github.com/venafi-iw/cosign@v1.3.4/.goreleaser.yml (about) 1 project_name: cosign 2 3 env: 4 - GO111MODULE=on 5 - CGO_ENABLED=1 6 - DOCKER_CLI_EXPERIMENTAL=enabled 7 - COSIGN_EXPERIMENTAL=true 8 9 # Prevents parallel builds from stepping on each others toes downloading modules 10 before: 11 hooks: 12 - go mod tidy 13 14 gomod: 15 proxy: true 16 17 builds: 18 - id: linux 19 binary: cosign-linux-{{ .Arch }} 20 no_unique_dist_dir: true 21 main: ./cmd/cosign 22 flags: 23 - -trimpath 24 mod_timestamp: '{{ .CommitTimestamp }}' 25 goos: 26 - linux 27 goarch: 28 - amd64 29 - arm64 30 - arm 31 - s390x 32 - ppc64le 33 goarm: 34 - '7' 35 ldflags: 36 - "{{ .Env.LDFLAGS }}" 37 env: 38 - CGO_ENABLED=0 39 40 - id: linux-pivkey-pkcs11key-amd64 41 binary: cosign-linux-pivkey-pkcs11key-amd64 42 main: ./cmd/cosign 43 flags: 44 - -trimpath 45 mod_timestamp: '{{ .CommitTimestamp }}' 46 goos: 47 - linux 48 goarch: 49 - amd64 50 ldflags: 51 - "{{ .Env.LDFLAGS }}" 52 tags: 53 - pivkey 54 - pkcs11key 55 hooks: 56 pre: 57 - apt-get update 58 - apt-get -y install libpcsclite-dev 59 env: 60 - PKG_CONFIG_PATH="/usr/lib/x86_64-linux-gnu/pkgconfig/" 61 62 - id: darwin-amd64 63 binary: cosign-darwin-amd64 64 no_unique_dist_dir: true 65 env: 66 - CC=o64-clang 67 - CXX=o64-clang++ 68 main: ./cmd/cosign 69 flags: 70 - -trimpath 71 mod_timestamp: '{{ .CommitTimestamp }}' 72 goos: 73 - darwin 74 goarch: 75 - amd64 76 ldflags: 77 - "{{ .Env.LDFLAGS }}" 78 tags: 79 - pivkey 80 - pkcs11key 81 82 - id: darwin-arm64 83 binary: cosign-darwin-arm64 84 no_unique_dist_dir: true 85 env: 86 - CC=aarch64-apple-darwin20.2-clang 87 - CXX=aarch64-apple-darwin20.2-clang++ 88 main: ./cmd/cosign 89 flags: 90 - -trimpath 91 goos: 92 - darwin 93 goarch: 94 - arm64 95 tags: 96 - pivkey 97 - pkcs11key 98 ldflags: 99 - "{{.Env.LDFLAGS}}" 100 101 - id: windows-amd64 102 binary: cosign-windows-amd64 103 no_unique_dist_dir: true 104 env: 105 - CC=x86_64-w64-mingw32-gcc 106 - CXX=x86_64-w64-mingw32-g++ 107 main: ./cmd/cosign 108 mod_timestamp: '{{ .CommitTimestamp }}' 109 flags: 110 - -trimpath 111 goos: 112 - windows 113 goarch: 114 - amd64 115 ldflags: 116 - -buildmode=exe 117 - "{{ .Env.LDFLAGS }}" 118 tags: 119 - pivkey 120 - pkcs11key 121 122 - id: linux-cosigned 123 binary: cosigned-linux-{{ .Arch }} 124 no_unique_dist_dir: true 125 main: ./cmd/cosign/webhook 126 mod_timestamp: '{{ .CommitTimestamp }}' 127 flags: 128 - -trimpath 129 goos: 130 - linux 131 goarch: 132 - amd64 133 - arm64 134 - arm 135 - s390x 136 - ppc64le 137 goarm: 138 - 7 139 ldflags: 140 - "{{ .Env.LDFLAGS }}" 141 env: 142 - CGO_ENABLED=0 143 144 - id: sget 145 binary: sget-{{ .Os }}-{{ .Arch }} 146 no_unique_dist_dir: true 147 mod_timestamp: '{{ .CommitTimestamp }}' 148 main: ./cmd/sget 149 flags: 150 - -trimpath 151 goos: 152 - linux 153 - darwin 154 - windows 155 goarch: 156 - amd64 157 - arm64 158 - arm 159 - s390x 160 - ppc64le 161 goarm: 162 - 7 163 ignore: 164 - goos: windows 165 goarch: arm64 166 - goos: windows 167 goarch: arm 168 - goos: windows 169 goarch: s390x 170 - goos: windows 171 goarch: ppc64le 172 ldflags: 173 - "{{ .Env.LDFLAGS }}" 174 env: 175 - CGO_ENABLED=0 176 177 signs: 178 - id: cosign 179 signature: "${artifact}.sig" 180 cmd: ./dist/cosign-linux-amd64 181 args: ["sign-blob", "--output-signature", "${artifact}.sig", "--key", "gcpkms://projects/{{ .Env.PROJECT_ID }}/locations/{{ .Env.KEY_LOCATION }}/keyRings/{{ .Env.KEY_RING }}/cryptoKeys/{{ .Env.KEY_NAME }}/versions/{{ .Env.KEY_VERSION }}", "${artifact}"] 182 artifacts: binary 183 - id: cosigned 184 signature: "${artifact}.sig" 185 cmd: ./dist/cosign-linux-amd64 186 args: ["sign-blob", "--output-signature", "${artifact}.sig", "--key", "gcpkms://projects/{{ .Env.PROJECT_ID }}/locations/{{ .Env.KEY_LOCATION }}/keyRings/{{ .Env.KEY_RING }}/cryptoKeys/{{ .Env.KEY_NAME }}/versions/{{ .Env.KEY_VERSION }}", "${artifact}"] 187 artifacts: binary 188 ids: 189 - linux-cosigned 190 - id: sget 191 signature: "${artifact}.sig" 192 cmd: ./dist/cosign-linux-amd64 193 args: ["sign-blob", "--output-signature", "${artifact}.sig", "--key", "gcpkms://projects/{{ .Env.PROJECT_ID }}/locations/{{ .Env.KEY_LOCATION }}/keyRings/{{ .Env.KEY_RING }}/cryptoKeys/{{ .Env.KEY_NAME }}/versions/{{ .Env.KEY_VERSION }}", "${artifact}"] 194 artifacts: binary 195 ids: 196 - sget 197 # Keyless 198 - id: cosign-keyless 199 signature: "${artifact}-keyless.sig" 200 cmd: ./dist/cosign-linux-amd64 201 args: ["sign-blob", "--output-signature", "${artifact}-keyless.sig", "${artifact}"] 202 artifacts: binary 203 - id: cosigned-keyless 204 signature: "${artifact}-keyless.sig" 205 cmd: ./dist/cosign-linux-amd64 206 args: ["sign-blob", "--output-signature", "${artifact}-keyless.sig", "${artifact}"] 207 artifacts: binary 208 ids: 209 - linux-cosigned 210 - id: sget-keyless 211 signature: "${artifact}-keyless.sig" 212 cmd: ./dist/cosign-linux-amd64 213 args: ["sign-blob", "--output-signature", "${artifact}-keyless.sig", "${artifact}"] 214 artifacts: binary 215 ids: 216 - sget 217 218 archives: 219 - format: binary 220 name_template: "{{ .Binary }}" 221 allow_different_binary_count: true 222 223 checksum: 224 name_template: "{{ .ProjectName }}_checksums.txt" 225 226 snapshot: 227 name_template: SNAPSHOT-{{ .ShortCommit }} 228 229 release: 230 prerelease: allow # remove this when we start publishing non-prerelease or set to auto 231 draft: true # allow for manual edits 232 github: 233 owner: sigstore 234 name: cosign 235 footer: | 236 ### Thanks for all contributors! 237 238 extra_files: 239 - glob: "./release/release-cosign.pub" 240 241 rigs: 242 - rig: 243 owner: sigstore 244 name: fish-food 245 commit_author: 246 name: sigstore-bot 247 email: 86837369+sigstore-bot@users.noreply.github.com 248 homepage: https://sigstore.dev 249 description: Container Signing, Verification and Storage in an OCI registry. 250 license: "Apache License 2.0" 251