.goreleaser.yml

before:
  hooks:
    - go mod tidy
builds:
  - env:
      # goreleaser does not work with CGO, it could also complicate
      # usage by users in CI/CD systems like Terraform Cloud where
      # they are unable to install libraries.
      - CGO_ENABLED=0
      - GO111MODULE=on
    mod_timestamp: '{{ .CommitTimestamp }}'
    flags:
      - -trimpath
    ldflags:
      # prettier-ignore
      - '-s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}}'
    goos:
      # Further testing before supporting freebsd
      # - freebsd
      - windows
      - linux
      - darwin
    goarch:
      - amd64
      # 32bit does not compile at the moment because of spdx dependency
      # - '386'
      # Further testing before supporting arm
      # - arm
      - arm64
    main: ./cmd/osv-scanner/main.go

dockers:
  # Arch: amd64
  - image_templates:
      - 'ghcr.io/google/osv-scanner:{{ .Tag }}-amd64'
    dockerfile: goreleaser.dockerfile
    use: buildx
    build_flag_templates:
      - "--pull"
      - "--label=org.opencontainers.image.title=osv-scanner"
      - "--label=org.opencontainers.image.description=Vulnerability scanner written in Go which uses the data provided by https://osv.dev"
      - "--label=org.opencontainers.image.licenses=Apache License 2.0"
      - "--label=org.opencontainers.image.created={{.Date}}"
      - "--label=org.opencontainers.image.name={{.ProjectName}}"
      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
      - "--label=org.opencontainers.image.version={{.Version}}"
      - "--label=org.opencontainers.image.source={{.GitURL}}"
      - "--label=org.opencontainers.image.url={{.GitURL}}"
      - "--platform=linux/amd64"
  # Arch: arm64
  - image_templates:
      - 'ghcr.io/google/osv-scanner:{{ .Tag }}-arm64'
    dockerfile: goreleaser.dockerfile
    use: buildx
    build_flag_templates:
      - "--pull"
      - "--label=org.opencontainers.image.title=osv-scanner"
      - "--label=org.opencontainers.image.description=Vulnerability scanner written in Go which uses the data provided by https://osv.dev"
      - "--label=org.opencontainers.image.licenses=Apache-2.0"
      - "--label=org.opencontainers.image.created={{.Date}}"
      - "--label=org.opencontainers.image.name={{.ProjectName}}"
      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
      - "--label=org.opencontainers.image.version={{.Version}}"
      - "--label=org.opencontainers.image.source={{.GitURL}}"
      - "--label=org.opencontainers.image.url={{.GitURL}}"
      - "--platform=linux/arm64"
    goarch: arm64

docker_manifests:
  - name_template: 'ghcr.io/google/osv-scanner:{{ .Tag }}'
    image_templates:
      - 'ghcr.io/google/osv-scanner:{{ .Tag }}-amd64'
      - 'ghcr.io/google/osv-scanner:{{ .Tag }}-arm64'
  - name_template: 'ghcr.io/google/osv-scanner:latest'
    image_templates:
      - 'ghcr.io/google/osv-scanner:{{ .Tag }}-amd64'
      - 'ghcr.io/google/osv-scanner:{{ .Tag }}-arm64'

archives:
  - format: binary
    name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
checksum:
  name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
  algorithm: sha256
release:
  draft: true
changelog:
  skip: false