github.com/goreleaser/goreleaser@v1.25.1/internal/pipe/sign/sign_docker.go (about)

     1  package sign
     2  
     3  import (
     4  	"fmt"
     5  
     6  	"github.com/goreleaser/goreleaser/internal/artifact"
     7  	"github.com/goreleaser/goreleaser/internal/ids"
     8  	"github.com/goreleaser/goreleaser/internal/pipe"
     9  	"github.com/goreleaser/goreleaser/internal/semerrgroup"
    10  	"github.com/goreleaser/goreleaser/internal/skips"
    11  	"github.com/goreleaser/goreleaser/pkg/context"
    12  )
    13  
    14  // Pipe that signs docker images and manifests.
    15  type DockerPipe struct{}
    16  
    17  func (DockerPipe) String() string { return "signing docker images" }
    18  
    19  func (DockerPipe) Skip(ctx *context.Context) bool {
    20  	return skips.Any(ctx, skips.Sign) || len(ctx.Config.DockerSigns) == 0
    21  }
    22  
    23  func (DockerPipe) Dependencies(ctx *context.Context) []string {
    24  	var cmds []string
    25  	for _, s := range ctx.Config.DockerSigns {
    26  		cmds = append(cmds, s.Cmd)
    27  	}
    28  	return cmds
    29  }
    30  
    31  // Default sets the Pipes defaults.
    32  func (DockerPipe) Default(ctx *context.Context) error {
    33  	ids := ids.New("docker_signs")
    34  	for i := range ctx.Config.DockerSigns {
    35  		cfg := &ctx.Config.DockerSigns[i]
    36  		if cfg.Cmd == "" {
    37  			cfg.Cmd = "cosign"
    38  		}
    39  		if len(cfg.Args) == 0 {
    40  			cfg.Args = []string{"sign", "--key=cosign.key", "${artifact}@${digest}", "--yes"}
    41  		}
    42  		if cfg.Artifacts == "" {
    43  			cfg.Artifacts = "none"
    44  		}
    45  		if cfg.ID == "" {
    46  			cfg.ID = "default"
    47  		}
    48  		ids.Inc(cfg.ID)
    49  	}
    50  	return ids.Validate()
    51  }
    52  
    53  // Publish signs and pushes the docker images signatures.
    54  func (DockerPipe) Publish(ctx *context.Context) error {
    55  	g := semerrgroup.New(ctx.Parallelism)
    56  	for i := range ctx.Config.DockerSigns {
    57  		cfg := ctx.Config.DockerSigns[i]
    58  		g.Go(func() error {
    59  			var filters []artifact.Filter
    60  			switch cfg.Artifacts {
    61  			case "images":
    62  				filters = append(filters, artifact.ByType(artifact.DockerImage))
    63  			case "manifests":
    64  				filters = append(filters, artifact.ByType(artifact.DockerManifest))
    65  			case "all":
    66  				filters = append(filters, artifact.Or(
    67  					artifact.ByType(artifact.DockerImage),
    68  					artifact.ByType(artifact.DockerManifest),
    69  				))
    70  			case "none": // TODO(caarlos0): remove this
    71  				return pipe.ErrSkipSignEnabled
    72  			default:
    73  				return fmt.Errorf("invalid list of artifacts to sign: %s", cfg.Artifacts)
    74  			}
    75  
    76  			if len(cfg.IDs) > 0 {
    77  				filters = append(filters, artifact.ByIDs(cfg.IDs...))
    78  			}
    79  			return sign(ctx, cfg, ctx.Artifacts.Filter(artifact.And(filters...)).List())
    80  		})
    81  	}
    82  	return g.Wait()
    83  }