From 2a71e05cd37c57fa23752377683edde67266e214 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Tue, 11 Jul 2023 23:32:37 +0200 Subject: [PATCH] WIP: start porting release logic to GoReleaser Goals: - _At least_ the publishing of the artifacts in the same formats as previous releases - Reproducable builds - SBOM inclusion - Checksums file inclusion - Cosign - SLSA compliant Signed-off-by: Hidde Beydals --- .goreleaser.yaml | 108 +++++++++++++++++++++++++++++++++++++++++++++++ Makefile | 6 +-- 2 files changed, 111 insertions(+), 3 deletions(-) create mode 100644 .goreleaser.yaml diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 000000000..22563c62b --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,108 @@ +# yaml-language-server: $schema=https://goreleaser.com/static/schema.json + +project_name: sops + +# xref: https://goreleaser.com/customization/build/ +builds: + - # ID of the build. + id: "binary" + + # Path to the main.go file or package to build. + main: ./cmd/sops + + # Binary name. + # Can be a path (e.g. `bin/app`) to wrap the binary in a directory. + binary: sops + + # Custom flags. + # Templates can be used here. + # xref: https://goreleaser.com/customization/templates/ + flags: + - v + + # Custom asmflags. + # Templates can be used here. + # xref: https://goreleaser.com/customization/templates/ + asmflags: [] + + # Custom gcflags. + # Templates can be used here. + # xref: https://goreleaser.com/customization/templates/ + gcflags: [] + + # Custom ldflags. + # Templates can be used here. + # xref: https://goreleaser.com/customization/templates/ + ldflags: [] + + # Custom build tags templates, e.g. `osusergo`. + tags: [] + + # Custom environment variables to be set during the build. + # Invalid environment variables will be ignored. + # Templates can be used here. + # xref: https://goreleaser.com/customization/templates/ + env: + - CGO_ENABLED=0 + + # GOOS to build the binary for. + # xref: https://golang.org/doc/install/source#environment + goos: + - linux + - darwin + - windows + + # GOARCH to build the binary for. + # xref: https://golang.org/doc/install/source#environment + goarch: + - amd64 + - arm64 + + # GOARM to build for when GOARCH is `arm`. + # xref: https://golang.org/doc/install/source#environment + goarm: + - '6' + - '7' + + # GOAMD64 to build when GOARCH is amd64. + # xref: https://golang.org/doc/install/source#environment + goamd64: + - v1 + + # List of GOOS + GOARCH + GOARM combinations to ignore when creating the + # build matrix. + ignore: [] + + # Modified timestamp on the binary, set to ensure reproducible builds. + mod_timestamp: "{{ .CommitTimestamp }}" + +# xref: https://goreleaser.com/customization/verifiable_builds/ +gomod: + # Proxy a module from proxy.golang.org, making the builds verifiable. + # This will only be effective if running against a tag. Snapshots will ignore + # this setting. + proxy: true + + # If proxy is true, use these environment variables when running `go mod` + # commands (namely, `go mod tidy`). + env: + - GOPROXY=https://proxy.golang.org,direct + - GOSUMDB=sum.golang.org + + # Sets the `-mod` flag value. + mod: mod + +# xref: https://goreleaser.com/customization/checksum/ +checksum: + # Template for the checksum file name. + # Templates can be used here. + # xref: https://goreleaser.com/customization/templates/ + name_template: "{{ .ProjectName }}_checksums.txt" + + # Algorithm to be used. + # Accepted options are sha256, sha512, sha1, crc32, md5, sha224 and sha384. + algorithm: sha256 + + # IDs of artifacts to include in the checksums file. + ids: + - binary diff --git a/Makefile b/Makefile index e302a7464..2a8557ead 100644 --- a/Makefile +++ b/Makefile @@ -2,9 +2,9 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -PROJECT := go.mozilla.org/sops/v3 -GO := GOPROXY=https://proxy.golang.org go -GOLINT := golint +PROJECT := go.mozilla.org/sops/v3 +GO := GOPROXY=https://proxy.golang.org go +GOLINT := golint all: test vet generate install functional-tests origin-build: test vet generate install functional-tests-all