Commit graph

298 commits

Author SHA1 Message Date
Alex Goodman
05611c283d
bootstrap within composite action (#1461)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-01-17 10:04:22 -05:00
Weston Steimel
e87cfe7319
chore: remove bumping cosign in go.mod when updating bootstrap tools (#1452) 2023-01-12 16:21:01 -05:00
Alex Goodman
e0acfa98c7
add s3 credentials to release (#1309)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-11-02 15:48:37 +00:00
Keith Zantow
35f0f2931e
chore: update goreleaser brew token (#1306) 2022-11-02 10:05:20 -04:00
Keith Zantow
ba57f3db51
chore: update github token permissions for goreleaser (#1305) 2022-11-01 16:28:37 +00:00
Christopher Angelo Phillips
4c5c6f6319
fix: update ci secret to use new password (#1304) 2022-11-01 14:30:29 +00:00
Christopher Angelo Phillips
1b69fbd566
fix: update secret value to use new cert cahin (#1303)
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2022-11-01 00:05:40 +00:00
Alex Goodman
28cadfdb5d
replace signing tooling with quill (#1280)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-10-24 13:03:10 -04:00
Keith Zantow
b20310eaf8
Add gosimports (#1205) 2022-09-14 13:38:18 -04:00
Keith Zantow
70db13d49e
Add RPM file scanning support (#1188) 2022-09-07 14:16:30 -04:00
Weston Steimel
6949a2500f
Fix update-bootstrap-tools workflow (#1170) 2022-08-22 16:17:28 +00:00
Weston Steimel
5282820b5d
workflow to create automated PRs to update bootstrap tools (#1167) 2022-08-22 11:28:24 -04:00
Keith Zantow
69bde44c6e
Update stereoscope to get rid of the replace directive (#1140) 2022-08-03 12:24:20 -04:00
Christopher Angelo Phillips
f5d02d4e52
improve docker release bootstrap (#1136) 2022-08-02 15:44:24 +00:00
Christopher Angelo Phillips
1bf97af3fb
remove docker assets from main goreleaser configuration to reduce mac-os runner friction (#1133) 2022-08-01 21:08:38 +00:00
Christopher Angelo Phillips
ca69fb8370
remove prefixed v from tag to match release (#1131) 2022-08-01 15:07:58 +00:00
Christopher Angelo Phillips
8f21180681
rollback actions-setup-docker to earlier version (#1130) 2022-08-01 14:10:50 +00:00
Christopher Angelo Phillips
20ad59ad1b
Delete pr_action.yaml (#1120) 2022-07-27 17:12:00 +00:00
Christopher Angelo Phillips
ba685eada8
Add PR action back to workflow with new token (#1086) 2022-07-06 09:31:51 -04:00
Christopher Angelo Phillips
3ce1a4aac1
remove pr automation until service account creation (#1080) 2022-06-30 21:43:24 +00:00
Christopher Angelo Phillips
f35a252ecf
add workflows to test new project automation (#1023) 2022-06-08 09:42:53 -04:00
Keith Zantow
321eddf874
Auto-PR needs to run go mod tidy (#958) 2022-04-13 16:30:35 -04:00
Keith Zantow
25bf679f8f
Add workflow for automatic PR for new stereoscope updates (#954) 2022-04-13 13:20:40 -04:00
Alex Goodman
e415bb21e7
Update write permissions and log into ghcr.io for release (#942) 2022-04-06 21:15:55 +00:00
Alex Goodman
7f9edf346a
Bump golangci-lint to 1.45.0 (#909) 2022-03-22 11:02:36 -04:00
Jonas Xavier
6ef3e45ffc
Use go 1.18 buildinfo to catalog binaries (#827)
* initial working version

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* added build settings to pkg metadata

wip - unit tests

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* handle mach-O FatFiles

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* add support to mod replace

fixed golang catalger tests

trying GH Actions with go 1.18rc1

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* log error

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* use go-macholibre for extraction

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* cleaner tests

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* add version to main module

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* check macho file with macholibre

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* run golangci in its own workflow

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* wip - golangci workflow

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* fix golangci wf yml

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* fix golangci wf yml

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* wip - golangci wf

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* wip - golangci wf

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* get arch from bin file headers

upgrade macholibre

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* go mod tidy

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* test new stereoscope lazy reader interface

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* go mod tidy

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* remove devel version from golang cataloger

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* go mod tidy

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* switch github workflows to go1.18 stable

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* add union reader interface in golang cataloger

update stereoscope

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* go mod tidy

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* simpler golangci validation

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* fix makefile

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* get archs refactor

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* nolint for golang version

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* fix go bin tests

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* feedback changes

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* golangci nolint needs a \n before package

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* cleanup

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* move golangci-lint to its own jobs again

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* fix ci yaml

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* add support for xcoff files

add arch assets to test bin file types

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* clean up golangci-lint config

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* nolint for xcoff

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* explain nolints

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* remove unused xcoff testdata assets

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* make go bin test-fixtures in docker

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* fix make clean with -f

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* update json output schema

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* update schema version in test fixture

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* feedback changes

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>

* explain possible empty main module

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
2022-03-16 17:07:02 -07:00
Alex Goodman
635904fcb6
Reduce PR check failures (#858) 2022-03-02 17:51:37 +00:00
Christopher Angelo Phillips
256e85bc12
510 - SBOM attestation stdout (#785)
add syft attest command to produce an attestation as application/vnd.in-toto+json to standard out using on disk PKI

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2022-02-22 21:45:12 -05:00
Alex Goodman
55c7f3d1e7
Upgrade install.sh to support installations for previous versions (#830) 2022-02-15 22:23:11 +00:00
Christopher Angelo Phillips
8f96adacfb
Upgrade golang to 1.17 (#809)
* initial upgrade workflow

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* update go.mod

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2022-02-09 11:08:24 -05:00
Alex Goodman
341288ba29
Normalize snapshot and release artifacts (#789)
* refactor signing steps in release/snapshot workflows

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* show signing logs on snapshot or release failure

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update install.sh + tests to account for new goreleaser changes

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update cli tests to account for new goreleaser build names

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* fix acceptance test to use new snapshot bin path

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add notarization

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* address review comments

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-02-04 12:41:37 -05:00
Alex Goodman
f38b0b7256
Refactor install.sh (#765)
* [wip] get assets based on gh api

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* put install.sh download_asset fn under test

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* put install.sh install_asset fn under test

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* use zip for darwin installs

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* fix install.sh negative test cases

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* allow errors to propagate in install.sh

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* remove exit on error from install.sh tests

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add more docs around install.sh helpers

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add integration tests for install.sh

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add install.sh testing to pipeline

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add install test cache to CI

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* make colors globally available

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* test download against github release

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* always test release-based install against latest release

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* use better install.sh test names

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-02-01 16:58:47 -05:00
Christopher Angelo Phillips
1c63943055
Add arm64 image support and Darwin M1 support to .goreleaser.yaml (#591)
* update support arm64

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>

* small update syntax

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>

* restore release command

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>

* add docker manifests

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2021-10-26 09:42:35 -04:00
Alex Goodman
4bf08e6b6d
swap out the changelog generator for chronicle tool (#580)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-10-21 13:37:13 -04:00
Christopher Angelo Phillips
10fa8dc7c9
Add windows support (#548)
* update  build tags, ui support, and stereoscope, and release for windows support

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2021-10-21 12:49:36 -04:00
Alex Goodman
cbdb72ea22
remove unnecessary codeql checkout from second parent commit (#567)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-10-18 13:31:19 -04:00
Keith Zantow
e5caba043d
Add SBOM to releases (#500)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2021-09-24 20:21:23 -04:00
Alex Goodman
ddfc8e20c0
Revert "disable docker releases (workaround) (#493)" (#501)
This reverts commit 06dcd3261d.

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-09-13 13:06:23 -04:00
Alex Goodman
06dcd3261d
disable docker releases (workaround) (#493)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-09-03 21:29:34 +00:00
Alex Goodman
6e70d8af98
respond to pull_request events for internal PRs
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-06-16 12:48:50 -04:00
Alex Goodman
5e1e2628cf
align check names to release quality gate
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-04-22 16:20:21 -04:00
Alex Goodman
0c100c4037
change mac acceptance test image.tar path
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-04-16 09:57:13 -04:00
Alex Goodman
8658abc8c4
ignore failures on benchmark sticky comment
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-29 11:59:49 -04:00
Alex Goodman
2a9b1b2680
move docker login after keychain creation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-26 10:41:44 -04:00
Alex Goodman
cfec812804
enable release environment (manual approval for releases)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-25 12:01:20 -04:00
Alex Goodman
ac4b653721
fix sticky benchmark comment on PRs
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-25 11:53:05 -04:00
Alex Goodman
51bf9f9e05
manually login to docker via cli during release
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 17:57:41 -04:00
Alex Goodman
1b7c755536
add file-type mix as golden image
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 16:50:57 -04:00
Alex Goodman
8854d83934
cache mac acceptance image
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 15:03:25 -04:00
Alex Goodman
12f419111e
remove docker layer cache from validation pipeline
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 13:04:13 -04:00
Alex Goodman
77e4c89a5a
bump coverage threshold + use ubuntu for snapshot builds
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 10:28:57 -04:00
Alex Goodman
e3b1522394
upgrade goreleaser + constrain pipeline tool cache
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 06:58:30 -04:00
Alex Goodman
36e4af1953
adjust jsom schema version + adopt java pom properies test fixtures
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-22 11:27:01 -04:00
Alex Goodman
abca2c5f0b
remove token usage from benchmark sticky comment action
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-22 10:58:09 -04:00
Alex Goodman
f180d1c537
improve config parsing + fix command deprecation warning
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-22 10:58:09 -04:00
Alex Goodman
b1b57f6ba6
remove benchmark test event filter in validations pipeline
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-22 10:58:08 -04:00
Alex Goodman
1d87f07da1
update pipeline with new levels of testing
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-22 10:58:07 -04:00
Alex Goodman
83778677c1
run snapshot build on ubuntu
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-19 08:42:27 -04:00
Alex Goodman
9f57e17887
add labels to the docker image + pin the docker pipeline install version
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-18 16:28:03 -04:00
Alex Goodman
e9105c180a
add dockerfile + docker build step
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-11 16:45:20 -05:00
Alex Goodman
c7b26c55ac
add docker to mac instance
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-11 14:01:00 -05:00
Alex Goodman
5e62bca72f
Revert "Add docker image and refactor release pipeline (#310)"
This reverts commit 6195002ae5.

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2021-03-11 12:42:18 -05:00
Dan Luhring
6195002ae5
Add docker image and refactor release pipeline (#310)
* Create independent build targets for Mac and Linux

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Create targets for macOS signing and notarization

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Create target for Linux packaging

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Update release workflow and leverage new make targets

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Add release assets to release draft

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Add homebrew formula release follow-up and improve Makefile

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Add follow-up workflow for updating version check file

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Get rid of fetch depth 0 for checkout action

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Add follow-up workflow for Docker images

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Restore wait-for-checks job

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Replace make functions with shell functions

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Account for envsubst command in bootstrap-ci-linux

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* move homebrew generation into script

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add release approval step; remove goreleaser; add docker image smoke testing in acceptance step

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* replace homebrew formula template file with heredoc template

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update release documentation

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-10 13:25:31 -05:00
Dan Luhring
bf2d5ed87e
Pin actions/cache to v2.1.3
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2021-02-05 11:15:53 -05:00
Alex Goodman
a56292e2e0
Revert "Add the ability to run syft from a scratch image."
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2020-12-16 16:54:34 -05:00
Toure Dunnon
a19496b846 added: Docker login github action to publish new images
Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
2020-12-15 11:07:14 -05:00
Dan Luhring
ecfc471ce5
Resolve security warning for macOS users (#249)
* Add support for macOS signing and notarization

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Use Docker to run the changelog generator locally

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2020-11-04 15:47:55 -05:00
Alex Goodman
cc466e47da
bump python version for acceptance tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-27 14:53:52 -04:00
Alex Goodman
103f0617f5
bootstrap cached deps and ci deps separately for acceptance tests
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-23 10:42:57 -04:00
Alex Goodman
4c751cb1d4
Merge pull request #222 from VinodAnandan/main
Enable CodeQL Security Scan
2020-10-15 23:11:01 -04:00
Vinod Anandan
0f92f16eb6 Enable CodeQL Security Scan
https://github.blog/2020-09-30-code-scanning-is-now-available/

remove java from codeql scan

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Vinod Anandan <vinod.anandan@jpmorgan.com>
2020-10-16 03:02:09 +01:00
Alex Goodman
1bf1e643eb
restore original release token
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-15 14:41:28 -04:00
Alex Goodman
dcb5d6d08e
remove greeter action since it is broken for forked PRs (#223)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-15 10:20:09 -04:00
Alex Goodman
2b932f8d65
run tests on fork PRs (#210)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-09 07:45:05 -04:00
Robert Prince
587589bfe3
Add first issue/PR welcome message action (#185)
* Add first issue/PR welcome message action

Signed-off-by: Robert Prince <robert.prince@anchore.com>

* update first-pr-issue message with a simple greeting

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2020-10-08 15:42:46 -04:00
Alex Goodman
956af57d3b
update release token name
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-08 14:37:06 -04:00
Alex Goodman
262a0888a8
fix release pipeline to wait for GHA check names
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-08 13:57:43 -04:00
Alex Goodman
da0eb6f20f
fix acceptance tests & add notification upon failures (#204)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-08 11:07:00 -04:00
Alex Goodman
16b23e7994
add gha pipeline to replace circlei pipeline (#202)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-10-07 12:20:51 -04:00
Alex Goodman
2844b9878f
add release notification
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 23:21:16 -04:00
Alex Goodman
8b81c87d18
remove unreleased tags and exclude size labels
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 22:59:19 -04:00
Alex Goodman
9bd9dad76c
remove unrelease changelog option
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 18:11:02 -04:00
Alex Goodman
6d9f9a9b3b
pin the two tags used for release autochangelog
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 17:57:51 -04:00
Alex Goodman
f4502fc824
Add notifications around the release process (#184)
* add pipeline notification upon release

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add pending notification to release pipeline

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-09-25 16:58:56 -04:00
Alex Goodman
90bd68e44c
Disable prerelease version update check (#140)
* disable prerelease version update check

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* use prerelease flag as source of truth for user notifications

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-11 09:54:04 -04:00
Alex Goodman
676544b6ab
use token on release
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-10 18:28:43 -04:00
Alex Goodman
2d452bf59e
Add inline-comparison as acceptance test (#130)
* add inline-compare as acceptance test

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add additional RPM metadata

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add comments and doc strings to the compare-* make targets

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-10 10:33:44 -04:00
Alex Goodman
a3a3e3848f
replace master with main (#128)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-07 13:27:11 -04:00
Alex Goodman
f855a38a01
pull all commits on checkout for release to build changelog (#126) 2020-08-06 08:28:01 -04:00
Alex Goodman
ad1a72c6ff
ignore prerelease verions when uploading version file on release 2020-07-29 14:54:47 -04:00
Alex Goodman
19eadde9ca
use aws creds for version file upload 2020-07-27 09:55:11 -04:00
Alex Goodman
c9dea59232
verify signing fingerprint 2020-07-25 09:59:48 -04:00
Alex Goodman
1ba0678cf6
provide signed checksums 2020-07-25 08:42:50 -04:00
Alex Goodman
f3428e49b8
add release quality gate 2020-07-25 07:23:15 -04:00
Alex Goodman
585569e929
fix gha go cache key; rm brew until oss release 2020-07-25 07:18:21 -04:00
Alex Goodman
32bd57886e
add publish release 2020-07-25 07:09:20 -04:00
Alex Goodman
44f26c7f90
update release quality gate version 2020-07-25 07:03:57 -04:00
Alex Goodman
ba4f63099d
Add release process (#89)
* add check for app update; fix ETUI error handling

* validate user args

* add goreleaser support

* replace cgo dependencies (go-rpm) with go equivalents

* add acceptance tests against build snapshot

* add brew tap + acceptance test pipeline

* add mac acceptance tests

* fix compare makefile

* fix mac acceptance tests

* add release pipeline with wait checks

* add token to release step

* rm dir presenters int test

* enforce dpkg to be non interactive

Co-authored-by: Alfredo Deza <adeza@anchore.com>

* pin brew formulae

* pin skopeo to formulae url

* only run acceptance tests

Co-authored-by: Alfredo Deza <adeza@anchore.com>
2020-07-23 10:52:44 -04:00