forked from fluxcd/image-automation-controller
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.goreleaser.yaml
56 lines (45 loc) · 1.4 KB
/
.goreleaser.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
project_name: weave-assured-image-automation-controller
builds:
- skip: true
release:
extra_files:
- glob: config/release/*.yaml
prerelease: "true"
header: |
## Changelog
[{{.Tag}} changelog](https://github.com/weaveworks/{{.ProjectName}}/blob/{{.Tag}}/CHANGELOG.md)
footer: |
## Container images
- `ghcr.io/weaveworks/{{.ProjectName}}:{{.Tag}}`
Supported architectures: `linux/amd64`, `linux/arm64` and `linux/arm/v7`.
The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC.
To verify the images and their provenance (SLSA level 3), please see the [security documentation](https://fluxcd.io/flux/security/).
changelog:
skip: true
checksum:
extra_files:
- glob: config/release/*.yaml
source:
enabled: true
name_template: "{{ .ProjectName }}_{{ .Version }}_source_code"
sboms:
- id: source
artifacts: source
documents:
- "{{ .ProjectName }}_{{ .Version }}_sbom.spdx.json"
# signs the checksum file
# all files (including the sboms) are included in the checksum
# https://goreleaser.com/customization/sign
signs:
- cmd: cosign
env:
- COSIGN_EXPERIMENTAL=1
certificate: "${artifact}.pem"
args:
- sign-blob
- "--yes"
- "--output-certificate=${certificate}"
- "--output-signature=${signature}"
- "${artifact}"
artifacts: checksum
output: true