-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy path.goreleaser.yml
89 lines (87 loc) · 2.71 KB
/
.goreleaser.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
version: 2
dist: release
release:
github:
owner: ekristen
name: cast
extra_files:
- glob: "./*.pub"
footer: |
## Release Verification
You can verify a release of cast by using cosign and it's verify-blob command and simply point to the hosted files.
If you'd rather download them you can do that as well and run the same command to verify.
```bash
cosign verify-blob \
--key https://github.com/ekristen/cast/releases/download/v{{.Version}}/cosign.pub \
--signature https://github.com/ekristen/cast/releases/download/v{{.Version}}/cast_v{{.Version}}_linux_amd64.tar.gz.sig \
https://github.com/ekristen/cast/releases/download/v{{.Version}}/cast_v{{.Version}}_linux_amd64.tar.gz
```
prerelease: auto
env:
- CGO_ENABLED=0
builds:
- id: cast
goos:
- linux
- darwin
goarch:
- amd64
- arm64
ldflags:
- -s
- -w
- -extldflags="-static"
- -X '{{ .ModulePath }}/pkg/common.SUMMARY=v{{ .Version }}'
- -X '{{ .ModulePath }}/pkg/common.BRANCH={{ .Branch }}'
- -X '{{ .ModulePath }}/pkg/common.VERSION={{ .Tag }}'
- -X '{{ .ModulePath }}/pkg/common.COMMIT={{ .Commit }}'
hooks:
post:
- cmd: |
{{- if eq .Os "darwin" -}}
quill sign-and-notarize "{{ .Path }}" --dry-run={{ .IsSnapshot }} --ad-hoc={{ .IsSnapshot }} -vv
{{- else -}}
true
{{- end -}}
env:
- QUILL_LOG_FILE=/tmp/quill-{{ .Target }}.log
archives:
- id: cast
builds:
- cast
name_template: "{{ .ProjectName }}-v{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ .Arm }}"
format_overrides:
- goos: windows
format: zip
signs:
- ids:
- default
- darwin
cmd: cosign
signature: "${artifact}.sig"
certificate: "${artifact}.pem"
args: ["sign-blob", "--yes", "--oidc-provider=github", "--oidc-issuer=https://token.actions.githubusercontent.com", "--output-certificate=${certificate}", "--output-signature=${signature}", "${artifact}"]
artifacts: all
nfpms:
- id: cast
package_name: cast
builds:
- cast
vendor: ekristen.dev
file_name_template: "{{ .PackageName }}-v{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}-{{ . }}{{ end }}"
homepage: https://github.com/ekristen/cast
maintainer: Erik Kristensen <erik@erikkristensen.com>
description: Cast is an installer tool for any Cast compatible distro
license: MIT
formats:
- deb
deb:
signature:
key_file: "{{ .Env.NFPM_GPG_KEY }}"
type: origin
checksum:
name_template: "checksums.txt"
snapshot:
version_template: '{{ trimprefix .Summary "v" }}'
changelog:
disable: true