Skip to content

Commit

Permalink
WIP: start porting release logic to GoReleaser
Browse files Browse the repository at this point in the history
Goals:

- _At least_ the publishing of the artifacts in the same formats as
  previous releases
- Reproducable builds
- SBOM inclusion
- Checksums file inclusion
- Cosign
- SLSA compliant

Signed-off-by: Hidde Beydals <hidde@hhh.computer>
  • Loading branch information
hiddeco committed Jul 11, 2023
1 parent 7051ccd commit 9da6f02
Show file tree
Hide file tree
Showing 3 changed files with 89 additions and 4 deletions.
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
target
dist/
target/
Cargo.lock
vendor/
coverage.txt
Expand Down
84 changes: 84 additions & 0 deletions .goreleaser.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
# yaml-language-server: $schema=https://goreleaser.com/static/schema.json

project_name: sops

# xref: https://goreleaser.com/customization/build/
builds:
- # ID of the build.
id: "binary"

# Path to the main.go file or package to build.
main: ./cmd/sops

# Binary name.
# Can be a path (e.g. `bin/app`) to wrap the binary in a directory.
binary: sops

# Custom flags.
# Templates can be used here.
# xref: https://goreleaser.com/customization/templates/
flags:
- -v
- -trimpath

# Custom ldflags.
# Templates can be used here.
# xref: https://goreleaser.com/customization/templates/
ldflags:
- -s
- -w
- -X "go.mozilla.org/sops/v3/version.Version={{ .Version }}"

# Custom environment variables to be set during the build.
# Invalid environment variables will be ignored.
# Templates can be used here.
# xref: https://goreleaser.com/customization/templates/
env:
- CGO_ENABLED=0

# GOOS to build the binary for.
# xref: https://golang.org/doc/install/source#environment
goos:
- linux
- darwin
- windows

# GOARCH to build the binary for.
# xref: https://golang.org/doc/install/source#environment
goarch:
- amd64
- arm64

# Modified timestamp on the binary, set to ensure reproducible builds.
mod_timestamp: "{{ .CommitTimestamp }}"

# xref: https://goreleaser.com/customization/verifiable_builds/
gomod:
# Proxy a module from proxy.golang.org, making the builds verifiable.
# This will only be effective if running against a tag. Snapshots will ignore
# this setting.
proxy: true

# If proxy is true, use these environment variables when running `go mod`
# commands (namely, `go mod tidy`).
env:
- GOPROXY=https://proxy.golang.org,direct
- GOSUMDB=sum.golang.org

# Sets the `-mod` flag value.
mod: mod

# xref: https://goreleaser.com/customization/checksum/
checksum:
# Template for the checksum file name.
# Templates can be used here.
# xref: https://goreleaser.com/customization/templates/
name_template: "{{ .ProjectName }}_checksums.txt"

# Algorithm to be used.
# Accepted options are sha256, sha512, sha1, crc32, md5, sha224 and sha384.
algorithm: sha256

# IDs of artifacts to include in the checksums file.
ids:
- binary
6 changes: 3 additions & 3 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

PROJECT := go.mozilla.org/sops/v3
GO := GOPROXY=https://proxy.golang.org go
GOLINT := golint
PROJECT := go.mozilla.org/sops/v3
GO := GOPROXY=https://proxy.golang.org go
GOLINT := golint

all: test vet generate install functional-tests
origin-build: test vet generate install functional-tests-all
Expand Down

0 comments on commit 9da6f02

Please sign in to comment.