generated from sigstore/sigstore-project-template
-
Notifications
You must be signed in to change notification settings - Fork 62
/
.goreleaser.yaml
121 lines (110 loc) · 2.46 KB
/
.goreleaser.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
project_name: gitsign
gomod:
proxy: true
builds:
- id: gitsign
mod_timestamp: '{{ .CommitTimestamp }}'
env:
- CGO_ENABLED=0
flags:
- -trimpath
goos:
- linux
- darwin
- freebsd
- windows
goarch:
- amd64
- arm64
ldflags:
- "-s -w"
- "-extldflags=-zrelro"
- "-extldflags=-znow"
- "-buildid= -X github.com/sigstore/gitsign/pkg/version.gitVersion={{ .Version }}"
- id: gitsign-credential-cache
mod_timestamp: '{{ .CommitTimestamp }}'
main: ./cmd/gitsign-credential-cache
binary: gitsign-credential-cache
env:
- CGO_ENABLED=0
flags:
- -trimpath
goos:
- linux
- darwin
- freebsd
- windows
goarch:
- amd64
- arm64
ldflags:
- "-s -w"
- "-extldflags=-zrelro"
- "-extldflags=-znow"
- "-buildid= -X github.com/sigstore/gitsign/pkg/version.gitVersion={{ .Version }}"
nfpms:
- id: default
package_name: gitsign
vendor: Sigstore
homepage: https://github.com/sigstore/gitsign
maintainer: Billy Lynch <info@sigstore.dev>
description: Keyless git commit signing using OIDC identity
builds:
- gitsign
- gitsign-credential-cache
formats:
- apk
- deb
- rpm
archives:
- id: binary
format: binary
allow_different_binary_count: true
kos:
- id: gitsign
repository: github.com/sigstore/gitsign
tags:
- 'v{{ .Version }}'
ldflags:
- "-s -w -extldflags=-zrelro -extldflags=-znow -buildid= -X github.com/sigstore/gitsign/pkg/version.gitVersion={{ .Version }}"
main: .
bare: true
preserve_import_paths: false
base_import_paths: false
sbom: spdx
# then it have a shell
base_image: cgr.dev/chainguard/git:latest-dev
platforms:
- linux/amd64
- linux/arm64
- linux/arm
checksum:
name_template: 'checksums.txt'
source:
enabled: true
sboms:
- id: binaries
artifacts: binary
- id: packages
artifacts: package
signs:
- cmd: cosign
env:
- COSIGN_YES=true
certificate: '${artifact}.pem'
signature: '${artifact}.sig'
args:
- sign-blob
- '--output-certificate=${certificate}'
- '--output-signature=${signature}'
- '${artifact}'
artifacts: binary
output: true
release:
prerelease: allow
draft: true # allow for manual edits
github:
owner: sigstore
name: gitsign
footer: |
### Thanks to all contributors!