-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.goreleaser.yaml
More file actions
108 lines (98 loc) · 3.37 KB
/
Copy path.goreleaser.yaml
File metadata and controls
108 lines (98 loc) · 3.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# GoReleaser v2 configuration — https://goreleaser.com
# Drives the release: cross-platform binaries, archives, SHA-256 checksums,
# cosign-keyless signatures, a GitHub Release, and (when the tap repos +
# token exist) a Homebrew formula and Scoop manifest.
#
# Run locally (no publish): goreleaser release --snapshot --clean
# Validate config: goreleaser check
version: 2
project_name: siphon
# No `go mod tidy` before-hook: the release path stays read-only so the
# published binary is built from exactly the committed dependency graph at the
# tagged revision (CI enforces tidiness separately).
builds:
- id: siphon
main: ./cmd/siphon
binary: siphon
env:
- CGO_ENABLED=0
goos: [linux, darwin, windows]
goarch: [amd64, arm64]
# Match the version symbol the Makefile already injects, so a released
# binary's `siphon --version` reports the tag (not "0.0.1-dev").
ldflags:
- -s -w
- -X github.com/nixrajput/siphon/internal/cli.Version={{.Version}}
archives:
- id: siphon
formats: [tar.gz]
# Windows users expect .zip.
format_overrides:
- goos: windows
formats: [zip]
name_template: >-
{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}
files:
- LICENSE
- README.md
checksum:
name_template: "checksums.txt"
algorithm: sha256
# Cosign keyless signing of the checksums file. The release workflow grants
# id-token: write so cosign authenticates via GitHub's OIDC — no key to manage.
# Verify with: cosign verify-blob --certificate checksums.txt.pem \
# --signature checksums.txt.sig --certificate-identity-regexp ... checksums.txt
signs:
- cmd: cosign
artifacts: checksum
output: true
certificate: "${artifact}.pem"
args:
- sign-blob
- "--output-certificate=${certificate}"
- "--output-signature=${signature}"
- "${artifact}"
- "--yes"
changelog:
use: github
sort: asc
filters:
exclude:
- "^docs:"
- "^test:"
- "^chore:"
- "Merge pull request"
release:
github:
owner: nixrajput
name: siphon
prerelease: auto # tags like v1.0.0-rc1 → marked prerelease automatically
# Homebrew cask. Publishes to a SEPARATE repo (nixrajput/homebrew-siphon) using
# a PAT in HOMEBREW_TAP_GITHUB_TOKEN. skip_upload: auto means snapshots and
# prereleases do NOT push the cask, so the core release succeeds even before
# the tap repo / token exist. GoReleaser v2 renamed `brews` → `homebrew_casks`;
# a cask is the right model for a prebuilt binary (declare it via `binaries`
# rather than an imperative formula install block).
homebrew_casks:
- name: siphon
binaries:
- siphon
repository:
owner: nixrajput
name: homebrew-siphon
token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
homepage: "https://github.com/nixrajput/siphon"
description: "Sync any database, anywhere — backup, restore, and sync across engines."
skip_upload: auto
# Scoop bucket (Windows). Publishes to nixrajput/scoop-siphon via
# SCOOP_TAP_GITHUB_TOKEN; same skip_upload: auto tolerance as brew.
scoops:
- name: siphon
repository:
owner: nixrajput
name: scoop-siphon
token: "{{ .Env.SCOOP_TAP_GITHUB_TOKEN }}"
homepage: "https://github.com/nixrajput/siphon"
description: "Sync any database, anywhere — backup, restore, and sync across engines."
license: "MIT"
skip_upload: auto