-
Notifications
You must be signed in to change notification settings - Fork 1
/
.goreleaser.yaml
114 lines (105 loc) · 3.67 KB
/
.goreleaser.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
project_name: reverse-http
# setups builds for linux and darwin on amd64 and arm64
# https://goreleaser.com/customization/build
builds:
- env:
- CGO_ENABLED=0
goos:
- linux
- darwin
goarch:
- amd64
- arm64
# ensures mod timestamp to be the commit timestamp
mod_timestamp: "{{ .CommitTimestamp }}"
flags:
# trims path
- -trimpath
ldflags:
# use commit date instead of current date as main.date
# only needed if you actually use those things in your main package, otherwise can be ignored.
- -s -w -X github.com/grepplabs/reverse-http/config.Version={{.Version}} -X github.com/grepplabs/reverse-http/config.Commit={{.Commit}} -X github.com/grepplabs/reverse-http/config.Date={{ .CommitDate }}
# proxies from the go mod proxy before building
# https://goreleaser.com/customization/gomod
gomod:
proxy: true
# config the checksum filename
# https://goreleaser.com/customization/checksum
checksum:
name_template: "checksums.txt"
# create a source tarball
# https://goreleaser.com/customization/source/
source:
enabled: true
# creates SBOMs of all archives and the source tarball using syft
# https://goreleaser.com/customization/sbom
sboms:
- artifacts: archive
- id: source # Two different sbom configurations need two different IDs
artifacts: source
# signs the checksum file
# all files (including the sboms) are included in the checksum, so we don't need to sign each one if we don't want to
# https://goreleaser.com/customization/sign
signs:
- cmd: cosign
env:
- COSIGN_EXPERIMENTAL=1
certificate: "${artifact}.pem"
args:
- sign-blob
- "--output-certificate=${certificate}"
- "--output-signature=${signature}"
- "${artifact}"
- "--yes" # needed on cosign 2.0.0+
artifacts: checksum
output: true
# create a docker image
# https://goreleaser.com/customization/docker
# https://goreleaser.com/cookbooks/multi-platform-docker-images/
dockers:
- image_templates:
- "ghcr.io/grepplabs/reverse-http:{{ .Tag }}-amd64"
dockerfile: Dockerfile
use: buildx
build_flag_templates:
- "--pull"
- "--platform=linux/amd64"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.name={{.ProjectName}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.source={{.GitURL}}"
- image_templates:
- "ghcr.io/grepplabs/reverse-http:{{ .Tag }}-arm64"
dockerfile: Dockerfile
use: buildx
build_flag_templates:
- "--pull"
- "--platform=linux/arm64"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.name={{.ProjectName}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.source={{.GitURL}}"
# https://goreleaser.com/customization/docker_manifest/
docker_manifests:
- name_template: 'ghcr.io/grepplabs/reverse-http:{{ .Tag }}'
image_templates:
- 'ghcr.io/grepplabs/reverse-http:{{ .Tag }}-amd64'
- 'ghcr.io/grepplabs/reverse-http:{{ .Tag }}-arm64'
- name_template: 'ghcr.io/grepplabs/reverse-http:latest'
image_templates:
- 'ghcr.io/grepplabs/reverse-http:{{ .Tag }}-amd64'
- 'ghcr.io/grepplabs/reverse-http:{{ .Tag }}-arm64'
# signs our docker image
# https://goreleaser.com/customization/docker_sign
docker_signs:
- cmd: cosign
env:
- COSIGN_EXPERIMENTAL=1
artifacts: images
output: true
args:
- "sign"
- "${artifact}"
- "--yes" # needed on cosign 2.0.0+