Commit graph

54 commits

Author SHA1 Message Date
Alex Goodman
6ae5b2904d
re-add cosign signing checksums file (#2572)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-31 13:19:41 -05:00
Alex Goodman
377538e4a6
revert cosign signing of release checksums file (#2571)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-31 16:58:24 +00:00
Alex Goodman
aa702a72b4
Sign checksums file and add SBOMs on release (#2548)
* with release signature of checksums file
* attach SBOMs to the release
* update acceptance tests
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-01-30 13:16:40 -05:00
Alex Goodman
7315f83f9d
Upgrade tool management (#2188)
* migrate to binny and taskfile

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* update binny to not require github token

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* added support for automatically building snapshots

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* detect source changes for snapshot builds

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* fail workflow explicitly when snapshot cache restoral fails

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* match snapshot restoral paths

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-25 09:08:43 -04:00
Keith Zantow
2b7a9d0be3
chore: update CLI to CLIO (#2001)
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-08-29 15:52:26 -04:00
Alex Goodman
05611c283d
bootstrap within composite action (#1461)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2023-01-17 10:04:22 -05:00
Keith Zantow
35f0f2931e
chore: update goreleaser brew token (#1306) 2022-11-02 10:05:20 -04:00
Alex Goodman
28cadfdb5d
replace signing tooling with quill (#1280)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-10-24 13:03:10 -04:00
Christopher Angelo Phillips
1bf97af3fb
remove docker assets from main goreleaser configuration to reduce mac-os runner friction (#1133) 2022-08-01 21:08:38 +00:00
Mayur Waghmode
f1c5463a6b
Added ppc64le supported to the syft:debug image (#1124) 2022-07-28 14:18:11 -04:00
Mayur Waghmode
af330c8a37
Added s390x support (#1117) 2022-07-27 16:33:54 -04:00
Mayur Waghmode
51727fcf2d
Added ppc64le support (#1099)
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
2022-07-21 09:12:52 -04:00
Christopher Angelo Phillips
5dc729b67e
patch-distroless-ghcr (#1110) 2022-07-20 16:51:49 -04:00
Christopher Angelo Phillips
7bae9d4b4e
add distroless debug image to published release (#1106)
add debug distroless image to published release

Debian was chosen based on the fact that it is the smallest available distroless image
The new tag is `anchore/syft:debug`

Closes #833
2022-07-20 15:54:46 +00:00
Christopher Angelo Phillips
82de24cf7c
change draft to false for release process (#1016) 2022-06-01 11:55:33 -04:00
Christopher Angelo Phillips
6029dd7c2e
refactor command package to remove globals and add dependency injection 2022-04-26 18:23:03 +00:00
Alex Goodman
68b7ad9770
Additionally publish docker images to GHCR (#934) 2022-04-01 11:30:21 -04:00
Alex Goodman
d2f28e0eb1
Restore single goreleaser file (#853) 2022-02-28 14:46:41 +00:00
Alex Goodman
24cd39089a
Share import mac code signing certificate steps for release (#851) 2022-02-25 20:07:03 -05:00
Alex Goodman
c89131bcf3
Bump release timeout (#848) 2022-02-25 16:32:57 +00:00
Christopher Angelo Phillips
52d2e62cdc
remove duplicate manifest lines (#828) 2022-02-15 12:51:02 -05:00
Alex Goodman
2c62651c82
run signing as post-build step (#803)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-02-07 16:55:15 -05:00
Alex Goodman
5519a25035
dont add signing artifact (#802)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-02-07 17:03:09 +00:00
Alex Goodman
e7bef5e511
split signing setup into pre-release hook (#794)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-02-04 16:49:42 -05:00
Alex Goodman
341288ba29
Normalize snapshot and release artifacts (#789)
* refactor signing steps in release/snapshot workflows

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* show signing logs on snapshot or release failure

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update install.sh + tests to account for new goreleaser changes

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update cli tests to account for new goreleaser build names

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* fix acceptance test to use new snapshot bin path

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add notarization

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* address review comments

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-02-04 12:41:37 -05:00
Christopher Angelo Phillips
c350bd55f6
update sign sed command to include windows zip (#755)
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2022-01-19 17:08:04 -05:00
Christopher Angelo Phillips
dfefd2ea4e
update goreleaser with windows checksums (#740)
* update goreleaser with windows checksums

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* update format to be closer to our previous implementation

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* remove linux replacement

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>

* typo

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2022-01-10 14:52:31 -05:00
Christopher Angelo Phillips
3286a4d4cc
update docker manifest tagging (#600)
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2021-10-28 15:41:39 -04:00
Christopher Angelo Phillips
0ff7013382
update manifest to use Tag over Version
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2021-10-28 15:05:34 -04:00
Christopher Angelo Phillips
71708e5bf8
update goreleaser with correct tag information (#598)
Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2021-10-28 13:37:22 -04:00
Christopher Angelo Phillips
1c63943055
Add arm64 image support and Darwin M1 support to .goreleaser.yaml (#591)
* update support arm64

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>

* small update syntax

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>

* restore release command

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>

* add docker manifests

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2021-10-26 09:42:35 -04:00
Christopher Angelo Phillips
10fa8dc7c9
Add windows support (#548)
* update  build tags, ui support, and stereoscope, and release for windows support

Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
2021-10-21 12:49:36 -04:00
Alex Goodman
ddfc8e20c0
Revert "disable docker releases (workaround) (#493)" (#501)
This reverts commit 06dcd3261d.

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-09-13 13:06:23 -04:00
Alex Goodman
06dcd3261d
disable docker releases (workaround) (#493)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-09-03 21:29:34 +00:00
Alex Goodman
e3b1522394
upgrade goreleaser + constrain pipeline tool cache
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-23 06:58:30 -04:00
Alex Goodman
9f57e17887
add labels to the docker image + pin the docker pipeline install version
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-18 16:28:03 -04:00
Alex Goodman
e9105c180a
add dockerfile + docker build step
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-11 16:45:20 -05:00
Alex Goodman
5e62bca72f
Revert "Add docker image and refactor release pipeline (#310)"
This reverts commit 6195002ae5.

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2021-03-11 12:42:18 -05:00
Dan Luhring
6195002ae5
Add docker image and refactor release pipeline (#310)
* Create independent build targets for Mac and Linux

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Create targets for macOS signing and notarization

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Create target for Linux packaging

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Update release workflow and leverage new make targets

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Add release assets to release draft

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Add homebrew formula release follow-up and improve Makefile

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Add follow-up workflow for updating version check file

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Get rid of fetch depth 0 for checkout action

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Add follow-up workflow for Docker images

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Restore wait-for-checks job

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Replace make functions with shell functions

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Account for envsubst command in bootstrap-ci-linux

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* move homebrew generation into script

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add release approval step; remove goreleaser; add docker image smoke testing in acceptance step

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* replace homebrew formula template file with heredoc template

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update release documentation

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
2021-03-10 13:25:31 -05:00
Alex Goodman
a56292e2e0
Revert "Add the ability to run syft from a scratch image."
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2020-12-16 16:54:34 -05:00
Toure Dunnon
07f2c2f702 Add the ability to run syft from a scratch image.
This change will allow endusers or CI to run syft from a
minimum image which will simplify CI deployment.

Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
2020-12-14 08:10:46 -05:00
Alex Goodman
7e270bf76c
restore the checksum file during release
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-11-11 15:11:51 -05:00
Dan Luhring
8627ea88ce
Fix usage of goreleaser's artifact pipeline
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2020-11-11 14:29:55 -05:00
Dan Luhring
7bced775c4
Add zip to gon outputs
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2020-11-11 12:30:29 -05:00
Dan Luhring
8fb5b17dbd
Use .Version in place of .Tag for release asset name
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2020-11-06 13:36:02 -05:00
Dan Luhring
ecfc471ce5
Resolve security warning for macOS users (#249)
* Add support for macOS signing and notarization

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Use Docker to run the changelog generator locally

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2020-11-04 15:47:55 -05:00
Dan Luhring
5adfce19e0
Set prerelease to auto (#189)
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
2020-09-29 16:33:40 -04:00
Alex Goodman
d85d0ac418
add changelog generation (#162)
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-27 08:10:56 -04:00
Alex Goodman
647c806ee4
Add install script + brew tap (#138)
* add install script

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add brew tap

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* rm install warning

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* force non-prereleases

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2020-08-10 17:15:00 -04:00
Alex Goodman
1ba0678cf6
provide signed checksums 2020-07-25 08:42:50 -04:00