mirror of
https://github.com/unpoller/unpoller.git
synced 2026-04-05 08:54:00 -04:00
try to setup sboms
This commit is contained in:
Cody Lee
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
@@ -23,6 +23,8 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- run: git fetch --force --tags
|
- run: git fetch --force --tags
|
||||||
|
- uses: anchore/sbom-action/download-syft@v0.7.0 # installs syft
|
||||||
|
- uses: sigstore/cosign-installer@v2.1.0 # installs cosign
|
||||||
- name: Install RPM tooling
|
- name: Install RPM tooling
|
||||||
run: sudo apt-get install -y rpm
|
run: sudo apt-get install -y rpm
|
||||||
- name: Set up QEMU
|
- name: Set up QEMU
|
||||||
|
|||||||
@@ -77,14 +77,14 @@ builds:
|
|||||||
|
|
||||||
archives:
|
archives:
|
||||||
- id: unpoller
|
- id: unpoller
|
||||||
builds:
|
ids:
|
||||||
- unpoller
|
- unpoller
|
||||||
files:
|
files:
|
||||||
- LICENSE
|
- LICENSE
|
||||||
- README.md
|
- README.md
|
||||||
- examples/up.*.example
|
- examples/up.*.example
|
||||||
- id: unpoller-linux-arm
|
- id: unpoller-linux-arm
|
||||||
builds:
|
ids:
|
||||||
- unpoller-linux-arm
|
- unpoller-linux-arm
|
||||||
files:
|
files:
|
||||||
- LICENSE
|
- LICENSE
|
||||||
@@ -92,7 +92,7 @@ archives:
|
|||||||
- unpoller_manual.html
|
- unpoller_manual.html
|
||||||
- examples/up.*.example
|
- examples/up.*.example
|
||||||
- id: unpoller-mac
|
- id: unpoller-mac
|
||||||
builds:
|
ids:
|
||||||
- unpoller-mac
|
- unpoller-mac
|
||||||
files:
|
files:
|
||||||
- LICENSE
|
- LICENSE
|
||||||
@@ -102,8 +102,9 @@ archives:
|
|||||||
- id: unpoller-windows
|
- id: unpoller-windows
|
||||||
format_overrides:
|
format_overrides:
|
||||||
- goos: windows
|
- goos: windows
|
||||||
format: zip
|
formats:
|
||||||
builds:
|
- zip
|
||||||
|
ids:
|
||||||
- unpoller-windows
|
- unpoller-windows
|
||||||
files:
|
files:
|
||||||
- LICENSE
|
- LICENSE
|
||||||
@@ -113,9 +114,10 @@ archives:
|
|||||||
- examples/up.*.example
|
- examples/up.*.example
|
||||||
- init/windows/application.ico
|
- init/windows/application.ico
|
||||||
- id: unpoller-freebsd-pkg
|
- id: unpoller-freebsd-pkg
|
||||||
builds:
|
ids:
|
||||||
- unpoller-freebsd
|
- unpoller-freebsd
|
||||||
format: tar.xz
|
formats:
|
||||||
|
- tar.xz
|
||||||
wrap_in_directory: false
|
wrap_in_directory: false
|
||||||
files:
|
files:
|
||||||
# config files
|
# config files
|
||||||
@@ -309,9 +311,22 @@ docker_manifests:
|
|||||||
- "golift/unifi-poller:v{{ .Major }}-arm64v8"
|
- "golift/unifi-poller:v{{ .Major }}-arm64v8"
|
||||||
- "golift/unifi-poller:v{{ .Major }}-armv7"
|
- "golift/unifi-poller:v{{ .Major }}-armv7"
|
||||||
|
|
||||||
|
|
||||||
|
# signs our docker image
|
||||||
|
# https://goreleaser.com/customization/docker_sign
|
||||||
|
docker_signs:
|
||||||
|
- cmd: cosign
|
||||||
|
env:
|
||||||
|
- COSIGN_EXPERIMENTAL=1
|
||||||
|
artifacts: images
|
||||||
|
output: true
|
||||||
|
args:
|
||||||
|
- 'sign'
|
||||||
|
- '${artifact}'
|
||||||
|
|
||||||
nfpms:
|
nfpms:
|
||||||
- id: unpoller-packages
|
- id: unpoller-packages
|
||||||
builds:
|
ids:
|
||||||
- unpoller
|
- unpoller
|
||||||
- unpoller-linux-arm
|
- unpoller-linux-arm
|
||||||
file_name_template: '{{ .ProjectName }}_{{ if eq .Os "darwin" }}macOS{{ else if eq .Os "linux" }}Tux{{ else }}{{ .Os }}{{ end }}_{{ if eq .Arch "386" }}32-bit{{ else if eq .Arch "amd64" }}64-bit{{ else }}{{ .Arch }}{{ end }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
|
file_name_template: '{{ .ProjectName }}_{{ if eq .Os "darwin" }}macOS{{ else if eq .Os "linux" }}Tux{{ else }}{{ .Os }}{{ end }}_{{ if eq .Arch "386" }}32-bit{{ else if eq .Arch "amd64" }}64-bit{{ else }}{{ .Arch }}{{ end }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
|
||||||
@@ -507,6 +522,21 @@ signs:
|
|||||||
- unpoller-linux-arm
|
- unpoller-linux-arm
|
||||||
- unpoller-windows
|
- unpoller-windows
|
||||||
- unpoller-mac
|
- unpoller-mac
|
||||||
|
# signs the checksum file
|
||||||
|
# all files (including the sboms) are included in the checksum, so we don't need to sign each one if we don't want to
|
||||||
|
# https://goreleaser.com/customization/sign
|
||||||
|
- id: cosign
|
||||||
|
cmd: cosign
|
||||||
|
env:
|
||||||
|
- COSIGN_EXPERIMENTAL=1
|
||||||
|
certificate: '${artifact}.pem'
|
||||||
|
args:
|
||||||
|
- sign-blob
|
||||||
|
- '--output-certificate=${certificate}'
|
||||||
|
- '--output-signature=${signature}'
|
||||||
|
- '${artifact}'
|
||||||
|
artifacts: checksum
|
||||||
|
output: true
|
||||||
|
|
||||||
universal_binaries:
|
universal_binaries:
|
||||||
- replace: true
|
- replace: true
|
||||||
@@ -552,6 +582,15 @@ brews:
|
|||||||
post_install: |
|
post_install: |
|
||||||
etc.install "examples/up.conf" => "unpoller/up.conf"
|
etc.install "examples/up.conf" => "unpoller/up.conf"
|
||||||
|
|
||||||
|
# creates SBOMs of all archives and the source tarball using syft
|
||||||
|
# https://goreleaser.com/customization/sbom
|
||||||
|
# Two different sbom configurations need two different IDs
|
||||||
|
sboms:
|
||||||
|
- id: archive
|
||||||
|
artifacts: archive
|
||||||
|
- id: source
|
||||||
|
artifacts: source
|
||||||
|
|
||||||
publishers:
|
publishers:
|
||||||
- name: "packagecloud-publisher"
|
- name: "packagecloud-publisher"
|
||||||
ids:
|
ids:
|
||||||
|
|||||||
Reference in New Issue
Block a user