Carlos A Becker
bac1ce288b
feat(deps): update docker image cosign version
...
Update to v1.7.2
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-13 23:59:15 -03:00
Carlos A Becker
e3a50e7b9d
docs: note goamd64 and nfpm conventional file names
...
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-13 23:44:17 -03:00
Carlos A Becker
2d6e83cf3f
fix: nfpm conventional file names with GOAMD64
...
Fixes conventional file names when using GOAMD64
refs #3016
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-13 23:38:39 -03:00
Carlos A Becker
c30339070e
fix(snap): incorrect skip due go GOAMD64
...
the valid arch check was not considering GOAMD64
refs #3016
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-13 23:12:58 -03:00
Carlos Alexandro Becker
bdef306b79
fix(ci): dont use krew fork ( #3040 )
...
* fix(ci): use setup-krew action instead of go install
also switch back to main krew as my PR was recently released.
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: use go install
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: use go install
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-13 23:00:29 -03:00
Carlos Alexandro Becker
0e149698af
fix(ci): misspell action ( #3041 )
...
the misspell action is failing, but we can run it through golangci-lint, so, just doing that now.
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-13 22:39:59 -03:00
Carlos Alexandro Becker
1c2a1b56d8
fix: nfpm lintian concurrency issue ( #3039 )
...
* fix: nfpm lintian concurrency issue
Several goroutines might touch the lintian file inside dist at the same
time, which might cause weird errors, namely `archive/tar: write too long`.
This PR fixes it by namespacing the file to the package name + arch,
so one goroutine won't touch the work of the other.
It also improves some logs and tests.
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: linter issues
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-13 22:26:58 -03:00
Carlos A Becker
53bbc6546f
fix: goamd64 should allow the only range from v1 to v4
...
It was just allowing v2 and v3 due to some misreading on my side.
This commit fixes it to allow v1, v2, v3 and v4.
refs #3016
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-13 21:30:08 -03:00
Naveen
09c622c226
feat: pin base docker image by sha ( #3038 )
...
Pinned dependencies reduce several security risks:
They ensure that checking and deployment are all done with the same software, reducing deployment risks, simplifying debugging, and enabling reproducibility.
They can help mitigate compromised dependencies from undermining the security of the project (in the case where you've evaluated
2022-04-13 15:38:11 -03:00
actions-user
11b4bf1bbc
docs: update
2022-04-13 17:43:46 +00:00
Naveen
38ea40c442
fix: set permissions for GitHub actions ( #3036 )
...
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-13 14:42:11 -03:00
dependabot[bot]
4ab2fbfa22
feat(deps): bump golang from 1.18-alpine to 1.18.1-alpine ( #3035 )
...
Bumps golang from 1.18-alpine to 1.18.1-alpine.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-13 09:38:07 -03:00
dependabot[bot]
b0d00f2cff
chore(deps): bump stefanzweifel/git-auto-commit-action ( #3034 )
...
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action ) from 4.14.0 to 4.14.1.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases )
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md )
- [Commits](c4b132ec2c...49620cd3ed
2022-04-13 09:37:34 -03:00
dependabot[bot]
ada44d87af
feat(deps): bump github.com/xanzy/go-gitlab from 0.62.0 to 0.63.0 ( #3033 )
...
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.62.0 to 0.63.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases )
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.62.0...v0.63.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-12 09:11:14 -03:00
Carlos Alexandro Becker
ce9058ac8c
refactor: use context on git exec calls ( #3032 )
2022-04-12 08:35:19 -03:00
Carlos A Becker
9fc502c18a
chore: update jsonschema
2022-04-12 01:09:20 -03:00
Carlos A Becker
700c8a682f
fix: nfpm id filter
2022-04-12 01:08:49 -03:00
Carlos A Becker
9dfade2558
fix: nfpm default build ids to empty
2022-04-11 23:59:52 -03:00
Carlos A Becker
cd7edb7a2e
chore: fix typo
2022-04-11 23:58:39 -03:00
Carlos A Becker
9c773d6d6b
fix: remove some deprecated brew todos
2022-04-11 23:58:18 -03:00
Carlos A Becker
de825aab35
fix: remove deprecated todo
2022-04-11 23:57:17 -03:00
Carlos Alexandro Becker
6c9a97f2af
docs: remove analytics ( #3017 )
...
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-11 22:44:04 -03:00
Carlos Alexandro Becker
b0583c700b
feat: support GOAMD64 ( #3016 )
...
* feat: support GOAMD64
* fix: test
* wip
* wip: docker et al
* fix: archive format name
* test: added new test
* feat: nfpm amd4, mips et al
* chore: rm unused file
* fix: brew for multiple goamd64
* fix: krew
* feat: aur
* feat: krew
* docs: brew
* feat: gofis
* feat: scoop
* fix: docker filters
* fix: snapcraft
* fix: improve diff a bit
* fix: snapcraft name template
2022-04-11 22:43:22 -03:00
Carlos Alexandro Becker
acfffe1c98
refactor: improve scoop tests ( #3031 )
...
* refactor: improve scoop tests
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: improve diff a bit
2022-04-11 20:19:58 -03:00
Carlos A Becker
7082217206
fix: improve github cli log
2022-04-11 09:47:14 -03:00
Carlos A Becker
e60965ecd3
docs: update actions doc
2022-04-11 09:35:03 -03:00
dependabot[bot]
0edd69a47e
chore(deps): bump github/codeql-action from 2.1.7 to 2.1.8 ( #3029 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.7 to 2.1.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0182a2c78c...1ed1437484
2022-04-11 08:39:43 -03:00
Carlos Alexandro Becker
02595554de
fix: use universal binary id ( #3028 )
...
Ensure the new ID is set, and add a test to prevent the bug from
happening again.
closes #3027
2022-04-08 21:15:07 -03:00
Carlos A Becker
610a99f6c1
fix: downgrade gocloud.dev
...
v0.25.0 breaks the build on darwin.
reverts #3018
refs https://github.com/google/go-cloud/issues/3114
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-08 13:32:55 -03:00
dependabot[bot]
c50dbc5bd5
feat(deps): bump github.com/charmbracelet/keygen from 0.2.1 to 0.3.0 ( #3024 )
...
* feat(deps): bump github.com/charmbracelet/keygen from 0.2.1 to 0.3.0
Bumps [github.com/charmbracelet/keygen](https://github.com/charmbracelet/keygen ) from 0.2.1 to 0.3.0.
- [Release notes](https://github.com/charmbracelet/keygen/releases )
- [Commits](https://github.com/charmbracelet/keygen/compare/v0.2.1...v0.3.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/keygen
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix: dep update
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-08 13:30:11 -03:00
dependabot[bot]
dd0de9db07
chore(deps): bump anchore/sbom-action from 0.9.0 to 0.10.0 ( #3026 )
...
* chore(deps): bump anchore/sbom-action from 0.9.0 to 0.10.0
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.9.0 to 0.10.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](f6c3d0fe42...407a3ec314
2022-04-08 12:18:20 -03:00
dependabot[bot]
07ebdfd05e
chore(deps): bump github/codeql-action from 2.1.6 to 2.1.7 ( #3021 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.6 to 2.1.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](28eead2408...0182a2c78c
2022-04-06 09:41:08 -03:00
dependabot[bot]
796c4f209e
chore(deps): bump codecov/codecov-action from 2.1.0 to 3 ( #3022 )
...
* chore(deps): bump codecov/codecov-action from 2.1.0 to 3
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](f32b3a3741...e3c560433a
2022-04-06 09:40:50 -03:00
dependabot[bot]
cb11951dcc
feat(deps): bump github.com/xanzy/go-gitlab from 0.61.0 to 0.62.0 ( #3025 )
...
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.61.0 to 0.62.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases )
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.61.0...v0.62.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-06 09:40:19 -03:00
dependabot[bot]
0402dd371a
chore(deps): bump anchore/sbom-action from 0.8.0 to 0.9.0 ( #3023 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](2ad7824629...f6c3d0fe42
2022-04-06 09:40:06 -03:00
dependabot[bot]
33b255c07f
feat(deps): bump github.com/xanzy/go-gitlab from 0.60.0 to 0.61.0 ( #3019 )
...
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.60.0 to 0.61.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases )
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.60.0...v0.61.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-04 09:18:58 -03:00
dependabot[bot]
995014ce54
feat(deps): bump gocloud.dev from 0.24.0 to 0.25.0 ( #3018 )
...
Bumps [gocloud.dev](https://github.com/google/go-cloud ) from 0.24.0 to 0.25.0.
- [Release notes](https://github.com/google/go-cloud/releases )
- [Commits](https://github.com/google/go-cloud/compare/v0.24.0...v0.25.0 )
---
updated-dependencies:
- dependency-name: gocloud.dev
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-04 09:10:39 -03:00
Carlos Alexandro Becker
37f0f37bc0
feat: tmpl snap fields ( #3003 )
...
* feat: tmpl snap fields
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* added tests
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: broken test
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-02 22:58:33 -03:00
Carlos Alexandro Becker
3df29b67ab
feat: deprecate gofish ( #2999 )
...
* feat: deprecate gofish
gofish was deprecated by its authors, this deprecates it here too
refs https://github.com/goreleaser/goreleaser/discussions/2998
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: do not publish rig anymore
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: remove install
* chore: deprecate
* fix(gofish): fix broke logs
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-02 10:41:05 -03:00
Carlos Alexandro Becker
c4a2148e3b
fix: sign before brew et al ( #3012 )
...
Signing might change a file (e.g. gon), so, if sign after we built the
brew tap, the checksums won't match.
Moving this around a bit should have no negative side-effects (that I'm
aware of, that is), and should fix that issue.
closes #3010
2022-04-01 16:04:47 -03:00
dependabot[bot]
71eb7a541a
chore(deps): bump github/codeql-action from 1.1.5 to 2.1.6 ( #3013 )
...
* chore(deps): bump github/codeql-action from 1.1.5 to 2.1.6
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.5 to 2.1.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8834766498...28eead2408
2022-03-31 09:05:51 -03:00
actions-user
78da3ea7d0
docs: update
2022-03-30 12:44:38 +00:00
fredbi
905a1640f1
feat(announce): added Slack notification options ( #2988 )
...
* feat(announce): added Slack notification options
This feature adds support for specifying a richer content in Slack
announcements. We may now specify "blocks" and "attachments" to produce
better-looking announcement messages.
* fixes #2986
The goreleaser configuration only exposes the top-level structures and does not
check the validity of the Slack API internal structures. This way, we do
not inject hard dependencies on changes in the Slack API.
Notice: untyped config parsing introduces a little hack to have yaml and
JSON marshaling work together properly. This hack won't be necessary
with yaml.v3.
How this has been tested?
-------------------------
* Added unit tests for the config parsing
* Added a (skipped) e2e test.
For now, this requires a valid Slack webhook, so I've been able to test this manually.
Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
* added more unit tests
Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
* removed yaml.v2 hack
Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
2022-03-30 09:42:59 -03:00
fredbi
8d6ef40020
feat(yaml): upgraded from yaml.v2 to yaml.v3 ( #3004 )
...
* chore(yaml): upgraded from yaml.v2 to yaml.v3
* provided internal package to take care of backward
compatible settings:
* UnmarshalStrict method
* mute io.EOF unmarshaling errors
* marshal indenting with 2 chars
* adapted unit tests to new yaml v3
Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
* fixed failing tests
Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
2022-03-29 14:00:53 -03:00
dependabot[bot]
dd26ed4d79
chore(deps): bump arduino/setup-task from 1.0.0 to 1.0.1 ( #3008 )
...
Bumps [arduino/setup-task](https://github.com/arduino/setup-task ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/arduino/setup-task/releases )
- [Commits](accf38bba9...ca745e1891
2022-03-28 09:36:15 -03:00
dependabot[bot]
3253ed548b
feat(deps): bump github.com/goreleaser/nfpm/v2 from 2.15.0 to 2.15.1 ( #3009 )
...
Bumps [github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm ) from 2.15.0 to 2.15.1.
- [Release notes](https://github.com/goreleaser/nfpm/releases )
- [Changelog](https://github.com/goreleaser/nfpm/blob/main/.goreleaser.yml )
- [Commits](https://github.com/goreleaser/nfpm/compare/v2.15.0...v2.15.1 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/nfpm/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-28 09:30:23 -03:00
Alex
1c47d88009
docs: fix typo in gitlab page ( #3006 )
...
Just a simple spelling fix
2022-03-27 22:15:24 -03:00
dependabot[bot]
0e6e549e1c
feat(deps): bump github.com/xanzy/go-gitlab from 0.59.0 to 0.60.0 ( #2996 )
...
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.59.0 to 0.60.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases )
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.59.0...v0.60.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-22 19:52:34 -03:00
dependabot[bot]
74f48c3a96
chore(deps): bump anchore/sbom-action from 0.7.0 to 0.8.0 ( #3001 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](ce4a7cf05d...2ad7824629
2022-03-22 19:52:17 -03:00
dependabot[bot]
1c3bc7fe8d
chore(deps): bump stefanzweifel/git-auto-commit-action ( #2995 )
2022-03-22 09:14:35 -03:00
