2022-04-29 13:11:04 +02:00
|
|
|
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
|
|
|
|
if test "$DISTRIBUTION" = "pro"; then
|
|
|
|
echo "Using Pro distribution..."
|
|
|
|
RELEASES_URL="https://github.com/goreleaser/goreleaser-pro/releases"
|
|
|
|
FILE_BASENAME="goreleaser-pro"
|
2022-12-29 19:55:45 +02:00
|
|
|
LATEST="$(curl -sf https://goreleaser.com/static/latest-pro)"
|
2022-04-29 13:11:04 +02:00
|
|
|
else
|
|
|
|
echo "Using the OSS distribution..."
|
|
|
|
RELEASES_URL="https://github.com/goreleaser/goreleaser/releases"
|
|
|
|
FILE_BASENAME="goreleaser"
|
2022-12-29 19:55:45 +02:00
|
|
|
LATEST="$(curl -sf https://goreleaser.com/static/latest)"
|
2022-04-29 13:11:04 +02:00
|
|
|
fi
|
|
|
|
|
2022-12-29 19:55:45 +02:00
|
|
|
test -z "$VERSION" && VERSION="$LATEST"
|
2022-04-29 13:11:04 +02:00
|
|
|
|
|
|
|
test -z "$VERSION" && {
|
|
|
|
echo "Unable to get goreleaser version." >&2
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
|
|
|
|
test -z "$TMPDIR" && TMPDIR="$(mktemp -d)"
|
|
|
|
export TAR_FILE="$TMPDIR/${FILE_BASENAME}_$(uname -s)_$(uname -m).tar.gz"
|
|
|
|
|
|
|
|
(
|
|
|
|
cd "$TMPDIR"
|
|
|
|
echo "Downloading GoReleaser $VERSION..."
|
|
|
|
curl -sfLo "$TAR_FILE" \
|
|
|
|
"$RELEASES_URL/download/$VERSION/${FILE_BASENAME}_$(uname -s)_$(uname -m).tar.gz"
|
|
|
|
curl -sfLo "checksums.txt" "$RELEASES_URL/download/$VERSION/checksums.txt"
|
|
|
|
echo "Verifying checksums..."
|
|
|
|
sha256sum --ignore-missing --quiet --check checksums.txt
|
|
|
|
if command -v cosign >/dev/null 2>&1; then
|
|
|
|
echo "Verifying signatures..."
|
2023-03-02 20:11:43 +02:00
|
|
|
cosign verify-blob \
|
2023-04-06 19:16:16 +02:00
|
|
|
--certificate-identity-regexp "https://github.com/goreleaser/goreleaser.*/.github/workflows/.*.yml@refs/tags/$VERSION" \
|
|
|
|
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
|
|
|
|
--cert "$RELEASES_URL/download/$VERSION/checksums.txt.pem" \
|
|
|
|
--signature "$RELEASES_URL/download/$VERSION/checksums.txt.sig" \
|
2022-04-29 13:11:04 +02:00
|
|
|
checksums.txt
|
|
|
|
else
|
|
|
|
echo "Could not verify signatures, cosign is not installed."
|
|
|
|
fi
|
|
|
|
)
|
|
|
|
|
|
|
|
tar -xf "$TAR_FILE" -C "$TMPDIR"
|
|
|
|
"${TMPDIR}/goreleaser" "$@"
|
|
|
|
|