mirror of
https://github.com/anchore/syft
synced 2024-09-20 06:01:53 +00:00
93 lines
3.1 KiB
YAML
93 lines
3.1 KiB
YAML
release:
|
|
# If set to auto, will mark the release as not ready for production in case there is an indicator for this in the
|
|
# tag e.g. v1.0.0-rc1 .If set to true, will mark the release as not ready for production.
|
|
prerelease: auto
|
|
|
|
# If set to true, will not auto-publish the release. This is done to allow us to review the changelog before publishing.
|
|
draft: true
|
|
|
|
# This ensures any macOS signed artifacts get included with the release.
|
|
extra_files:
|
|
- glob: "./dist/*.dmg"
|
|
|
|
builds:
|
|
- binary: syft
|
|
id: syft
|
|
env:
|
|
- CGO_ENABLED=0
|
|
goos:
|
|
# windows not supported yet (due to jotframe)
|
|
# - windows
|
|
- linux
|
|
goarch:
|
|
- amd64
|
|
# Set the modified timestamp on the output binary to the git timestamp (to ensure a reproducible build)
|
|
mod_timestamp: '{{ .CommitTimestamp }}'
|
|
ldflags: |
|
|
-w
|
|
-s
|
|
-extldflags '-static'
|
|
-X github.com/anchore/syft/internal/version.version={{.Version}}
|
|
-X github.com/anchore/syft/internal/version.gitCommit={{.Commit}}
|
|
-X github.com/anchore/syft/internal/version.buildDate={{.Date}}
|
|
-X github.com/anchore/syft/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}}
|
|
# For more info on this macOS build, see: https://github.com/mitchellh/gon#usage-with-goreleaser
|
|
- binary: syft
|
|
id: syft-macos
|
|
env:
|
|
- CGO_ENABLED=0
|
|
goos:
|
|
- darwin
|
|
goarch:
|
|
- amd64
|
|
# Set the modified timestamp on the output binary to the git timestamp (to ensure a reproducible build)
|
|
mod_timestamp: '{{ .CommitTimestamp }}'
|
|
ldflags: |
|
|
-w
|
|
-s
|
|
-extldflags '-static'
|
|
-X github.com/anchore/syft/internal/version.version={{.Version}}
|
|
-X github.com/anchore/syft/internal/version.gitCommit={{.Commit}}
|
|
-X github.com/anchore/syft/internal/version.buildDate={{.Date}}
|
|
-X github.com/anchore/syft/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}}
|
|
|
|
archives:
|
|
- format: tar.gz
|
|
builds:
|
|
- syft # i.e. Linux only
|
|
- format: zip # This is a hack! We don't actually intend to use _this_ ZIP file, we just need goreleaser to consider the ZIP file produced by gon (which will have the same file name) to be an artifact so we can use it downstream in publishing (e.g. to a homebrew tap)
|
|
id: syft-zip
|
|
builds:
|
|
- syft-macos
|
|
|
|
signs:
|
|
- artifacts: checksum
|
|
ids:
|
|
- syft # i.e. Linux only
|
|
args: ["--output", "${signature}", "--detach-sign", "${artifact}"]
|
|
- id: syft-macos-signing
|
|
signature: "./dist/syft_{{ .Version }}_darwin_amd64.dmg"
|
|
ids:
|
|
- syft-macos
|
|
cmd: ./.github/scripts/mac-sign-and-notarize.sh
|
|
args:
|
|
- "{{ .IsSnapshot }}"
|
|
- "gon.hcl"
|
|
- "./dist/syft_{{ .Version }}_darwin_amd64"
|
|
artifacts: all
|
|
|
|
nfpms:
|
|
- license: "Apache 2.0"
|
|
maintainer: "Anchore, Inc"
|
|
homepage: &website "https://github.com/anchore/syft"
|
|
description: &description "A tool that generates a Software Bill Of Materials (SBOM) from container images and filesystems"
|
|
formats:
|
|
- rpm
|
|
- deb
|
|
|
|
brews:
|
|
- tap:
|
|
owner: anchore
|
|
name: homebrew-syft
|
|
homepage: *website
|
|
description: *description
|