augur/.goreleaser.yml at main · starkross/augur · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
version: 2
project_name: augur

before:
  hooks:
    - go mod tidy

builds:
  - id: augur
    main: ./cmd/augur
    binary: augur
    env: [CGO_ENABLED=0]
    ldflags: [-s, -w, "-X main.version={{.Version}}"]
    goos: [linux, darwin, windows]
    goarch: [amd64, arm64]

archives:
  - id: default
    formats: [tar.gz]
    format_overrides:
      - goos: windows
        formats: [zip]
    name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
    files: [README.md, "rules/policy/**/*.rego"]

kos:
  - id: augur
    main: ./cmd/augur
    repositories:
      - ghcr.io/starkross/augur
    platforms: [linux/amd64, linux/arm64]
    tags:
      - "{{ .Version }}"
      - '{{ if not .Prerelease }}latest{{ end }}'
    bare: true
    sbom: cyclonedx
    ldflags: [-s, -w, "-X main.version={{.Version}}"]
    labels:
      org.opencontainers.image.title: "{{ .ProjectName }}"
      org.opencontainers.image.version: "{{ .Version }}"
      org.opencontainers.image.source: "{{ .GitURL }}"
      org.opencontainers.image.licenses: Apache-2.0

homebrew_casks:
  - repository:
      owner: starkross
      name: homebrew-tap
      token: "{{ .Env.HOMEBREW_TAP_TOKEN }}"
    directory: Casks
    homepage: https://github.com/starkross/augur
    description: Policy-driven linter for OpenTelemetry configurations
    license: Apache-2.0
    skip_upload: auto

release:
  prerelease: auto

checksum:
  name_template: checksums.txt

sboms:
  - id: archive
    artifacts: archive
    documents:
      - "${artifact}.sbom.cdx.json"
    cmd: syft
    args: [scan, "$artifact", --output, "cyclonedx-json=$document"]

signs:
  - id: checksums
    cmd: cosign
    certificate: "${artifact}.pem"
    signature: "${artifact}.sig"
    args:
      - sign-blob
      - "--yes"
      - "--output-certificate=${certificate}"
      - "--output-signature=${signature}"
      - "${artifact}"
    artifacts: checksum
    output: true

docker_signs:
  - id: images
    cmd: cosign
    args:
      - sign
      - "--yes"
      - "${artifact}"
    artifacts: manifests
    output: true

nfpms:
  - package_name: augur
    maintainer: starkross
    vendor: starkross
    license: Apache-2.0
    formats: [deb, rpm, apk]
    contents:
      - src: rules/policy/**/*.rego
        dst: /usr/share/augur/policy/