diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 69a586d..f719c3e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,24 +16,16 @@ jobs: os: [ ubuntu-latest, macos-latest, windows-latest ] runs-on: ${{ matrix.os }} steps: - - - name: Checkout - uses: actions/checkout@v2 + - uses: actions/checkout@v2 with: fetch-depth: 0 - - - name: Set up Go - uses: actions/setup-go@v2 + - uses: actions/setup-go@v2 with: go-version: ${{ matrix.go-version }} - - - name: Set up Task - uses: arduino/setup-task@v1 + - uses: arduino/setup-task@v1 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Cache Go modules - uses: actions/cache@v2 + - uses: actions/cache@v2 with: path: | ~/go/pkg/mod @@ -41,18 +33,10 @@ jobs: key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - - - name: Setup - run: task setup - - - name: Unit Tests - run: task test - - - name: Diff - run: git diff - - - name: Upload coverage - uses: codecov/codecov-action@v2 + - run: task setup + - run: task test + - run: git diff + - uses: codecov/codecov-action@v2 if: matrix.os == 'ubuntu-latest' with: token: ${{ secrets.CODECOV_TOKEN }} @@ -68,24 +52,16 @@ jobs: DOCKER_CLI_EXPERIMENTAL: "enabled" NO_TEST_PPC64LE: "true" steps: - - - name: Checkout - uses: actions/checkout@v2 + - uses: actions/checkout@v2 with: fetch-depth: 0 - - - name: Set up Go - uses: actions/setup-go@v2 + - uses: actions/setup-go@v2 with: go-version: ${{ matrix.go-version }} - - - name: Set up Task - uses: arduino/setup-task@v1 + - uses: arduino/setup-task@v1 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Cache Go modules - uses: actions/cache@v2 + - uses: actions/cache@v2 with: path: | ~/go/pkg/mod @@ -93,18 +69,10 @@ jobs: key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Setup - run: task setup - - - name: Acceptance - run: TEST_PATTERN=/${{ matrix.pkgFormat }}/${{ matrix.pkgPlatform }}/ task acceptance + - uses: docker/setup-qemu-action@v1 + - uses: docker/setup-buildx-action@v1 + - run: task setup + - run: TEST_PATTERN=/${{ matrix.pkgFormat }}/${{ matrix.pkgPlatform }}/ task acceptance goreleaser: strategy: matrix: @@ -119,24 +87,16 @@ jobs: id-token: write packages: write steps: - - - name: Checkout - uses: actions/checkout@v2 + - uses: actions/checkout@v2 with: fetch-depth: 0 - - - name: Set up Go - uses: actions/setup-go@v2 + - uses: actions/setup-go@v2 with: go-version: ${{ matrix.go-version }} - - - name: Set up Task - uses: arduino/setup-task@v1 + - uses: arduino/setup-task@v1 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Cache Go modules - uses: actions/cache@v2 + - uses: actions/cache@v2 with: path: | ~/go/pkg/mod @@ -144,39 +104,24 @@ jobs: key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - - - name: Setup Sigstore - uses: sigstore/cosign-installer@v1.4.1 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Setup - run: task setup - - - name: Build - run: task build - - - name: Login to Docker Hub + - uses: sigstore/cosign-installer@v1.4.1 + - uses: anchore/sbom-action/download-syft@v0.6.0 + - uses: docker/setup-qemu-action@v1 + - uses: docker/setup-buildx-action@v1 + - run: task setup + - run: task build + - uses: docker/login-action@v1 if: startsWith(github.ref, 'refs/tags/v') - uses: docker/login-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Login to GitHub Container Registry + - uses: docker/login-action@v1 if: startsWith(github.ref, 'refs/tags/v') - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v2 + - uses: goreleaser/goreleaser-action@v2 if: success() with: version: latest diff --git a/.goreleaser.yml b/.goreleaser.yml index 5138ae6..810717f 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -142,6 +142,8 @@ nfpms: furies: - account: goreleaser +sboms: +- artifacts: archive signs: - cmd: cosign env: @@ -151,7 +153,6 @@ signs: artifacts: checksum args: - sign-blob - - '--oidc-issuer={{if index .Env "CI"}}https://token.actions.githubusercontent.com{{else}}https://oauth2.sigstore.dev/auth{{end}}' - '--output-certificate=${certificate}' - '--output-signature=${signature}' - '${artifact}' @@ -163,7 +164,6 @@ docker_signs: output: true args: - 'sign' - - '--oidc-issuer={{if index .Env "CI"}}https://token.actions.githubusercontent.com{{else}}https://oauth2.sigstore.dev/auth{{end}}' - '${artifact}' changelog: