mirror of
https://github.com/goreleaser/goreleaser.git
synced 2025-03-17 20:47:50 +02:00
feat: fine grained sign (#2235)
This commit is contained in:
parent
00b76540ca
commit
7cfa2c4777
@ -81,14 +81,21 @@ func (Pipe) Run(ctx *context.Context) error {
|
||||
artifact.ByType(artifact.Checksum),
|
||||
artifact.ByType(artifact.LinuxPackage),
|
||||
))
|
||||
if len(cfg.IDs) > 0 {
|
||||
filters = append(filters, artifact.ByIDs(cfg.IDs...))
|
||||
}
|
||||
case "archive":
|
||||
filters = append(filters, artifact.ByType(artifact.UploadableArchive))
|
||||
case "binary":
|
||||
filters = append(filters, artifact.ByType(artifact.UploadableBinary))
|
||||
case "package":
|
||||
filters = append(filters, artifact.ByType(artifact.LinuxPackage))
|
||||
case "none":
|
||||
return pipe.ErrSkipSignEnabled
|
||||
default:
|
||||
return fmt.Errorf("invalid list of artifacts to sign: %s", cfg.Artifacts)
|
||||
}
|
||||
|
||||
if len(cfg.IDs) > 0 {
|
||||
filters = append(filters, artifact.ByIDs(cfg.IDs...))
|
||||
}
|
||||
return sign(ctx, cfg, ctx.Artifacts.Filter(artifact.And(filters...)).List())
|
||||
})
|
||||
}
|
||||
|
@ -136,8 +136,8 @@ func TestSignArtifacts(t *testing.T) {
|
||||
},
|
||||
},
|
||||
),
|
||||
signaturePaths: []string{"artifact1.sig", "artifact2.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "linux_amd64/artifact4.sig", "artifact5.tar.gz.sig"},
|
||||
signatureNames: []string{"artifact1.sig", "artifact2.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact4_1.0.0_linux_amd64.sig", "artifact5.tar.gz.sig"},
|
||||
signaturePaths: []string{"artifact1.sig", "artifact2.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "linux_amd64/artifact4.sig", "artifact5.tar.gz.sig", "package1.deb.sig"},
|
||||
signatureNames: []string{"artifact1.sig", "artifact2.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact4_1.0.0_linux_amd64.sig", "artifact5.tar.gz.sig", "package1.deb.sig"},
|
||||
},
|
||||
{
|
||||
desc: "sign all artifacts",
|
||||
@ -150,8 +150,50 @@ func TestSignArtifacts(t *testing.T) {
|
||||
},
|
||||
},
|
||||
),
|
||||
signaturePaths: []string{"artifact1.sig", "artifact2.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "linux_amd64/artifact4.sig", "artifact5.tar.gz.sig"},
|
||||
signatureNames: []string{"artifact1.sig", "artifact2.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact4_1.0.0_linux_amd64.sig", "artifact5.tar.gz.sig"},
|
||||
signaturePaths: []string{"artifact1.sig", "artifact2.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "linux_amd64/artifact4.sig", "artifact5.tar.gz.sig", "package1.deb.sig"},
|
||||
signatureNames: []string{"artifact1.sig", "artifact2.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact4_1.0.0_linux_amd64.sig", "artifact5.tar.gz.sig", "package1.deb.sig"},
|
||||
},
|
||||
{
|
||||
desc: "sign archives",
|
||||
ctx: context.New(
|
||||
config.Project{
|
||||
Signs: []config.Sign{
|
||||
{
|
||||
Artifacts: "archive",
|
||||
},
|
||||
},
|
||||
},
|
||||
),
|
||||
signaturePaths: []string{"artifact1.sig", "artifact2.sig"},
|
||||
signatureNames: []string{"artifact1.sig", "artifact2.sig"},
|
||||
},
|
||||
{
|
||||
desc: "sign packages",
|
||||
ctx: context.New(
|
||||
config.Project{
|
||||
Signs: []config.Sign{
|
||||
{
|
||||
Artifacts: "package",
|
||||
},
|
||||
},
|
||||
},
|
||||
),
|
||||
signaturePaths: []string{"package1.deb.sig"},
|
||||
signatureNames: []string{"package1.deb.sig"},
|
||||
},
|
||||
{
|
||||
desc: "sign binaries",
|
||||
ctx: context.New(
|
||||
config.Project{
|
||||
Signs: []config.Sign{
|
||||
{
|
||||
Artifacts: "binary",
|
||||
},
|
||||
},
|
||||
},
|
||||
),
|
||||
signaturePaths: []string{"artifact3.sig", "linux_amd64/artifact4.sig"},
|
||||
signatureNames: []string{"artifact3_1.0.0_linux_amd64.sig", "artifact4_1.0.0_linux_amd64.sig"},
|
||||
},
|
||||
{
|
||||
desc: "multiple sign configs",
|
||||
@ -195,8 +237,8 @@ func TestSignArtifacts(t *testing.T) {
|
||||
},
|
||||
},
|
||||
),
|
||||
signaturePaths: []string{"artifact1.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "artifact5.tar.gz.sig"},
|
||||
signatureNames: []string{"artifact1.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact5.tar.gz.sig"},
|
||||
signaturePaths: []string{"artifact1.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "artifact5.tar.gz.sig", "package1.deb.sig"},
|
||||
signatureNames: []string{"artifact1.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact5.tar.gz.sig", "package1.deb.sig"},
|
||||
},
|
||||
{
|
||||
desc: "sign only checksums",
|
||||
@ -263,8 +305,8 @@ func TestSignArtifacts(t *testing.T) {
|
||||
},
|
||||
},
|
||||
),
|
||||
signaturePaths: []string{"artifact1.sig", "artifact2.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "linux_amd64/artifact4.sig", "artifact5.tar.gz.sig"},
|
||||
signatureNames: []string{"artifact1.sig", "artifact2.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact4_1.0.0_linux_amd64.sig", "artifact5.tar.gz.sig"},
|
||||
signaturePaths: []string{"artifact1.sig", "artifact2.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "linux_amd64/artifact4.sig", "artifact5.tar.gz.sig", "package1.deb.sig"},
|
||||
signatureNames: []string{"artifact1.sig", "artifact2.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact4_1.0.0_linux_amd64.sig", "artifact5.tar.gz.sig", "package1.deb.sig"},
|
||||
},
|
||||
{
|
||||
desc: "sign all artifacts with template",
|
||||
@ -288,8 +330,8 @@ func TestSignArtifacts(t *testing.T) {
|
||||
},
|
||||
},
|
||||
),
|
||||
signaturePaths: []string{"artifact1.sig", "artifact2.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "linux_amd64/artifact4.sig", "artifact5.tar.gz.sig"},
|
||||
signatureNames: []string{"artifact1.sig", "artifact2.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact4_1.0.0_linux_amd64.sig", "artifact5.tar.gz.sig"},
|
||||
signaturePaths: []string{"artifact1.sig", "artifact2.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "linux_amd64/artifact4.sig", "artifact5.tar.gz.sig", "package1.deb.sig"},
|
||||
signatureNames: []string{"artifact1.sig", "artifact2.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact4_1.0.0_linux_amd64.sig", "artifact5.tar.gz.sig", "package1.deb.sig"},
|
||||
},
|
||||
{
|
||||
desc: "sign single with password from stdin",
|
||||
@ -316,8 +358,8 @@ func TestSignArtifacts(t *testing.T) {
|
||||
},
|
||||
},
|
||||
),
|
||||
signaturePaths: []string{"artifact1.sig", "artifact2.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "linux_amd64/artifact4.sig", "artifact5.tar.gz.sig"},
|
||||
signatureNames: []string{"artifact1.sig", "artifact2.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact4_1.0.0_linux_amd64.sig", "artifact5.tar.gz.sig"},
|
||||
signaturePaths: []string{"artifact1.sig", "artifact2.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "linux_amd64/artifact4.sig", "artifact5.tar.gz.sig", "package1.deb.sig"},
|
||||
signatureNames: []string{"artifact1.sig", "artifact2.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact4_1.0.0_linux_amd64.sig", "artifact5.tar.gz.sig", "package1.deb.sig"},
|
||||
user: passwordUser,
|
||||
},
|
||||
{
|
||||
@ -345,8 +387,8 @@ func TestSignArtifacts(t *testing.T) {
|
||||
},
|
||||
},
|
||||
),
|
||||
signaturePaths: []string{"artifact1.sig", "artifact2.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "linux_amd64/artifact4.sig", "artifact5.tar.gz.sig"},
|
||||
signatureNames: []string{"artifact1.sig", "artifact2.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact4_1.0.0_linux_amd64.sig", "artifact5.tar.gz.sig"},
|
||||
signaturePaths: []string{"artifact1.sig", "artifact2.sig", "artifact3.sig", "checksum.sig", "checksum2.sig", "linux_amd64/artifact4.sig", "artifact5.tar.gz.sig", "package1.deb.sig"},
|
||||
signatureNames: []string{"artifact1.sig", "artifact2.sig", "artifact3_1.0.0_linux_amd64.sig", "checksum.sig", "checksum2.sig", "artifact4_1.0.0_linux_amd64.sig", "artifact5.tar.gz.sig", "package1.deb.sig"},
|
||||
user: passwordUser,
|
||||
},
|
||||
{
|
||||
@ -390,7 +432,7 @@ func testSign(tb testing.TB, ctx *context.Context, signaturePaths []string, sign
|
||||
ctx.Config.Dist = tmpdir
|
||||
|
||||
// create some fake artifacts
|
||||
artifacts := []string{"artifact1", "artifact2", "artifact3", "checksum", "checksum2"}
|
||||
artifacts := []string{"artifact1", "artifact2", "artifact3", "checksum", "checksum2", "package1.deb"}
|
||||
require.NoError(tb, os.Mkdir(filepath.Join(tmpdir, "linux_amd64"), os.ModePerm))
|
||||
for _, f := range artifacts {
|
||||
file := filepath.Join(tmpdir, f)
|
||||
@ -447,6 +489,14 @@ func testSign(tb testing.TB, ctx *context.Context, signaturePaths []string, sign
|
||||
Path: filepath.Join(tmpdir, "artifact5.tar.gz"),
|
||||
Type: artifact.UploadableSourceArchive,
|
||||
})
|
||||
ctx.Artifacts.Add(&artifact.Artifact{
|
||||
Name: "package1.deb",
|
||||
Path: filepath.Join(tmpdir, "package1.deb"),
|
||||
Type: artifact.LinuxPackage,
|
||||
Extra: map[string]interface{}{
|
||||
"ID": "foo",
|
||||
},
|
||||
})
|
||||
|
||||
// configure the pipeline
|
||||
// make sure we are using the test keyring
|
||||
|
@ -55,10 +55,13 @@ signs:
|
||||
|
||||
# which artifacts to sign
|
||||
#
|
||||
# checksum: only checksum file(s)
|
||||
# all: all artifacts
|
||||
# none: no signing
|
||||
# checksum: only checksum file(s)
|
||||
# source: source archive
|
||||
# package: linux packages (deb, rpm, apk)
|
||||
# archive: archives from archive pipe
|
||||
# binary: binaries if archiving format is set to binary
|
||||
#
|
||||
# defaults to `none`
|
||||
artifacts: all
|
||||
|
Loading…
x
Reference in New Issue
Block a user