tools: # we want to use a pinned version of binny to manage the toolchain (so binny manages itself!) - name: binny version: want: v0.8.0 method: github-release with: repo: anchore/binny # used to produce SBOMs during release - name: syft version: want: latest method: github-release with: repo: anchore/syft # used to sign mac binaries at release - name: quill version: want: v0.4.2 method: github-release with: repo: anchore/quill # used for linting - name: golangci-lint version: want: v1.60.3 method: github-release with: repo: golangci/golangci-lint # used for showing the changelog at release - name: glow version: want: v2.0.0 method: github-release with: repo: charmbracelet/glow # used for signing the checksums file at release - name: cosign version: want: v2.4.0 method: github-release with: repo: sigstore/cosign # used in integration tests to verify JSON schemas - name: yajsv version: want: v1.4.1 method: github-release with: repo: neilpa/yajsv # used to release all artifacts - name: goreleaser version: want: v2.2.0 method: github-release with: repo: goreleaser/goreleaser # used for organizing imports during static analysis - name: gosimports version: want: v0.3.8 method: github-release with: repo: rinchsan/gosimports # used at release to generate the changelog - name: chronicle version: want: v0.8.0 method: github-release with: repo: anchore/chronicle # used during static analysis for license compliance - name: bouncer version: want: v0.4.0 method: github-release with: repo: wagoodman/go-bouncer # used for showing benchmark testing - name: benchstat version: want: latest method: go-proxy with: module: golang.org/x/perf allow-unresolved-version: true method: go-install with: entrypoint: cmd/benchstat module: golang.org/x/perf # used for running all local and CI tasks - name: task version: want: v3.38.0 method: github-release with: repo: go-task/task # used for triggering a release - name: gh version: want: v2.55.0 method: github-release with: repo: cli/cli