this could potentially leak environment variables.
closes GHSA-h3q2-8whx-c29h
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
the paths of the artifacts always use forward slashes, and the logic to
handle the relative path stuff inside the sbom pipe did not account for
that.
running the paths through `filepath.Clean` beforehand fixes it.
also improved yamlschema a little bit :)
closes#4289
Laying the ground work to allow skipping more pipes without adding new
flags et al.
---------
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
- log keys will be ordered as intended instead of sorted
- paths always relative to cwd
---------
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
here's an idea: `goreleaser healthcheck`
It'll check if the needed dependencies (docker, git, etc) are available
in the path... this way users can preemptively run it before releasing
or to debug issues.
What do you think?
Here's how it looks like:
<img width="1007" alt="CleanShot 2023-03-02 at 23 24 26@2x"
src="https://user-images.githubusercontent.com/245435/222615682-d9cd0733-d900-43d1-9166-23b2be589b3a.png">
---------
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
do not write fields et al, let it just roll, otherwise its too noisy,
and we might expose things we are not supposed to.
closes#3741
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
The replacements thing was always a bit weird, especially on archives.
We can solve that with templates, so, removing I'm deprecating it.
Also did the same on other places that had it the same feature.
Closes#3588
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* feat: replacing logs
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: tests et al
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* feat: update termenv/lipgloss
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* wip: output
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: pin dep
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: update
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: tests
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: tests
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: deps
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: dep
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* feat: more go 1.18
moved more workflows to go 1.18, switched some code to strings.Cut
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* revert unwanted change
