scorecard/.goreleaser.yml
laurentsimon 3b7c46f779
SLSA provenance/build (#1702)
* SLSA build

* missing files

* updates

* updates

* updates

* indent fix

* update

* update

* updates

* updates

* updates

* updates
2022-06-08 09:54:09 -07:00

111 lines
3.2 KiB
YAML

project_name: scorecard
env:
- GO111MODULE=on
# https://stackoverflow.com/a/62821358/19407
- CGO_ENABLED=0
before:
hooks:
- go mod download
gomod:
proxy: true
builds:
- id: linux
binary: scorecard-linux-{{ .Arch }}
no_unique_dist_dir: true
flags:
# trimpath is for reproducible builds
# remove all file system paths from the resulting executable.
# Instead of absolute file system paths, the recorded file names
# will begin with either "go" (for the standard library),
# or a module path@version (when using modules),
# or a plain import path (when using GOPATH).
- -trimpath
- -tags=netgo
# Set the modified timestamp on the output binary, typically
# you would do this to ensure a build was reproducible. Pass
# empty string to skip modifying the output.
# Default is empty string.
mod_timestamp: '{{ .CommitTimestamp }}'
goos:
- linux
goarch:
- arm64
- 386
- arm
ldflags:
- -s {{.Env.VERSION_LDFLAGS}}
- id: darwin
binary: scorecard-darwin-{{ .Arch }}
no_unique_dist_dir: true
flags:
# trimpath is for reproducible builds
# remove all file system paths from the resulting executable.
# Instead of absolute file system paths, the recorded file names
# will begin with either "go" (for the standard library),
# or a module path@version (when using modules),
# or a plain import path (when using GOPATH).
- -trimpath
- -tags=netgo
# Set the modified timestamp on the output binary, typically
# you would do this to ensure a build was reproducible. Pass
# empty string to skip modifying the output.
# Default is empty string.
mod_timestamp: '{{ .CommitTimestamp }}'
goos:
- darwin
goarch:
- amd64
- arm64
ldflags:
- -s {{.Env.VERSION_LDFLAGS}}
- id: windows
binary: scorecard-windows-{{ .Arch }}
no_unique_dist_dir: true
flags:
# trimpath is for reproducible builds
# remove all file system paths from the resulting executable.
# Instead of absolute file system paths, the recorded file names
# will begin with either "go" (for the standard library),
# or a module path@version (when using modules),
# or a plain import path (when using GOPATH).
- -trimpath
- -tags=netgo
# Set the modified timestamp on the output binary, typically
# you would do this to ensure a build was reproducible. Pass
# empty string to skip modifying the output.
# Default is empty string.
mod_timestamp: '{{ .CommitTimestamp }}'
goos:
- windows
goarch:
- amd64
- 386
- arm64
- arm
ldflags:
- -buildmode=exe
- -s {{.Env.VERSION_LDFLAGS}}
checksum:
# Algorithm to be used.
# Accepted options are sha256, sha512, sha1, crc32, md5, sha224 and sha384.
# Default is sha256.
name_template: "{{ .ProjectName }}_checksums.txt"
algorithm: sha512
snapshot:
name_template: SNAPSHOT-{{ .ShortCommit }}
changelog:
# Set it to true if you wish to skip the changelog generation.
# This may result in an empty release notes on GitHub/GitLab/Gitea.
skip: false
signs:
- artifacts: checksum
args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
release:
footer: |
### Thanks for all contributors!