version: 2 builds: - binary: trufflehog ldflags: - -X 'github.com/trufflesecurity/trufflehog/v3/pkg/version.BuildVersion={{ .Version }}' env: [CGO_ENABLED=0] goos: - linux - windows - darwin goarch: - amd64 - arm64 hooks: post: - bash -c 'if [ "{{ .Env.GGOOS }}" != "darwin" ]; then upx -q "{{ .Path }}"; fi' dockers: - image_templates: ["trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64"] dockerfile: Dockerfile.goreleaser extra_files: - entrypoint.sh use: buildx build_flag_templates: - --platform=linux/amd64 - --label=org.opencontainers.image.title={{ .ProjectName }} - --label=org.opencontainers.image.description={{ .ProjectName }} - --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }} - --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }} - --label=org.opencontainers.image.version={{ .Version }} - --label=org.opencontainers.image.revision={{ .FullCommit }} - --label=org.opencontainers.image.licenses=AGPL-3.0 - image_templates: ["trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8"] goarch: arm64 dockerfile: Dockerfile.goreleaser extra_files: - entrypoint.sh use: buildx build_flag_templates: - --platform=linux/arm64/v8 - --label=org.opencontainers.image.title={{ .ProjectName }} - --label=org.opencontainers.image.description={{ .ProjectName }} - --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }} - --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }} - --label=org.opencontainers.image.version={{ .Version }} - --label=org.opencontainers.image.revision={{ .FullCommit }} - --label=org.opencontainers.image.licenses=AGPL-3.0 - image_templates: ["ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64"] dockerfile: Dockerfile.goreleaser extra_files: - entrypoint.sh use: buildx build_flag_templates: - --platform=linux/amd64 - --label=org.opencontainers.image.title={{ .ProjectName }} - --label=org.opencontainers.image.description={{ .ProjectName }} - --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }} - --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }} - --label=org.opencontainers.image.version={{ .Version }} - --label=org.opencontainers.image.revision={{ .FullCommit }} - --label=org.opencontainers.image.licenses=AGPL-3.0 - image_templates: ["ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8"] goarch: arm64 dockerfile: Dockerfile.goreleaser extra_files: - entrypoint.sh use: buildx build_flag_templates: - --platform=linux/arm64/v8 - --label=org.opencontainers.image.title={{ .ProjectName }} - --label=org.opencontainers.image.description={{ .ProjectName }} - --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }} - --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }} - --label=org.opencontainers.image.version={{ .Version }} - --label=org.opencontainers.image.revision={{ .FullCommit }} - --label=org.opencontainers.image.licenses=AGPL-3.0 docker_manifests: - name_template: trufflesecurity/{{ .ProjectName }}:{{ .Version }} image_templates: - trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64 - trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8 - name_template: trufflesecurity/{{ .ProjectName }}:latest image_templates: - trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64 - trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8 - name_template: ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }} image_templates: - ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64 - ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8 - name_template: ghcr.io/trufflesecurity/{{ .ProjectName }}:latest image_templates: - ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64 - ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8 brews: - repository: owner: trufflesecurity name: homebrew-trufflehog token: "{{ .Env.HOMEBREW_TAP_TOKEN }}" description: "Find credentials all over the place" name: "trufflehog" homepage: "https://github.com/trufflesecurity/trufflehog" install: | bin.install "trufflehog" signs: - cmd: cosign signature: "${artifact}.sig" certificate: "${artifact}.pem" args: - "sign-blob" - "--oidc-issuer=https://token.actions.githubusercontent.com" - "--output-certificate=${certificate}" - "--output-signature=${signature}" - "${artifact}" - "--yes" artifacts: checksum