github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/goreleaser.yml

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/goreleaser.yml (about)

     1  project_name: trivy
     2  builds:
     3    - id: build-linux
     4      main: cmd/trivy/main.go
     5      binary: trivy
     6      ldflags:
     7        - -s -w
     8        - "-extldflags '-static'"
     9        - -X github.com/devseccon/trivy/pkg/version.ver={{.Version}}
    10      env:
    11        - CGO_ENABLED=0
    12      goos:
    13        - linux
    14      goarch:
    15        - 386
    16        - arm
    17        - amd64
    18        - arm64
    19        - s390x
    20        - ppc64le
    21      goarm:
    22        - 7
    23    - id: build-bsd
    24      main: cmd/trivy/main.go
    25      binary: trivy
    26      ldflags:
    27        - -s -w
    28        - "-extldflags '-static'"
    29        - -X github.com/devseccon/trivy/pkg/version.ver={{.Version}}
    30      env:
    31        - CGO_ENABLED=0
    32      goos:
    33        - freebsd
    34      goarch:
    35        # modernc.org/sqlite doesn't support freebsd/arm64, etc.
    36        - 386
    37        - amd64
    38    - id: build-macos
    39      main: cmd/trivy/main.go
    40      binary: trivy
    41      ldflags:
    42        - -s -w
    43        - "-extldflags '-static'"
    44        - -X github.com/devseccon/trivy/pkg/version.ver={{.Version}}
    45      env:
    46        - CGO_ENABLED=0
    47      goos:
    48        - darwin
    49      goarch:
    50        - amd64
    51        - arm64
    52      goarm:
    53        - 7
    54    - id: build-windows
    55      main: cmd/trivy/main.go
    56      binary: trivy
    57      ldflags:
    58        - -s -w
    59        - "-extldflags '-static'"
    60        - -X github.com/devseccon/trivy/pkg/version.ver={{.Version}}
    61      env:
    62        - CGO_ENABLED=0
    63      goos:
    64        - windows
    65      goarch:
    66        # modernc.org/sqlite doesn't support windows/386 and windows/arm, etc.
    67        - amd64
    68      goarm:
    69        - 7
    70  
    71  release:
    72      extra_files:
    73        - glob: ./bom.json
    74      discussion_category_name: Announcements
    75  
    76  nfpms:
    77    -
    78      formats:
    79        - deb
    80        - rpm
    81      vendor: "aquasecurity"
    82      homepage: "https://github.com/aquasecurity"
    83      maintainer: "Teppei Fukuda <knqyf263@gmail.com>"
    84      description: "A Fast Vulnerability Scanner for Containers"
    85      license: "Apache-2.0"
    86      file_name_template: >-
    87        {{ .ProjectName }}_{{ .Version }}_
    88        {{- if eq .Os "darwin" }}macOS
    89        {{- else if eq .Os "openbsd" }}OpenBSD
    90        {{- else if eq .Os "netbsd" }}NetBSD
    91        {{- else if eq .Os "freebsd" }}FreeBSD
    92        {{- else if eq .Os "dragonfly" }}DragonFlyBSD
    93        {{- else}}{{- title .Os }}{{ end }}-
    94        {{- if eq .Arch "amd64" }}64bit
    95        {{- else if eq .Arch "386" }}32bit
    96        {{- else if eq .Arch "arm" }}ARM
    97        {{- else if eq .Arch "arm64" }}ARM64
    98        {{- else if eq .Arch "ppc64le" }}PPC64LE
    99        {{- else }}{{ .Arch }}{{ end }}
   100      contents:
   101       - src: contrib/*.tpl
   102         dst: /usr/local/share/trivy/templates
   103      rpm:
   104        signature:
   105           key_file: '{{ .Env.GPG_FILE }}'
   106  
   107  archives:
   108    - id: archive
   109      format: tar.gz
   110      name_template: >-
   111        {{ .ProjectName }}_{{ .Version }}_
   112        {{- if eq .Os "darwin" }}macOS
   113        {{- else if eq .Os "linux" }}Linux
   114        {{- else if eq .Os "openbsd" }}OpenBSD
   115        {{- else if eq .Os "netbsd" }}NetBSD
   116        {{- else if eq .Os "freebsd" }}FreeBSD
   117        {{- else if eq .Os "dragonfly" }}DragonFlyBSD
   118        {{- else}}{{- .Os }}{{ end }}-
   119        {{- if eq .Arch "amd64" }}64bit
   120        {{- else if eq .Arch "386" }}32bit
   121        {{- else if eq .Arch "arm" }}ARM
   122        {{- else if eq .Arch "arm64" }}ARM64
   123        {{- else if eq .Arch "ppc64le" }}PPC64LE
   124        {{- else }}{{ .Arch }}{{ end }}
   125      files:
   126        - README.md
   127        - LICENSE
   128        - contrib/*.tpl
   129      format_overrides:
   130        - goos: windows
   131          format: zip
   132  
   133  
   134  brews:
   135    -
   136      repository:
   137        owner: aquasecurity
   138        name: homebrew-trivy
   139      homepage: "https://github.com/devseccon/trivy"
   140      description: "Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues"
   141      test: |
   142        system "#{bin}/trivy", "--version"
   143  
   144  dockers:
   145    - image_templates:
   146        - "docker.io/aquasec/trivy:{{ .Version }}-amd64"
   147        - "docker.io/aquasec/trivy:latest-amd64"
   148        - "ghcr.io/devseccon/trivy:{{ .Version }}-amd64"
   149        - "ghcr.io/devseccon/trivy:latest-amd64"
   150        - "public.ecr.aws/devseccon/trivy:latest-amd64"
   151        - "public.ecr.aws/devseccon/trivy:{{ .Version }}-amd64"
   152      use: buildx
   153      goos: linux
   154      goarch: amd64
   155      ids:
   156        - build-linux
   157      build_flag_templates:
   158        - "--label=org.opencontainers.image.title={{ .ProjectName }}"
   159        - "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers"
   160        - "--label=org.opencontainers.image.vendor=DevSecCon Security"
   161        - "--label=org.opencontainers.image.version={{ .Version }}"
   162        - "--label=org.opencontainers.image.created={{ .Date }}"
   163        - "--label=org.opencontainers.image.source=https://github.com/devseccon/trivy"
   164        - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
   165        - "--label=org.opencontainers.image.url=https://www.aquasec.com/products/trivy/"
   166        - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy/v{{ .Version }}/"
   167        - "--platform=linux/amd64"
   168      extra_files:
   169      - contrib/
   170    - image_templates:
   171        - "docker.io/aquasec/trivy:{{ .Version }}-arm64"
   172        - "docker.io/aquasec/trivy:latest-arm64"
   173        - "ghcr.io/devseccon/trivy:{{ .Version }}-arm64"
   174        - "ghcr.io/devseccon/trivy:latest-arm64"
   175        - "public.ecr.aws/devseccon/trivy:latest-arm64"
   176        - "public.ecr.aws/devseccon/trivy:{{ .Version }}-arm64"
   177      use: buildx
   178      goos: linux
   179      goarch: arm64
   180      ids:
   181        - build-linux
   182      build_flag_templates:
   183        - "--label=org.opencontainers.image.title={{ .ProjectName }}"
   184        - "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers"
   185        - "--label=org.opencontainers.image.vendor=DevSecCon Security"
   186        - "--label=org.opencontainers.image.version={{ .Version }}"
   187        - "--label=org.opencontainers.image.created={{ .Date }}"
   188        - "--label=org.opencontainers.image.source=https://github.com/devseccon/trivy"
   189        - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
   190        - "--label=org.opencontainers.image.url=https://www.aquasec.com/products/trivy/"
   191        - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy/v{{ .Version }}/"
   192        - "--platform=linux/arm64"
   193      extra_files:
   194      - contrib/
   195    - image_templates:
   196        - "docker.io/aquasec/trivy:{{ .Version }}-s390x"
   197        - "docker.io/aquasec/trivy:latest-s390x"
   198        - "ghcr.io/devseccon/trivy:{{ .Version }}-s390x"
   199        - "ghcr.io/devseccon/trivy:latest-s390x"
   200        - "public.ecr.aws/devseccon/trivy:latest-s390x"
   201        - "public.ecr.aws/devseccon/trivy:{{ .Version }}-s390x"
   202      use: buildx
   203      goos: linux
   204      goarch: s390x
   205      ids:
   206        - build-linux
   207      build_flag_templates:
   208        - "--label=org.opencontainers.image.title={{ .ProjectName }}"
   209        - "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers"
   210        - "--label=org.opencontainers.image.vendor=DevSecCon Security"
   211        - "--label=org.opencontainers.image.version={{ .Version }}"
   212        - "--label=org.opencontainers.image.created={{ .Date }}"
   213        - "--label=org.opencontainers.image.source=https://github.com/devseccon/trivy"
   214        - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
   215        - "--label=org.opencontainers.image.url=https://www.aquasec.com/products/trivy/"
   216        - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy/v{{ .Version }}/"
   217        - "--platform=linux/s390x"
   218      extra_files:
   219      - contrib/
   220    - image_templates:
   221        - "docker.io/aquasec/trivy:{{ .Version }}-ppc64le"
   222        - "docker.io/aquasec/trivy:latest-ppc64le"
   223        - "ghcr.io/devseccon/trivy:{{ .Version }}-ppc64le"
   224        - "ghcr.io/devseccon/trivy:latest-ppc64le"
   225        - "public.ecr.aws/devseccon/trivy:latest-ppc64le"
   226        - "public.ecr.aws/devseccon/trivy:{{ .Version }}-ppc64le"
   227      use: buildx
   228      goos: linux
   229      goarch: ppc64le
   230      ids:
   231        - build-linux
   232      build_flag_templates:
   233        - "--label=org.opencontainers.image.title={{ .ProjectName }}"
   234        - "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers"
   235        - "--label=org.opencontainers.image.vendor=DevSecCon Security"
   236        - "--label=org.opencontainers.image.version={{ .Version }}"
   237        - "--label=org.opencontainers.image.created={{ .Date }}"
   238        - "--label=org.opencontainers.image.source=https://github.com/devseccon/trivy"
   239        - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
   240        - "--label=org.opencontainers.image.url=https://www.aquasec.com/products/trivy/"
   241        - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy/v{{ .Version }}/"
   242        - "--platform=linux/ppc64le"
   243      extra_files:
   244      - contrib/
   245  
   246  docker_manifests:
   247    - name_template: 'aquasec/trivy:{{ .Version }}'
   248      image_templates:
   249      - 'aquasec/trivy:{{ .Version }}-amd64'
   250      - 'aquasec/trivy:{{ .Version }}-arm64'
   251      - 'aquasec/trivy:{{ .Version }}-s390x'
   252      - 'aquasec/trivy:{{ .Version }}-ppc64le'
   253    - name_template: 'ghcr.io/devseccon/trivy:{{ .Version }}'
   254      image_templates:
   255      - 'ghcr.io/devseccon/trivy:{{ .Version }}-amd64'
   256      - 'ghcr.io/devseccon/trivy:{{ .Version }}-arm64'
   257      - 'ghcr.io/devseccon/trivy:{{ .Version }}-s390x'
   258      - 'ghcr.io/devseccon/trivy:{{ .Version }}-ppc64le'
   259    - name_template: 'public.ecr.aws/devseccon/trivy:{{ .Version }}'
   260      image_templates:
   261      - 'public.ecr.aws/devseccon/trivy:{{ .Version }}-amd64'
   262      - 'public.ecr.aws/devseccon/trivy:{{ .Version }}-arm64'
   263      - 'public.ecr.aws/devseccon/trivy:{{ .Version }}-s390x'
   264      - 'public.ecr.aws/devseccon/trivy:{{ .Version }}-ppc64le'
   265    - name_template: 'aquasec/trivy:latest'
   266      image_templates:
   267      - 'aquasec/trivy:{{ .Version }}-amd64'
   268      - 'aquasec/trivy:{{ .Version }}-arm64'
   269      - 'aquasec/trivy:{{ .Version }}-s390x'
   270      - 'aquasec/trivy:{{ .Version }}-ppc64le'
   271    - name_template: 'ghcr.io/devseccon/trivy:latest'
   272      image_templates:
   273      - 'ghcr.io/devseccon/trivy:{{ .Version }}-amd64'
   274      - 'ghcr.io/devseccon/trivy:{{ .Version }}-arm64'
   275      - 'ghcr.io/devseccon/trivy:{{ .Version }}-s390x'
   276      - 'ghcr.io/devseccon/trivy:{{ .Version }}-ppc64le'
   277    - name_template: 'public.ecr.aws/devseccon/trivy:latest'
   278      image_templates:
   279      - 'public.ecr.aws/devseccon/trivy:{{ .Version }}-amd64'
   280      - 'public.ecr.aws/devseccon/trivy:{{ .Version }}-arm64'
   281      - 'public.ecr.aws/devseccon/trivy:{{ .Version }}-s390x'
   282      - 'public.ecr.aws/devseccon/trivy:{{ .Version }}-ppc64le'
   283  
   284  signs:
   285  - cmd: cosign
   286    env:
   287    - COSIGN_EXPERIMENTAL=1
   288    signature: "${artifact}.sig"
   289    certificate: "${artifact}.pem"
   290    args:
   291      - "sign-blob"
   292      - "--oidc-issuer=https://token.actions.githubusercontent.com"
   293      - "--output-certificate=${certificate}"
   294      - "--output-signature=${signature}"
   295      - "${artifact}"
   296      - "--yes"
   297    artifacts: all
   298    output: true
   299  
   300  docker_signs:
   301  - cmd: cosign
   302    env:
   303    - COSIGN_EXPERIMENTAL=1
   304    artifacts: manifests
   305    output: true
   306    args:
   307    - 'sign'
   308    - '${artifact}'
   309    - '--yes'