mirror of
https://github.com/goreleaser/nfpm
synced 2024-05-12 23:06:18 +02:00
chore(ci): publish sboms
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
This commit is contained in:
parent
78b0a49a99
commit
ebe9ddfb6f
|
@ -16,24 +16,16 @@ jobs:
|
||||||
os: [ ubuntu-latest, macos-latest, windows-latest ]
|
os: [ ubuntu-latest, macos-latest, windows-latest ]
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
steps:
|
steps:
|
||||||
-
|
- uses: actions/checkout@v2
|
||||||
name: Checkout
|
|
||||||
uses: actions/checkout@v2
|
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
-
|
- uses: actions/setup-go@v2
|
||||||
name: Set up Go
|
|
||||||
uses: actions/setup-go@v2
|
|
||||||
with:
|
with:
|
||||||
go-version: ${{ matrix.go-version }}
|
go-version: ${{ matrix.go-version }}
|
||||||
-
|
- uses: arduino/setup-task@v1
|
||||||
name: Set up Task
|
|
||||||
uses: arduino/setup-task@v1
|
|
||||||
with:
|
with:
|
||||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
-
|
- uses: actions/cache@v2
|
||||||
name: Cache Go modules
|
|
||||||
uses: actions/cache@v2
|
|
||||||
with:
|
with:
|
||||||
path: |
|
path: |
|
||||||
~/go/pkg/mod
|
~/go/pkg/mod
|
||||||
|
@ -41,18 +33,10 @@ jobs:
|
||||||
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
||||||
restore-keys: |
|
restore-keys: |
|
||||||
${{ runner.os }}-go-
|
${{ runner.os }}-go-
|
||||||
-
|
- run: task setup
|
||||||
name: Setup
|
- run: task test
|
||||||
run: task setup
|
- run: git diff
|
||||||
-
|
- uses: codecov/codecov-action@v2
|
||||||
name: Unit Tests
|
|
||||||
run: task test
|
|
||||||
-
|
|
||||||
name: Diff
|
|
||||||
run: git diff
|
|
||||||
-
|
|
||||||
name: Upload coverage
|
|
||||||
uses: codecov/codecov-action@v2
|
|
||||||
if: matrix.os == 'ubuntu-latest'
|
if: matrix.os == 'ubuntu-latest'
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.CODECOV_TOKEN }}
|
token: ${{ secrets.CODECOV_TOKEN }}
|
||||||
|
@ -68,24 +52,16 @@ jobs:
|
||||||
DOCKER_CLI_EXPERIMENTAL: "enabled"
|
DOCKER_CLI_EXPERIMENTAL: "enabled"
|
||||||
NO_TEST_PPC64LE: "true"
|
NO_TEST_PPC64LE: "true"
|
||||||
steps:
|
steps:
|
||||||
-
|
- uses: actions/checkout@v2
|
||||||
name: Checkout
|
|
||||||
uses: actions/checkout@v2
|
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
-
|
- uses: actions/setup-go@v2
|
||||||
name: Set up Go
|
|
||||||
uses: actions/setup-go@v2
|
|
||||||
with:
|
with:
|
||||||
go-version: ${{ matrix.go-version }}
|
go-version: ${{ matrix.go-version }}
|
||||||
-
|
- uses: arduino/setup-task@v1
|
||||||
name: Set up Task
|
|
||||||
uses: arduino/setup-task@v1
|
|
||||||
with:
|
with:
|
||||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
-
|
- uses: actions/cache@v2
|
||||||
name: Cache Go modules
|
|
||||||
uses: actions/cache@v2
|
|
||||||
with:
|
with:
|
||||||
path: |
|
path: |
|
||||||
~/go/pkg/mod
|
~/go/pkg/mod
|
||||||
|
@ -93,18 +69,10 @@ jobs:
|
||||||
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
||||||
restore-keys: |
|
restore-keys: |
|
||||||
${{ runner.os }}-go-
|
${{ runner.os }}-go-
|
||||||
-
|
- uses: docker/setup-qemu-action@v1
|
||||||
name: Set up QEMU
|
- uses: docker/setup-buildx-action@v1
|
||||||
uses: docker/setup-qemu-action@v1
|
- run: task setup
|
||||||
-
|
- run: TEST_PATTERN=/${{ matrix.pkgFormat }}/${{ matrix.pkgPlatform }}/ task acceptance
|
||||||
name: Set up Docker Buildx
|
|
||||||
uses: docker/setup-buildx-action@v1
|
|
||||||
-
|
|
||||||
name: Setup
|
|
||||||
run: task setup
|
|
||||||
-
|
|
||||||
name: Acceptance
|
|
||||||
run: TEST_PATTERN=/${{ matrix.pkgFormat }}/${{ matrix.pkgPlatform }}/ task acceptance
|
|
||||||
goreleaser:
|
goreleaser:
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
|
@ -119,24 +87,16 @@ jobs:
|
||||||
id-token: write
|
id-token: write
|
||||||
packages: write
|
packages: write
|
||||||
steps:
|
steps:
|
||||||
-
|
- uses: actions/checkout@v2
|
||||||
name: Checkout
|
|
||||||
uses: actions/checkout@v2
|
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
-
|
- uses: actions/setup-go@v2
|
||||||
name: Set up Go
|
|
||||||
uses: actions/setup-go@v2
|
|
||||||
with:
|
with:
|
||||||
go-version: ${{ matrix.go-version }}
|
go-version: ${{ matrix.go-version }}
|
||||||
-
|
- uses: arduino/setup-task@v1
|
||||||
name: Set up Task
|
|
||||||
uses: arduino/setup-task@v1
|
|
||||||
with:
|
with:
|
||||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
-
|
- uses: actions/cache@v2
|
||||||
name: Cache Go modules
|
|
||||||
uses: actions/cache@v2
|
|
||||||
with:
|
with:
|
||||||
path: |
|
path: |
|
||||||
~/go/pkg/mod
|
~/go/pkg/mod
|
||||||
|
@ -144,39 +104,24 @@ jobs:
|
||||||
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
||||||
restore-keys: |
|
restore-keys: |
|
||||||
${{ runner.os }}-go-
|
${{ runner.os }}-go-
|
||||||
-
|
- uses: sigstore/cosign-installer@v1.4.1
|
||||||
name: Setup Sigstore
|
- uses: anchore/sbom-action/download-syft@v0.6.0
|
||||||
uses: sigstore/cosign-installer@v1.4.1
|
- uses: docker/setup-qemu-action@v1
|
||||||
-
|
- uses: docker/setup-buildx-action@v1
|
||||||
name: Set up QEMU
|
- run: task setup
|
||||||
uses: docker/setup-qemu-action@v1
|
- run: task build
|
||||||
-
|
- uses: docker/login-action@v1
|
||||||
name: Set up Docker Buildx
|
|
||||||
uses: docker/setup-buildx-action@v1
|
|
||||||
-
|
|
||||||
name: Setup
|
|
||||||
run: task setup
|
|
||||||
-
|
|
||||||
name: Build
|
|
||||||
run: task build
|
|
||||||
-
|
|
||||||
name: Login to Docker Hub
|
|
||||||
if: startsWith(github.ref, 'refs/tags/v')
|
if: startsWith(github.ref, 'refs/tags/v')
|
||||||
uses: docker/login-action@v1
|
|
||||||
with:
|
with:
|
||||||
username: ${{ secrets.DOCKER_USERNAME }}
|
username: ${{ secrets.DOCKER_USERNAME }}
|
||||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||||
-
|
- uses: docker/login-action@v1
|
||||||
name: Login to GitHub Container Registry
|
|
||||||
if: startsWith(github.ref, 'refs/tags/v')
|
if: startsWith(github.ref, 'refs/tags/v')
|
||||||
uses: docker/login-action@v1
|
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.repository_owner }}
|
username: ${{ github.repository_owner }}
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
-
|
- uses: goreleaser/goreleaser-action@v2
|
||||||
name: Run GoReleaser
|
|
||||||
uses: goreleaser/goreleaser-action@v2
|
|
||||||
if: success()
|
if: success()
|
||||||
with:
|
with:
|
||||||
version: latest
|
version: latest
|
||||||
|
|
|
@ -142,6 +142,8 @@ nfpms:
|
||||||
furies:
|
furies:
|
||||||
- account: goreleaser
|
- account: goreleaser
|
||||||
|
|
||||||
|
sboms:
|
||||||
|
- artifacts: archive
|
||||||
signs:
|
signs:
|
||||||
- cmd: cosign
|
- cmd: cosign
|
||||||
env:
|
env:
|
||||||
|
@ -151,7 +153,6 @@ signs:
|
||||||
artifacts: checksum
|
artifacts: checksum
|
||||||
args:
|
args:
|
||||||
- sign-blob
|
- sign-blob
|
||||||
- '--oidc-issuer={{if index .Env "CI"}}https://token.actions.githubusercontent.com{{else}}https://oauth2.sigstore.dev/auth{{end}}'
|
|
||||||
- '--output-certificate=${certificate}'
|
- '--output-certificate=${certificate}'
|
||||||
- '--output-signature=${signature}'
|
- '--output-signature=${signature}'
|
||||||
- '${artifact}'
|
- '${artifact}'
|
||||||
|
@ -163,7 +164,6 @@ docker_signs:
|
||||||
output: true
|
output: true
|
||||||
args:
|
args:
|
||||||
- 'sign'
|
- 'sign'
|
||||||
- '--oidc-issuer={{if index .Env "CI"}}https://token.actions.githubusercontent.com{{else}}https://oauth2.sigstore.dev/auth{{end}}'
|
|
||||||
- '${artifact}'
|
- '${artifact}'
|
||||||
|
|
||||||
changelog:
|
changelog:
|
||||||
|
|
Loading…
Reference in New Issue