diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 8f2bc441406..50a9b97dd52 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -22,6 +22,8 @@ on: jobs: goreleaser: runs-on: ubuntu-latest + permissions: + contents: write steps: - name: Checkout diff --git a/.goreleaser.yml b/.goreleaser.yml index ce9449a9a73..2feb2de758c 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -7,19 +7,18 @@ before: hooks: - go mod download builds: -flags: - # trimpath is for reproducible builds - # remove all file system paths from the resulting executable. - # Instead of absolute file system paths, the recorded file names - # will begin with either "go" (for the standard library), - # or a module path@version (when using modules), - # or a plain import path (when using GOPATH). - - -trimpath - - -tags=netgo - - id: linux binary: scorecard-linux-{{ .Arch }} no_unique_dist_dir: true + flags: + # trimpath is for reproducible builds + # remove all file system paths from the resulting executable. + # Instead of absolute file system paths, the recorded file names + # will begin with either "go" (for the standard library), + # or a module path@version (when using modules), + # or a plain import path (when using GOPATH). + - -trimpath + - -tags=netgo goos: - linux goarch: @@ -33,6 +32,15 @@ flags: - id: darwin binary: scorecard-darwin-{{ .Arch }} no_unique_dist_dir: true + flags: + # trimpath is for reproducible builds + # remove all file system paths from the resulting executable. + # Instead of absolute file system paths, the recorded file names + # will begin with either "go" (for the standard library), + # or a module path@version (when using modules), + # or a plain import path (when using GOPATH). + - -trimpath + - -tags=netgo goos: - darwin goarch: @@ -44,6 +52,15 @@ flags: - id: windows binary: scorecard-windows-{{ .Arch }} no_unique_dist_dir: true + flags: + # trimpath is for reproducible builds + # remove all file system paths from the resulting executable. + # Instead of absolute file system paths, the recorded file names + # will begin with either "go" (for the standard library), + # or a module path@version (when using modules), + # or a plain import path (when using GOPATH). + - -trimpath + - -tags=netgo goos: - windows goarch: