project_name: scorecard
env:
  - GO111MODULE=on
  # https://stackoverflow.com/a/62821358/19407
  - CGO_ENABLED=0
before:
  hooks:
    - go mod download
gomod:
  proxy: true
builds:
- id: linux
  binary: scorecard-linux-{{ .Arch }}
  no_unique_dist_dir: true
  flags:
   # trimpath is for reproducible builds
   # remove all file system paths from the resulting executable.
   # Instead of absolute file system paths, the recorded file names
   # will begin with either "go" (for the standard library),
   # or a module path@version (when using modules),
   # or a plain import path (when using GOPATH).
      - -trimpath
      - -tags=netgo
  # Set the modified timestamp on the output binary, typically
  # you would do this to ensure a build was reproducible. Pass
  # empty string to skip modifying the output.
  # Default is empty string.
  mod_timestamp: '{{ .CommitTimestamp }}'
  goos:
    - linux
  goarch:
    - amd64
    - arm64
    - 386
    - arm
  ldflags:
    - -s {{.Env.VERSION_LDFLAGS}} 

- id: darwin
  binary: scorecard-darwin-{{ .Arch }}
  no_unique_dist_dir: true
  flags:
   # trimpath is for reproducible builds
   # remove all file system paths from the resulting executable.
   # Instead of absolute file system paths, the recorded file names
   # will begin with either "go" (for the standard library),
   # or a module path@version (when using modules),
   # or a plain import path (when using GOPATH).
      - -trimpath
      - -tags=netgo
  # Set the modified timestamp on the output binary, typically
  # you would do this to ensure a build was reproducible. Pass
  # empty string to skip modifying the output.
  # Default is empty string.
  mod_timestamp: '{{ .CommitTimestamp }}'
  goos:
    - darwin
  goarch:
    - amd64
    - arm64
  ldflags:
    - -s {{.Env.VERSION_LDFLAGS}} 

- id: windows
  binary: scorecard-windows-{{ .Arch }}
  no_unique_dist_dir: true
  flags:
   # trimpath is for reproducible builds
   # remove all file system paths from the resulting executable.
   # Instead of absolute file system paths, the recorded file names
   # will begin with either "go" (for the standard library),
   # or a module path@version (when using modules),
   # or a plain import path (when using GOPATH).
      - -trimpath
      - -tags=netgo
  # Set the modified timestamp on the output binary, typically
  # you would do this to ensure a build was reproducible. Pass
  # empty string to skip modifying the output.
  # Default is empty string.
  mod_timestamp: '{{ .CommitTimestamp }}'
  goos:
    - windows
  goarch:
    - amd64
    - 386
    - arm64
    - arm
  ldflags:
    - -buildmode=exe
    - -s {{.Env.VERSION_LDFLAGS}} 

checksum:
  # Algorithm to be used.
  # Accepted options are sha256, sha512, sha1, crc32, md5, sha224 and sha384.
  # Default is sha256.
  name_template: "{{ .ProjectName }}_checksums.txt"

snapshot:
  name_template: SNAPSHOT-{{ .ShortCommit }}
changelog:
  # Set it to true if you wish to skip the changelog generation.
  # This may result in an empty release notes on GitHub/GitLab/Gitea.
  skip: false
signs:
  - artifacts: checksum
    args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]

release:
  footer: |
    ### Thanks for all contributors!