trufflehog/.goreleaser.yml
Shubham Hibare 11df3dc747
feat(signing): Sign checksum (#1894)
* Add checksum signing

* Update readme
2023-11-21 14:02:28 -08:00

110 lines
No EOL
4.7 KiB
YAML

builds:
- binary: trufflehog
ldflags:
- -X 'github.com/trufflesecurity/trufflehog/v3/pkg/version.BuildVersion={{ .Version }}'
env: [CGO_ENABLED=0]
goos:
- linux
- windows
- darwin
goarch:
- amd64
- arm64
dockers:
- image_templates: ["trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64"]
dockerfile: Dockerfile.goreleaser
extra_files:
- entrypoint.sh
use: buildx
build_flag_templates:
- --platform=linux/amd64
- --label=org.opencontainers.image.title={{ .ProjectName }}
- --label=org.opencontainers.image.description={{ .ProjectName }}
- --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }}
- --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }}
- --label=org.opencontainers.image.version={{ .Version }}
- --label=org.opencontainers.image.revision={{ .FullCommit }}
- --label=org.opencontainers.image.licenses=AGPL-3.0
- image_templates: ["trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8"]
goarch: arm64
dockerfile: Dockerfile.goreleaser
extra_files:
- entrypoint.sh
use: buildx
build_flag_templates:
- --platform=linux/arm64/v8
- --label=org.opencontainers.image.title={{ .ProjectName }}
- --label=org.opencontainers.image.description={{ .ProjectName }}
- --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }}
- --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }}
- --label=org.opencontainers.image.version={{ .Version }}
- --label=org.opencontainers.image.revision={{ .FullCommit }}
- --label=org.opencontainers.image.licenses=AGPL-3.0
- image_templates: ["ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64"]
dockerfile: Dockerfile.goreleaser
extra_files:
- entrypoint.sh
use: buildx
build_flag_templates:
- --platform=linux/amd64
- --label=org.opencontainers.image.title={{ .ProjectName }}
- --label=org.opencontainers.image.description={{ .ProjectName }}
- --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }}
- --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }}
- --label=org.opencontainers.image.version={{ .Version }}
- --label=org.opencontainers.image.revision={{ .FullCommit }}
- --label=org.opencontainers.image.licenses=AGPL-3.0
- image_templates: ["ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8"]
goarch: arm64
dockerfile: Dockerfile.goreleaser
extra_files:
- entrypoint.sh
use: buildx
build_flag_templates:
- --platform=linux/arm64/v8
- --label=org.opencontainers.image.title={{ .ProjectName }}
- --label=org.opencontainers.image.description={{ .ProjectName }}
- --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }}
- --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }}
- --label=org.opencontainers.image.version={{ .Version }}
- --label=org.opencontainers.image.revision={{ .FullCommit }}
- --label=org.opencontainers.image.licenses=AGPL-3.0
docker_manifests:
- name_template: trufflesecurity/{{ .ProjectName }}:{{ .Version }}
image_templates:
- trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64
- trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8
- name_template: trufflesecurity/{{ .ProjectName }}:latest
image_templates:
- trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64
- trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8
- name_template: ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}
image_templates:
- ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64
- ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8
- name_template: ghcr.io/trufflesecurity/{{ .ProjectName }}:latest
image_templates:
- ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64
- ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8
brews:
- tap:
owner: trufflesecurity
name: homebrew-trufflehog
token: "{{ .Env.HOMEBREW_TAP_TOKEN }}"
description: "Find credentials all over the place"
name: "trufflehog"
homepage: "https://github.com/trufflesecurity/trufflehog"
install: |
bin.install "trufflehog"
signs:
- cmd: cosign
signature: "${artifact}.sig"
certificate: "${artifact}.pem"
args:
- "sign-blob"
- "--oidc-issuer=https://token.actions.githubusercontent.com"
- "--output-certificate=${certificate}"
- "--output-signature=${signature}"
- "${artifact}"
- "--yes"
artifacts: checksum