Skip to content

Commit ebe9ddf

Browse files
caarlos0caarlos0
committed
chore(ci): publish sboms
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
1 parent 78b0a49 commit ebe9ddf

File tree

2 files changed

+31
-86
lines changed

2 files changed

+31
-86
lines changed

.github/workflows/build.yml

Lines changed: 29 additions & 84 deletions
Original file line numberDiff line numberDiff line change
@@ -16,43 +16,27 @@ jobs:
1616
os: [ ubuntu-latest, macos-latest, windows-latest ]
1717
runs-on: ${{ matrix.os }}
1818
steps:
19-
-
20-
name: Checkout
21-
uses: actions/checkout@v2
19+
- uses: actions/checkout@v2
2220
with:
2321
fetch-depth: 0
24-
-
25-
name: Set up Go
26-
uses: actions/setup-go@v2
22+
- uses: actions/setup-go@v2
2723
with:
2824
go-version: ${{ matrix.go-version }}
29-
-
30-
name: Set up Task
31-
uses: arduino/setup-task@v1
25+
- uses: arduino/setup-task@v1
3226
with:
3327
repo-token: ${{ secrets.GITHUB_TOKEN }}
34-
-
35-
name: Cache Go modules
36-
uses: actions/cache@v2
28+
- uses: actions/cache@v2
3729
with:
3830
path: |
3931
~/go/pkg/mod
4032
~/.cache/go-build
4133
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
4234
restore-keys: |
4335
${{ runner.os }}-go-
44-
-
45-
name: Setup
46-
run: task setup
47-
-
48-
name: Unit Tests
49-
run: task test
50-
-
51-
name: Diff
52-
run: git diff
53-
-
54-
name: Upload coverage
55-
uses: codecov/codecov-action@v2
36+
- run: task setup
37+
- run: task test
38+
- run: git diff
39+
- uses: codecov/codecov-action@v2
5640
if: matrix.os == 'ubuntu-latest'
5741
with:
5842
token: ${{ secrets.CODECOV_TOKEN }}
@@ -68,43 +52,27 @@ jobs:
6852
DOCKER_CLI_EXPERIMENTAL: "enabled"
6953
NO_TEST_PPC64LE: "true"
7054
steps:
71-
-
72-
name: Checkout
73-
uses: actions/checkout@v2
55+
- uses: actions/checkout@v2
7456
with:
7557
fetch-depth: 0
76-
-
77-
name: Set up Go
78-
uses: actions/setup-go@v2
58+
- uses: actions/setup-go@v2
7959
with:
8060
go-version: ${{ matrix.go-version }}
81-
-
82-
name: Set up Task
83-
uses: arduino/setup-task@v1
61+
- uses: arduino/setup-task@v1
8462
with:
8563
repo-token: ${{ secrets.GITHUB_TOKEN }}
86-
-
87-
name: Cache Go modules
88-
uses: actions/cache@v2
64+
- uses: actions/cache@v2
8965
with:
9066
path: |
9167
~/go/pkg/mod
9268
~/.cache/go-build
9369
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
9470
restore-keys: |
9571
${{ runner.os }}-go-
96-
-
97-
name: Set up QEMU
98-
uses: docker/setup-qemu-action@v1
99-
-
100-
name: Set up Docker Buildx
101-
uses: docker/setup-buildx-action@v1
102-
-
103-
name: Setup
104-
run: task setup
105-
-
106-
name: Acceptance
107-
run: TEST_PATTERN=/${{ matrix.pkgFormat }}/${{ matrix.pkgPlatform }}/ task acceptance
72+
- uses: docker/setup-qemu-action@v1
73+
- uses: docker/setup-buildx-action@v1
74+
- run: task setup
75+
- run: TEST_PATTERN=/${{ matrix.pkgFormat }}/${{ matrix.pkgPlatform }}/ task acceptance
10876
goreleaser:
10977
strategy:
11078
matrix:
@@ -119,64 +87,41 @@ jobs:
11987
id-token: write
12088
packages: write
12189
steps:
122-
-
123-
name: Checkout
124-
uses: actions/checkout@v2
90+
- uses: actions/checkout@v2
12591
with:
12692
fetch-depth: 0
127-
-
128-
name: Set up Go
129-
uses: actions/setup-go@v2
93+
- uses: actions/setup-go@v2
13094
with:
13195
go-version: ${{ matrix.go-version }}
132-
-
133-
name: Set up Task
134-
uses: arduino/setup-task@v1
96+
- uses: arduino/setup-task@v1
13597
with:
13698
repo-token: ${{ secrets.GITHUB_TOKEN }}
137-
-
138-
name: Cache Go modules
139-
uses: actions/cache@v2
99+
- uses: actions/cache@v2
140100
with:
141101
path: |
142102
~/go/pkg/mod
143103
~/.cache/go-build
144104
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
145105
restore-keys: |
146106
${{ runner.os }}-go-
147-
-
148-
name: Setup Sigstore
149-
uses: sigstore/cosign-installer@v1.4.1
150-
-
151-
name: Set up QEMU
152-
uses: docker/setup-qemu-action@v1
153-
-
154-
name: Set up Docker Buildx
155-
uses: docker/setup-buildx-action@v1
156-
-
157-
name: Setup
158-
run: task setup
159-
-
160-
name: Build
161-
run: task build
162-
-
163-
name: Login to Docker Hub
107+
- uses: sigstore/cosign-installer@v1.4.1
108+
- uses: anchore/sbom-action/download-syft@v0.6.0
109+
- uses: docker/setup-qemu-action@v1
110+
- uses: docker/setup-buildx-action@v1
111+
- run: task setup
112+
- run: task build
113+
- uses: docker/login-action@v1
164114
if: startsWith(github.ref, 'refs/tags/v')
165-
uses: docker/login-action@v1
166115
with:
167116
username: ${{ secrets.DOCKER_USERNAME }}
168117
password: ${{ secrets.DOCKER_PASSWORD }}
169-
-
170-
name: Login to GitHub Container Registry
118+
- uses: docker/login-action@v1
171119
if: startsWith(github.ref, 'refs/tags/v')
172-
uses: docker/login-action@v1
173120
with:
174121
registry: ghcr.io
175122
username: ${{ github.repository_owner }}
176123
password: ${{ secrets.GITHUB_TOKEN }}
177-
-
178-
name: Run GoReleaser
179-
uses: goreleaser/goreleaser-action@v2
124+
- uses: goreleaser/goreleaser-action@v2
180125
if: success()
181126
with:
182127
version: latest

.goreleaser.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -142,6 +142,8 @@ nfpms:
142142
furies:
143143
- account: goreleaser
144144

145+
sboms:
146+
- artifacts: archive
145147
signs:
146148
- cmd: cosign
147149
env:
@@ -151,7 +153,6 @@ signs:
151153
artifacts: checksum
152154
args:
153155
- sign-blob
154-
- '--oidc-issuer={{if index .Env "CI"}}https://token.actions.githubusercontent.com{{else}}https://oauth2.sigstore.dev/auth{{end}}'
155156
- '--output-certificate=${certificate}'
156157
- '--output-signature=${signature}'
157158
- '${artifact}'
@@ -163,7 +164,6 @@ docker_signs:
163164
output: true
164165
args:
165166
- 'sign'
166-
- '--oidc-issuer={{if index .Env "CI"}}https://token.actions.githubusercontent.com{{else}}https://oauth2.sigstore.dev/auth{{end}}'
167167
- '${artifact}'
168168

169169
changelog:

0 commit comments

Comments
 (0)