00:00
|
|
|
- darwin
|
|
|
|
|
goarch:
|
|
|
|
|
- amd64
|
|
|
|
|
# Set the modified timestamp on the output binary to the git timestamp (to ensure a reproducible build)
|
|
|
|
|
mod_timestamp: '{{ .CommitTimestamp }}'
|
|
|
|
|
ldflags: |
|
|
|
|
|
-w
|
|
|
|
|
-s
|
|
|
|
|
-extldflags '-static'
|
2020-07-24 00:54:04 +00:00
|
|
|
-X github.com/anchore/syft/internal/version.version={{.Version}}
|
|
|
|
|
-X github.com/anchore/syft/internal/version.gitCommit={{.Commit}}
|
|
|
|
|
-X github.com/anchore/syft/internal/version.buildDate={{.Date}}
|
|
|
|
|
-X github.com/anchore/syft/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}}
|
2020-11-04 20:47:55 +00:00
|
|
|
hooks:
|
|
|
|
|
post: ./.github/scripts/mac-sign-and-notarize.sh "{{.IsSnapshot}}" "gon.hcl" "./dist/syft_{{.Tag}}_{{.Target}}.dmg"
|
|
|
|
|
|
|
|
|
|
signs:
|
|
|
|
|
- artifacts: checksum
|
|
|
|
|
args: ["--output", "${signature}", "--detach-sign", "${artifact}"]
|
2020-07-23 14:52:44 +00:00
|
|
|
|
|
|
|
|
nfpms:
|
|
|
|
|
- license: "Apache 2.0"
|
|
|
|
|
maintainer: "Anchore, Inc"
|
2020-07-24 00:54:04 +00:00
|
|
|
homepage: &website "https://github.com/anchore/syft"
|
2020-07-23 14:52:44 +00:00
|
|
|
description: &description "A tool that generates a Software Bill Of Materials (SBOM) from container images and filesystems"
|
|
|
|
|
formats:
|
|
|
|
|
- rpm
|
|
|
|
|
- deb
|
|
|
|
|
|
2020-08-10 21:15:00 +00:00
|
|
|
brews:
|
|
|
|
|
- tap:
|
|
|
|
|
owner: anchore
|
|
|
|
|
name: homebrew-syft
|
|
|
|
|
homepage: *website
|
|
|
|
|
description: *description
|
2020-07-23 14:52:44 +00:00
|
|
|
|
|
|
|
|
archives:
|
|
|
|
|
- format: tar.gz
|
2020-11-04 20:47:55 +00:00
|
|
|
builds:
|
|
|
|
|
- syft # i.e. Linux only
|
2020-07-23 14:52:44 +00:00
|
|
|
format_overrides:
|
|
|
|
|
- goos: windows
|
|
|
|
|
format: zip
|
