github.com/anchore/syft@v1.38.2/.goreleaser.yaml (about) 1 version: 2 2 project_name: syft 3 4 release: 5 prerelease: auto 6 draft: false 7 8 env: 9 - DOCKER_CLI_EXPERIMENTAL=enabled 10 - CGO_ENABLED=0 11 12 builds: 13 - id: linux-build 14 dir: ./cmd/syft 15 binary: syft 16 goos: [linux] 17 goarch: [amd64, arm64, ppc64le, s390x] 18 mod_timestamp: &build-timestamp '{{ .CommitTimestamp }}' 19 ldflags: &build-ldflags | 20 -w 21 -s 22 -extldflags '-static' 23 -X main.version={{.Version}} 24 -X main.gitCommit={{.Commit}} 25 -X main.buildDate={{.Date}} 26 -X main.gitDescription={{.Summary}} 27 28 - id: darwin-build 29 dir: ./cmd/syft 30 binary: syft 31 goos: [darwin] 32 goarch: [amd64, arm64] 33 mod_timestamp: *build-timestamp 34 ldflags: *build-ldflags 35 hooks: 36 post: 37 - cmd: .tool/quill sign-and-notarize "{{ .Path }}" --dry-run={{ .IsSnapshot }} --ad-hoc={{ .IsSnapshot }} -vv 38 env: 39 - QUILL_LOG_FILE=/tmp/quill-{{ .Target }}.log 40 41 - id: windows-build 42 dir: ./cmd/syft 43 binary: syft 44 goos: [windows] 45 goarch: [amd64, arm64] 46 mod_timestamp: *build-timestamp 47 ldflags: *build-ldflags 48 49 archives: 50 - id: linux-archives 51 ids: [linux-build] 52 - id: darwin-archives 53 ids: [darwin-build] 54 - id: windows-archives 55 formats: 56 - zip 57 ids: [windows-build] 58 59 nfpms: 60 - license: "Apache 2.0" 61 maintainer: "Anchore, Inc" 62 homepage: &website "https://github.com/anchore/syft" 63 description: &description "A tool that generates a Software Bill Of Materials (SBOM) from container images and filesystems" 64 formats: [rpm, deb] 65 66 brews: 67 - repository: 68 owner: anchore 69 name: homebrew-syft 70 token: "{{.Env.GITHUB_BREW_TOKEN}}" 71 ids: [darwin-archives, linux-archives] 72 homepage: *website 73 description: *description 74 license: "Apache License 2.0" 75 76 dockers: 77 # production images... 78 - image_templates: 79 - anchore/syft:{{.Tag}}-amd64 80 - ghcr.io/anchore/syft:{{.Tag}}-amd64 81 goarch: amd64 82 dockerfile: Dockerfile 83 use: buildx 84 build_flag_templates: 85 - "--platform=linux/amd64" 86 - "--build-arg=BUILD_DATE={{.Date}}" 87 - "--build-arg=BUILD_VERSION={{.Version}}" 88 - "--build-arg=VCS_REF={{.FullCommit}}" 89 - "--build-arg=VCS_URL={{.GitURL}}" 90 91 - image_templates: 92 - anchore/syft:{{.Tag}}-arm64v8 93 - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 94 goarch: arm64 95 dockerfile: Dockerfile 96 use: buildx 97 build_flag_templates: 98 - "--platform=linux/arm64/v8" 99 - "--build-arg=BUILD_DATE={{.Date}}" 100 - "--build-arg=BUILD_VERSION={{.Version}}" 101 - "--build-arg=VCS_REF={{.FullCommit}}" 102 - "--build-arg=VCS_URL={{.GitURL}}" 103 104 - image_templates: 105 - anchore/syft:{{.Tag}}-ppc64le 106 - ghcr.io/anchore/syft:{{.Tag}}-ppc64le 107 goarch: ppc64le 108 dockerfile: Dockerfile 109 use: buildx 110 build_flag_templates: 111 - "--platform=linux/ppc64le" 112 - "--build-arg=BUILD_DATE={{.Date}}" 113 - "--build-arg=BUILD_VERSION={{.Version}}" 114 - "--build-arg=VCS_REF={{.FullCommit}}" 115 - "--build-arg=VCS_URL={{.GitURL}}" 116 117 - image_templates: 118 - anchore/syft:{{.Tag}}-s390x 119 - ghcr.io/anchore/syft:{{.Tag}}-s390x 120 goarch: s390x 121 dockerfile: Dockerfile 122 use: buildx 123 build_flag_templates: 124 - "--platform=linux/s390x" 125 - "--build-arg=BUILD_DATE={{.Date}}" 126 - "--build-arg=BUILD_VERSION={{.Version}}" 127 - "--build-arg=VCS_REF={{.FullCommit}}" 128 - "--build-arg=VCS_URL={{.GitURL}}" 129 130 # nonroot images... 131 - image_templates: 132 - anchore/syft:{{.Tag}}-nonroot-amd64 133 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64 134 goarch: amd64 135 dockerfile: Dockerfile.nonroot 136 use: buildx 137 build_flag_templates: 138 - "--platform=linux/amd64" 139 - "--build-arg=BUILD_DATE={{.Date}}" 140 - "--build-arg=BUILD_VERSION={{.Version}}" 141 - "--build-arg=VCS_REF={{.FullCommit}}" 142 - "--build-arg=VCS_URL={{.GitURL}}" 143 144 - image_templates: 145 - anchore/syft:{{.Tag}}-nonroot-arm64v8 146 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8 147 goarch: arm64 148 dockerfile: Dockerfile.nonroot 149 use: buildx 150 build_flag_templates: 151 - "--platform=linux/arm64/v8" 152 - "--build-arg=BUILD_DATE={{.Date}}" 153 - "--build-arg=BUILD_VERSION={{.Version}}" 154 - "--build-arg=VCS_REF={{.FullCommit}}" 155 - "--build-arg=VCS_URL={{.GitURL}}" 156 157 - image_templates: 158 - anchore/syft:{{.Tag}}-nonroot-ppc64le 159 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le 160 goarch: ppc64le 161 dockerfile: Dockerfile.nonroot 162 use: buildx 163 build_flag_templates: 164 - "--platform=linux/ppc64le" 165 - "--build-arg=BUILD_DATE={{.Date}}" 166 - "--build-arg=BUILD_VERSION={{.Version}}" 167 - "--build-arg=VCS_REF={{.FullCommit}}" 168 - "--build-arg=VCS_URL={{.GitURL}}" 169 170 - image_templates: 171 - anchore/syft:{{.Tag}}-nonroot-s390x 172 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x 173 goarch: s390x 174 dockerfile: Dockerfile.nonroot 175 use: buildx 176 build_flag_templates: 177 - "--platform=linux/s390x" 178 - "--build-arg=BUILD_DATE={{.Date}}" 179 - "--build-arg=BUILD_VERSION={{.Version}}" 180 - "--build-arg=VCS_REF={{.FullCommit}}" 181 - "--build-arg=VCS_URL={{.GitURL}}" 182 183 # debug images... 184 - image_templates: 185 - anchore/syft:{{.Tag}}-debug-amd64 186 - ghcr.io/anchore/syft:{{.Tag}}-debug-amd64 187 goarch: amd64 188 dockerfile: Dockerfile.debug 189 use: buildx 190 build_flag_templates: 191 - "--platform=linux/amd64" 192 - "--build-arg=BUILD_DATE={{.Date}}" 193 - "--build-arg=BUILD_VERSION={{.Version}}" 194 - "--build-arg=VCS_REF={{.FullCommit}}" 195 - "--build-arg=VCS_URL={{.GitURL}}" 196 197 - image_templates: 198 - anchore/syft:{{.Tag}}-debug-arm64v8 199 - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8 200 goarch: arm64 201 dockerfile: Dockerfile.debug 202 use: buildx 203 build_flag_templates: 204 - "--platform=linux/arm64/v8" 205 - "--build-arg=BUILD_DATE={{.Date}}" 206 - "--build-arg=BUILD_VERSION={{.Version}}" 207 - "--build-arg=VCS_REF={{.FullCommit}}" 208 - "--build-arg=VCS_URL={{.GitURL}}" 209 210 - image_templates: 211 - anchore/syft:{{.Tag}}-debug-ppc64le 212 - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le 213 goarch: ppc64le 214 dockerfile: Dockerfile.debug 215 use: buildx 216 build_flag_templates: 217 - "--platform=linux/ppc64le" 218 - "--build-arg=BUILD_DATE={{.Date}}" 219 - "--build-arg=BUILD_VERSION={{.Version}}" 220 - "--build-arg=VCS_REF={{.FullCommit}}" 221 - "--build-arg=VCS_URL={{.GitURL}}" 222 223 - image_templates: 224 - anchore/syft:{{.Tag}}-debug-s390x 225 - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x 226 goarch: s390x 227 dockerfile: Dockerfile.debug 228 use: buildx 229 build_flag_templates: 230 - "--platform=linux/s390x" 231 - "--build-arg=BUILD_DATE={{.Date}}" 232 - "--build-arg=BUILD_VERSION={{.Version}}" 233 - "--build-arg=VCS_REF={{.FullCommit}}" 234 - "--build-arg=VCS_URL={{.GitURL}}" 235 236 docker_manifests: 237 - name_template: anchore/syft:latest 238 image_templates: 239 - anchore/syft:{{.Tag}}-amd64 240 - anchore/syft:{{.Tag}}-arm64v8 241 - anchore/syft:{{.Tag}}-ppc64le 242 - anchore/syft:{{.Tag}}-s390x 243 244 - name_template: ghcr.io/anchore/syft:latest 245 image_templates: 246 - ghcr.io/anchore/syft:{{.Tag}}-amd64 247 - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 248 - ghcr.io/anchore/syft:{{.Tag}}-ppc64le 249 - ghcr.io/anchore/syft:{{.Tag}}-s390x 250 251 - name_template: anchore/syft:{{.Tag}} 252 image_templates: 253 - anchore/syft:{{.Tag}}-amd64 254 - anchore/syft:{{.Tag}}-arm64v8 255 - anchore/syft:{{.Tag}}-ppc64le 256 - anchore/syft:{{.Tag}}-s390x 257 258 - name_template: ghcr.io/anchore/syft:{{.Tag}} 259 image_templates: 260 - ghcr.io/anchore/syft:{{.Tag}}-amd64 261 - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 262 - ghcr.io/anchore/syft:{{.Tag}}-ppc64le 263 - ghcr.io/anchore/syft:{{.Tag}}-s390x 264 265 # nonroot images... 266 - name_template: anchore/syft:nonroot 267 image_templates: 268 - anchore/syft:{{.Tag}}-nonroot-amd64 269 - anchore/syft:{{.Tag}}-nonroot-arm64v8 270 - anchore/syft:{{.Tag}}-nonroot-ppc64le 271 - anchore/syft:{{.Tag}}-nonroot-s390x 272 273 - name_template: ghcr.io/anchore/syft:nonroot 274 image_templates: 275 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64 276 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8 277 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le 278 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x 279 280 - name_template: anchore/syft:{{.Tag}}-nonroot 281 image_templates: 282 - anchore/syft:{{.Tag}}-nonroot-amd64 283 - anchore/syft:{{.Tag}}-nonroot-arm64v8 284 - anchore/syft:{{.Tag}}-nonroot-ppc64le 285 - anchore/syft:{{.Tag}}-nonroot-s390x 286 287 - name_template: ghcr.io/anchore/syft:{{.Tag}}-nonroot 288 image_templates: 289 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64 290 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8 291 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le 292 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x 293 294 # debug images... 295 - name_template: anchore/syft:debug 296 image_templates: 297 - anchore/syft:{{.Tag}}-debug-amd64 298 - anchore/syft:{{.Tag}}-debug-arm64v8 299 - anchore/syft:{{.Tag}}-debug-ppc64le 300 - anchore/syft:{{.Tag}}-debug-s390x 301 302 - name_template: ghcr.io/anchore/syft:debug 303 image_templates: 304 - ghcr.io/anchore/syft:{{.Tag}}-debug-amd64 305 - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8 306 - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le 307 - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x 308 309 - name_template: anchore/syft:{{.Tag}}-debug 310 image_templates: 311 - anchore/syft:{{.Tag}}-debug-amd64 312 - anchore/syft:{{.Tag}}-debug-arm64v8 313 - anchore/syft:{{.Tag}}-debug-ppc64le 314 - anchore/syft:{{.Tag}}-debug-s390x 315 316 - name_template: ghcr.io/anchore/syft:{{.Tag}}-debug 317 image_templates: 318 - ghcr.io/anchore/syft:{{.Tag}}-debug-amd64 319 - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8 320 - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le 321 - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x 322 323 sboms: 324 - artifacts: archive 325 cmd: ../.tool/syft 326 documents: 327 - "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}.sbom" 328 args: 329 - "scan" 330 - "$artifact" 331 - "--output" 332 - "json=$document" 333 334 signs: 335 - cmd: .tool/cosign 336 signature: "${artifact}.sig" 337 certificate: "${artifact}.pem" 338 args: 339 - "sign-blob" 340 - "--use-signing-config=false" 341 - "--oidc-issuer=https://token.actions.githubusercontent.com" 342 - "--output-certificate=${certificate}" 343 - "--output-signature=${signature}" 344 - "${artifact}" 345 - "--yes" 346 artifacts: checksum