ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-11 08:55:27 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

🌱 Reproducible builds with static binary

Browse Source 
Changes to goreleaser to have static binaries and reproducible builds.
This commit is contained in:
naveen 2021-10-25 19:30:13 +00:00 committed by Naveen
parent c3d51a7739
commit 311d2e2e42
3 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.goreleaser.yml
View File

@ -1,11 +1,21 @@
project_name: scorecard
env:
- GO111MODULE=on
- CGO_ENABLED=1
# https://stackoverflow.com/a/62821358/19407
- CGO_ENABLED=0
before:
hooks:
- go mod download
builds:
flags:
# trimpath is for reproducible builds
# remove all file system paths from the resulting executable.
# Instead of absolute file system paths, the recorded file names
# will begin with either "go" (for the standard library),
# or a module path@version (when using modules),
# or a plain import path (when using GOPATH).
- -trimpath
- -tags=netgo
- id: linux
binary: scorecard-linux-{{ .Arch }}
@ -18,7 +28,7 @@ builds:
- 386
- arm
ldflags:
- -s -w {{.Env.VERSION_LDFLAGS}}
- -s {{.Env.VERSION_LDFLAGS}}
- id: darwin
binary: scorecard-darwin-{{ .Arch }}
@ -29,7 +39,7 @@ builds:
- amd64
- arm64
ldflags:
- -s -w {{.Env.VERSION_LDFLAGS}}
- -s {{.Env.VERSION_LDFLAGS}}
- id: windows
binary: scorecard-windows-{{ .Arch }}
@ -43,7 +53,7 @@ builds:
- arm
ldflags:
- -buildmode=exe
- -s -w {{.Env.VERSION_LDFLAGS}}
- -s {{.Env.VERSION_LDFLAGS}}
checksum:
# Algorithm to be used.

3
Makefile
View File

@ -8,8 +8,7 @@ PROTOC := $(shell which protoc)
IMAGE_NAME = scorecard
OUTPUT = output
IGNORED_CI_TEST="E2E TEST:blob|E2E TEST:executable"
VERSION_LDFLAGS=$(shell ./scripts/version-ldflags)
LDFLAGS=$(shell echo "-w -extldflags \"-static\" $(VERSION_LDFLAGS)")
LDFLAGS=$(shell ./scripts/version-ldflags)
############################### make help #####################################
.PHONY: help

2
scripts/version-ldflags
View File

@ -24,4 +24,4 @@ GIT_HASH=$(git rev-parse HEAD)
SOURCE_DATE_EPOCH=$(git log --date=iso8601-strict -1 --pretty=%ct)
GIT_TREESTATE=$(if git diff --quiet; then echo "clean"; else echo "dirty"; fi)
PKG=$(go list -m | head -n1)/pkg
echo "-X $PKG.gitVersion=$GIT_VERSION -X $PKG.gitCommit=$GIT_HASH -X $PKG.gitTreeState=$GIT_TREESTATE -X $PKG.buildDate=$SOURCE_DATE_EPOCH"
echo "-X $PKG.gitVersion=$GIT_VERSION -X $PKG.gitCommit=$GIT_HASH -X $PKG.gitTreeState=$GIT_TREESTATE -X $PKG.buildDate=$SOURCE_DATE_EPOCH -w -extldflags \"-static\""