2021-08-24 11:22:09 -03:00
|
|
|
package sign
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
|
|
|
|
|
"github.com/goreleaser/goreleaser/internal/artifact"
|
|
|
|
|
"github.com/goreleaser/goreleaser/internal/ids"
|
|
|
|
|
"github.com/goreleaser/goreleaser/internal/pipe"
|
|
|
|
|
"github.com/goreleaser/goreleaser/internal/semerrgroup"
|
2023-09-16 17:01:20 -03:00
|
|
|
"github.com/goreleaser/goreleaser/internal/skips"
|
2021-08-24 11:22:09 -03:00
|
|
|
"github.com/goreleaser/goreleaser/pkg/context"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Pipe that signs docker images and manifests.
|
|
|
|
|
type DockerPipe struct{}
|
|
|
|
|
|
2021-09-18 10:21:29 -03:00
|
|
|
func (DockerPipe) String() string { return "signing docker images" }
|
|
|
|
|
|
|
|
|
|
func (DockerPipe) Skip(ctx *context.Context) bool {
|
2023-09-16 17:01:20 -03:00
|
|
|
return skips.Any(ctx, skips.Sign) || len(ctx.Config.DockerSigns) == 0
|
2021-08-24 11:22:09 -03:00
|
|
|
}
|
|
|
|
|
|
2023-03-03 09:50:15 -03:00
|
|
|
func (DockerPipe) Dependencies(ctx *context.Context) []string {
|
|
|
|
|
var cmds []string
|
|
|
|
|
for _, s := range ctx.Config.DockerSigns {
|
|
|
|
|
cmds = append(cmds, s.Cmd)
|
|
|
|
|
}
|
|
|
|
|
return cmds
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-24 11:22:09 -03:00
|
|
|
// Default sets the Pipes defaults.
|
|
|
|
|
func (DockerPipe) Default(ctx *context.Context) error {
|
|
|
|
|
ids := ids.New("docker_signs")
|
|
|
|
|
for i := range ctx.Config.DockerSigns {
|
|
|
|
|
cfg := &ctx.Config.DockerSigns[i]
|
|
|
|
|
if cfg.Cmd == "" {
|
|
|
|
|
cfg.Cmd = "cosign"
|
|
|
|
|
}
|
|
|
|
|
if len(cfg.Args) == 0 {
|
2023-03-02 15:11:43 -03:00
|
|
|
cfg.Args = []string{"sign", "--key=cosign.key", "${artifact}@${digest}", "--yes"}
|
2021-08-24 11:22:09 -03:00
|
|
|
}
|
|
|
|
|
if cfg.Artifacts == "" {
|
|
|
|
|
cfg.Artifacts = "none"
|
|
|
|
|
}
|
|
|
|
|
if cfg.ID == "" {
|
|
|
|
|
cfg.ID = "default"
|
|
|
|
|
}
|
|
|
|
|
ids.Inc(cfg.ID)
|
|
|
|
|
}
|
|
|
|
|
return ids.Validate()
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-11 14:46:30 -03:00
|
|
|
// Publish signs and pushes the docker images signatures.
|
|
|
|
|
func (DockerPipe) Publish(ctx *context.Context) error {
|
2021-08-24 11:22:09 -03:00
|
|
|
g := semerrgroup.New(ctx.Parallelism)
|
|
|
|
|
for i := range ctx.Config.DockerSigns {
|
|
|
|
|
cfg := ctx.Config.DockerSigns[i]
|
|
|
|
|
g.Go(func() error {
|
|
|
|
|
var filters []artifact.Filter
|
|
|
|
|
switch cfg.Artifacts {
|
|
|
|
|
case "images":
|
|
|
|
|
filters = append(filters, artifact.ByType(artifact.DockerImage))
|
|
|
|
|
case "manifests":
|
|
|
|
|
filters = append(filters, artifact.ByType(artifact.DockerManifest))
|
|
|
|
|
case "all":
|
|
|
|
|
filters = append(filters, artifact.Or(
|
|
|
|
|
artifact.ByType(artifact.DockerImage),
|
|
|
|
|
artifact.ByType(artifact.DockerManifest),
|
|
|
|
|
))
|
2021-09-18 10:21:29 -03:00
|
|
|
case "none": // TODO(caarlos0): remove this
|
2021-08-24 11:22:09 -03:00
|
|
|
return pipe.ErrSkipSignEnabled
|
|
|
|
|
default:
|
|
|
|
|
return fmt.Errorf("invalid list of artifacts to sign: %s", cfg.Artifacts)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(cfg.IDs) > 0 {
|
|
|
|
|
filters = append(filters, artifact.ByIDs(cfg.IDs...))
|
|
|
|
|
}
|
|
|
|
|
return sign(ctx, cfg, ctx.Artifacts.Filter(artifact.And(filters...)).List())
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
return g.Wait()
|
|
|
|
|
}
|
