forked from google/osv-scanner
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.goreleaser.yml
88 lines (85 loc) · 3.2 KB
/
.goreleaser.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
before:
hooks:
- go mod tidy
builds:
- env:
# goreleaser does not work with CGO, it could also complicate
# usage by users in CI/CD systems like Terraform Cloud where
# they are unable to install libraries.
- CGO_ENABLED=0
- GO111MODULE=on
mod_timestamp: "{{ .CommitTimestamp }}"
flags:
- -trimpath
ldflags:
# prettier-ignore
- '-s -w -X github.com/google/osv-scanner/internal/version.OSVVersion={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}}'
goos:
# Further testing before supporting freebsd
# - freebsd
- windows
- linux
- darwin
goarch:
- amd64
# 32bit does not compile at the moment because of spdx dependency
# - '386'
# Further testing before supporting arm
# - arm
- arm64
main: ./cmd/osv-scanner/
dockers:
# Arch: amd64
- image_templates:
- "ghcr.io/google/osv-scanner:{{ .Tag }}-amd64"
dockerfile: goreleaser.dockerfile
use: buildx
build_flag_templates:
- "--pull"
- "--label=org.opencontainers.image.title=osv-scanner"
- "--label=org.opencontainers.image.description=Vulnerability scanner written in Go which uses the data provided by https://osv.dev"
- "--label=org.opencontainers.image.licenses=Apache License 2.0"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.name={{.ProjectName}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.source={{.GitURL}}"
- "--label=org.opencontainers.image.url={{.GitURL}}"
- "--platform=linux/amd64"
# Arch: arm64
- image_templates:
- "ghcr.io/google/osv-scanner:{{ .Tag }}-arm64"
dockerfile: goreleaser.dockerfile
use: buildx
build_flag_templates:
- "--pull"
- "--label=org.opencontainers.image.title=osv-scanner"
- "--label=org.opencontainers.image.description=Vulnerability scanner written in Go which uses the data provided by https://osv.dev"
- "--label=org.opencontainers.image.licenses=Apache-2.0"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.name={{.ProjectName}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.source={{.GitURL}}"
- "--label=org.opencontainers.image.url={{.GitURL}}"
- "--platform=linux/arm64"
goarch: arm64
docker_manifests:
- name_template: "ghcr.io/google/osv-scanner:{{ .Tag }}"
image_templates:
- "ghcr.io/google/osv-scanner:{{ .Tag }}-amd64"
- "ghcr.io/google/osv-scanner:{{ .Tag }}-arm64"
- name_template: "ghcr.io/google/osv-scanner:latest"
image_templates:
- "ghcr.io/google/osv-scanner:{{ .Tag }}-amd64"
- "ghcr.io/google/osv-scanner:{{ .Tag }}-arm64"
archives:
- format: binary
name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
checksum:
name_template: "{{ .ProjectName }}_{{ .Version }}_SHA256SUMS"
algorithm: sha256
release:
draft: true
changelog:
skip: false