mirror of
https://github.com/goreleaser/nfpm
synced 2024-06-09 05:16:07 +02:00
chore(ci): improve/fix release config
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
This commit is contained in:
parent
4a9ffaf333
commit
d04964eae1
|
@ -32,7 +32,7 @@ dockers:
|
||||||
- 'goreleaser/nfpm:{{ .Tag }}-amd64'
|
- 'goreleaser/nfpm:{{ .Tag }}-amd64'
|
||||||
- 'ghcr.io/goreleaser/nfpm:{{ .Tag }}-amd64'
|
- 'ghcr.io/goreleaser/nfpm:{{ .Tag }}-amd64'
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
use_buildx: true
|
use: buildx
|
||||||
build_flag_templates:
|
build_flag_templates:
|
||||||
- "--pull"
|
- "--pull"
|
||||||
- "--label=org.opencontainers.image.created={{.Date}}"
|
- "--label=org.opencontainers.image.created={{.Date}}"
|
||||||
|
@ -45,7 +45,7 @@ dockers:
|
||||||
- 'goreleaser/nfpm:{{ .Tag }}-arm64v8'
|
- 'goreleaser/nfpm:{{ .Tag }}-arm64v8'
|
||||||
- 'ghcr.io/goreleaser/nfpm:{{ .Tag }}-arm64v8'
|
- 'ghcr.io/goreleaser/nfpm:{{ .Tag }}-arm64v8'
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
use_buildx: true
|
use: buildx
|
||||||
build_flag_templates:
|
build_flag_templates:
|
||||||
- "--pull"
|
- "--pull"
|
||||||
- "--label=org.opencontainers.image.created={{.Date}}"
|
- "--label=org.opencontainers.image.created={{.Date}}"
|
||||||
|
|
|
@ -75,6 +75,40 @@ go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest
|
||||||
|
|
||||||
Download the pre-compiled binaries from the [releases page][releases] and copy them to the desired location.
|
Download the pre-compiled binaries from the [releases page][releases] and copy them to the desired location.
|
||||||
|
|
||||||
|
## Verifying the binaries
|
||||||
|
|
||||||
|
All artifacts are checksummed and the checksum file is signed with [cosign][].
|
||||||
|
|
||||||
|
You can verify it using [our public key](https://goreleaser.com/static/goreleaser.pub).
|
||||||
|
|
||||||
|
1. Download the files you want, the `checksums.txt` and `checksums.txt.sig` files from the [releases][releases] page.
|
||||||
|
1. Verify the signature:
|
||||||
|
```sh
|
||||||
|
cosign verify-blob \
|
||||||
|
-key https://goreleaser.com/static/goreleaser.pub \
|
||||||
|
-signature checksums.txt.sig \
|
||||||
|
checksums.txt
|
||||||
|
```
|
||||||
|
1. If the signature is valid, you can then verify the SHA256 sums match with the downloaded binary:
|
||||||
|
```sh
|
||||||
|
sha256sum --ignore-missing -c checksums.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
## Verifying docker images
|
||||||
|
|
||||||
|
Our Docker image is signed with [cosign][].
|
||||||
|
|
||||||
|
You can verify it using [our public key](https://goreleaser.com/static/goreleaser.pub):
|
||||||
|
|
||||||
|
```sh
|
||||||
|
cosign verify \
|
||||||
|
-key https://goreleaser.com/static/goreleaser.pub \
|
||||||
|
goreleaser/nfpm
|
||||||
|
cosign verify \
|
||||||
|
-key https://goreleaser.com/static/goreleaser.pub \
|
||||||
|
ghcr.io/goreleaser/nfpm
|
||||||
|
```
|
||||||
|
|
||||||
## Running with Docker
|
## Running with Docker
|
||||||
|
|
||||||
You can also use it within a Docker container. To do that, you'll need to
|
You can also use it within a Docker container. To do that, you'll need to
|
||||||
|
|
Loading…
Reference in New Issue