-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy path.goreleaser.yaml
129 lines (116 loc) · 3.2 KB
/
.goreleaser.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
project_name: capsule-addon-fluxcd
before:
hooks:
- go mod tidy
builds:
- env:
- CGO_ENABLED=0
- GO111MODULE=on
goos:
- linux
goarch:
- amd64
- arm64
ldflags: |
-s
-w
-X main.buildCommit={{ .Commit }}
-X main.buildDate={{ .CommitDate }}
-X main.buildVersion={{ .Version }}
mod_timestamp: '{{ .CommitTimestamp }}'
# Publish sources.
source:
enabled: true
# Publish the checksums file of the release.
checksum:
name_template: '{{ .ProjectName }}_{{ .Version }}_checksums.txt'
# Sign the checksums file.
# All files (including the sboms) are included in the checksum,
# so we don't need to sign each one if we don't want to.
# https://goreleaser.com/customization/sign
signs:
- cmd: cosign
certificate: '${artifact}.pem'
args:
- sign-blob
- '--output-certificate=${certificate}'
- '--output-signature=${signature}'
- '${artifact}'
- '--yes' # needed on cosign 2.0.0+
artifacts: all
output: true
# Use ko to build and publish container image.
# https://goreleaser.com/customization/ko/?h=kos
kos:
- base_image: cgr.dev/chainguard/static
repository: ghcr.io/projectcapsule/capsule-addon-fluxcd
bare: true
tags:
- '{{ .Version }}'
- '{{ .Major }}.{{ .Minor }}'
- latest
platforms:
- linux/amd64
- linux/arm64
sbom: spdx
# Sign the container image.
# https://goreleaser.com/customization/docker_sig
docker_signs:
- cmd: cosign
artifacts: all
output: true
args:
- 'sign'
- '${artifact}'
- '--yes'
# Create SBOMs of all archives and the source tarball using syft.
# https://goreleaser.com/customization/sbom
sboms:
- id: archive
artifacts: archive
- id: source
artifacts: source
# Generate a GitHub release with a customized description.
release:
footer: |
## Thanks!
Those were the changes on {{ .Tag }}!
**Full Changelog**: https://github.com/projectcapsule/{{ .ProjectName }}/compare/{{ .PreviousTag }}...{{ .Tag }}
**Container images**
- `ghcr.io/projectcapsule/{{ .ProjectName }}:{{ .Tag }}`
- `ghcr.io/projectcapsule/{{ .ProjectName }}:latest`
# Generate a GitHub release with a customized changelog.
changelog:
sort: asc
use: github
filters:
exclude:
- '^test:'
- '^chore'
- '^rebase:'
- 'merge conflict'
- Merge pull request
- Merge remote-tracking branch
- Merge branch
groups:
# https://github.com/conventional-changelog/commitlint/tree/master/%40commitlint/config-conventional
- title: '🛠 Dependency updates'
regexp: '^.*?(feat|fix)\(deps\)!?:.+$'
order: 300
- title: '✨ New Features'
regexp: '^.*?feat(\([[:word:]]+\))??!?:.+$'
order: 100
- title: '🐛 Bug fixes'
regexp: '^.*?fix(\([[:word:]]+\))??!?:.+$'
order: 200
- title: '📖 Documentation updates'
regexp: ^.*?docs(\([[:word:]]+\))??!?:.+$
order: 400
- title: '🛡️ Security updates'
regexp: ^.*?(sec)(\([[:word:]]+\))??!?:.+$
order: 500
- title: '🚀 Build process updates'
regexp: ^.*?(build|ci)(\([[:word:]]+\))??!?:.+$
order: 600
- title: '📦 Other work'
order: 9999