github.com/goreleaser/goreleaser@v1.25.1/www/docs/static/run (about)

     1  #!/usr/bin/env sh
     2  set -e
     3  
     4  is_pro="false"
     5  case "$VERSION" in
     6  *-pro)
     7  	DISTRIBUTION="pro"
     8  	is_pro="true"
     9  	;;
    10  esac
    11  
    12  if test "$DISTRIBUTION" = "pro"; then
    13  	echo "Using Pro distribution..."
    14  	RELEASES_URL="https://github.com/goreleaser/goreleaser-pro/releases"
    15  	FILE_BASENAME="goreleaser-pro"
    16  	LATEST="$(curl -sf https://goreleaser.com/static/latest-pro)"
    17  else
    18  	echo "Using the OSS distribution..."
    19  	RELEASES_URL="https://github.com/goreleaser/goreleaser/releases"
    20  	FILE_BASENAME="goreleaser"
    21  	LATEST="$(curl -sf https://goreleaser.com/static/latest)"
    22  fi
    23  
    24  test -z "$VERSION" && VERSION="$LATEST"
    25  
    26  test -z "$VERSION" && {
    27  	echo "Unable to get goreleaser version." >&2
    28  	exit 1
    29  }
    30  
    31  if test "$DISTRIBUTION" = "pro" && ! test "$is_pro"; then
    32  	VERSION="$VERSION-pro"
    33  fi
    34  
    35  TMP_DIR="$(mktemp -d)"
    36  # shellcheck disable=SC2064 # intentionally expands here
    37  trap "rm -rf \"$TMP_DIR\"" EXIT INT TERM
    38  
    39  OS="$(uname -s)"
    40  ARCH="$(uname -m)"
    41  test "$ARCH" = "aarch64" && ARCH="arm64"
    42  TAR_FILE="${FILE_BASENAME}_${OS}_${ARCH}.tar.gz"
    43  
    44  (
    45  	cd "$TMP_DIR"
    46  	echo "Downloading GoReleaser $VERSION..."
    47  	curl -sfLO "$RELEASES_URL/download/$VERSION/$TAR_FILE"
    48  	curl -sfLO "$RELEASES_URL/download/$VERSION/checksums.txt"
    49  	echo "Verifying checksums..."
    50  	sha256sum --ignore-missing --quiet --check checksums.txt
    51  	if command -v cosign >/dev/null 2>&1; then
    52  		echo "Verifying signatures..."
    53  		cosign verify-blob \
    54  			--certificate-identity-regexp "https://github.com/goreleaser/goreleaser.*/.github/workflows/.*.yml@refs/tags/$VERSION" \
    55  			--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
    56  			--cert "$RELEASES_URL/download/$VERSION/checksums.txt.pem" \
    57  			--signature "$RELEASES_URL/download/$VERSION/checksums.txt.sig" \
    58  			checksums.txt
    59  	else
    60  		echo "Could not verify signatures, cosign is not installed."
    61  	fi
    62  )
    63  
    64  tar -xf "$TMP_DIR/$TAR_FILE" -C "$TMP_DIR"
    65  "$TMP_DIR/goreleaser" "$@"