This commit adds a `make_latest` boolean to the release configuration,
to allow signaling to GitHub if the release should be marked as latest.
Albeit being a boolean, the internal Go type is a string to allow
to distinguish an empty string (default behavior: `true`) from an
explicit `false`.
For more information around the GitHub API field, see
https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#create-a-release
I did not include the `legacy` option, to not adopt something which
appears to be scheduled for removal in the future.
In addition, I opted for `make_latest` over `latest` because the
option is only available for GitHub. Which keeps the latter key
reserved for e.g. future use of a config option which is used across
Git providers.
Fixes#4159
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
This commit adds a `make_latest` boolean to the release configuration,
to allow signaling to GitHub if the release should be marked as latest.
Albeit being a boolean, the internal Go type is a string to allow
to distinguish an empty string (default behavior: `true`) from an
explicit `false`.
For more information around the GitHub API field, see
https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#create-a-release
I did not include the `legacy` option, to not adopt something which
appears to be scheduled for removal in the future.
In addition, I opted for `make_latest` over `latest` because the
option is only available for GitHub. Which keeps the latter key
reserved for e.g. future use of a config option which is used across
Git providers.
Fixes#4159
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Bumps golang from 1.20.5-alpine to 1.20.6-alpine.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the gomod-deps group with 3 updates:
[golang.org/x/crypto](https://github.com/golang/crypto),
[golang.org/x/oauth2](https://github.com/golang/oauth2) and
[golang.org/x/tools](https://github.com/golang/tools).
Updates `golang.org/x/crypto` from 0.10.0 to 0.11.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e98487292d"><code>e984872</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="183630ada7"><code>183630a</code></a>
x509roots: generate a stable sort, for real this time</li>
<li><a
href="a9e447dde7"><code>a9e447d</code></a>
x509roots/fallback: add //go:build go1.20 to bundle.go</li>
<li><a
href="64c3993f5c"><code>64c3993</code></a>
ssh: add hmac-sha2-512</li>
<li><a
href="5fe8145aca"><code>5fe8145</code></a>
x509roots: remove list hash and generation date, change ordering</li>
<li><a
href="043e94c17a"><code>043e94c</code></a>
x509roots: fix generate script argument checking</li>
<li><a
href="0d502d7cd6"><code>0d502d7</code></a>
x509roots: use "generate" build tag</li>
<li><a
href="0ff60057bb"><code>0ff6005</code></a>
ssh/test: set a timeout and WaitDelay on sshd subcommands</li>
<li>See full diff in <a
href="https://github.com/golang/crypto/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `golang.org/x/oauth2` from 0.9.0 to 0.10.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec5679f607"><code>ec5679f</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="989acb1bfe"><code>989acb1</code></a>
all: update dependencies to their latest versions</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.9.0...v0.10.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `golang.org/x/tools` from 0.10.0 to 0.11.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a>
setting to <code>"Imports"</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>"experimentalUseInvalidMetadata"</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck":
"Imports"</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using "Run govulncheck to
verify" code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>"Imports"</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@bcmills</code></a>, <a
href="https://github.com/dle8"><code>@dle8</code></a>, <a
href="https://github.com/findleyr"><code>@findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="675bf3c243"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="ad52c1ca35"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="14ec3c023f"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="c495364167"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="87ad891fe3"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="27fd94e099"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="d362be0cdb"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="969078be46"><code>969078b</code></a>
Revert "go/analysis: add Sizes that matches gc size
computations"</li>
<li><a
href="5aa6acb96f"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="5a89a3bf26"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
<!--
Hi, thanks for contributing!
Please make sure you read our CONTRIBUTING guide.
Also, add tests and the respective documentation changes as well.
-->
<!-- If applied, this commit will... -->
As discussed in #4176, this PR adds syft to the Docker image.
<!-- Why is this change being made? -->
As mentioned in #4176, it simplifies CI when SBOM generation is needed.
<!-- # Provide links to any relevant tickets, URLs or other resources
-->
I tried to test by running `task goreleaser` in my dev environment. The
amd64 image has been built properly and syft is available:
```
docker run --rm -it --entrypoint="" goreleaser/goreleaser:v1.19.2-amd64 sh
/go # syft --version
syft 0.84.1
```
However I couldn't test other platforms since I got unrelated errors
when it tried to build the arm64 image.
<!--
Hi, thanks for contributing!
Please make sure you read our CONTRIBUTING guide.
Also, add tests and the respective documentation changes as well.
-->
<!-- If applied, this commit will... -->
This PR fixes the links to Go and Task installation pages.
<!-- Why is this change being made? -->
Official go site is now https://go.dev where the old link was
automatically redicting.
Task's website has been changed and the installation procedure is now on
its own page.
<!-- # Provide links to any relevant tickets, URLs or other resources
-->
<!--
Hi, thanks for contributing!
Please make sure you read our CONTRIBUTING guide.
Also, add tests and the respective documentation changes as well.
-->
<!-- If applied, this commit will... -->
Delete the temporary directory used for building Docker images.
<!-- Why is this change being made? -->
Leaving the temporary directory leads to wasted disk space.
<!-- # Provide links to any relevant tickets, URLs or other resources
-->
This adds missing fields:
- LicenseURL
- CopyrightURL
- Tags
As well as make several more fields templateable.
cc/ @twpayne
Co-authored-by: Tom Payne <tom.payne@flarm.com>
- nix.description, nix.path, and nix.homepage should allow templates
- nix.path was defaulting to wrong value, fixed
---------
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.7.0 to 2.8.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.0</h2>
<ul>
<li>Only set specific flags for drivers supporting them by <a
href="https://github.com/nicks"><code>@nicks</code></a> in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/241">docker/setup-buildx-action#241</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.5.0 to 0.6.0 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/242">docker/setup-buildx-action#242</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.7.0...v2.8.0">https://github.com/docker/setup-buildx-action/compare/v2.7.0...v2.8.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="16c0bc4a6e"><code>16c0bc4</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/242">#242</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="ebcacb9c21"><code>ebcacb9</code></a>
update generated content</li>
<li><a
href="496a823b8b"><code>496a823</code></a>
Bump <code>@docker/actions-toolkit</code> from 0.5.0 to 0.6.0</li>
<li><a
href="a56031a493"><code>a56031a</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/241">#241</a>
from nicks/nicks/driver</li>
<li><a
href="922550f064"><code>922550f</code></a>
context: only append flags if we know the driver supports them</li>
<li>See full diff in <a
href="ecf95283f0...16c0bc4a6e">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 3.1.0 to 3.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>default cosign to v2.1.1 by <a
href="https://github.com/cpanato"><code>@cpanato</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/137">sigstore/cosign-installer#137</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1">https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6e04d228eb"><code>6e04d22</code></a>
default cosign to v2.1.1 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/137">#137</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/muesli/termenv](https://github.com/muesli/termenv)
from 0.15.1 to 0.15.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/muesli/termenv/releases">github.com/muesli/termenv's
releases</a>.</em></p>
<blockquote>
<h2>v0.15.2</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps): bump actions/setup-go from 3 to 4 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/126">muesli/termenv#126</a></li>
<li>build(deps): bump github.com/mattn/go-isatty from 0.0.17 to 0.0.18
by <a href="https://github.com/dependabot"><code>@dependabot</code></a>
in <a
href="https://redirect.github.com/muesli/termenv/pull/128">muesli/termenv#128</a></li>
<li>fix: Cloud Shell supports RGB colors by <a
href="https://github.com/muesli"><code>@muesli</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/127">muesli/termenv#127</a></li>
<li>build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/129">muesli/termenv#129</a></li>
<li>fix: wezterm is truecolor by <a
href="https://github.com/caarlos0"><code>@caarlos0</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/139">muesli/termenv#139</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/muesli/termenv/compare/v0.15.1...v0.15.2">https://github.com/muesli/termenv/compare/v0.15.1...v0.15.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="51d72d34e2"><code>51d72d3</code></a>
fix: wezterm is truecolor (<a
href="https://redirect.github.com/muesli/termenv/issues/139">#139</a>)</li>
<li><a
href="b57cbb1109"><code>b57cbb1</code></a>
fix: lint</li>
<li><a
href="e02986697d"><code>e029866</code></a>
build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0</li>
<li><a
href="9b3e79975a"><code>9b3e799</code></a>
fix: Cloud Shell supports RGB colors</li>
<li><a
href="73a40463ff"><code>73a4046</code></a>
build(deps): bump github.com/mattn/go-isatty from 0.0.17 to 0.0.18</li>
<li><a
href="39f5d6e779"><code>39f5d6e</code></a>
build(deps): bump actions/setup-go from 3 to 4</li>
<li>See full diff in <a
href="https://github.com/muesli/termenv/compare/v0.15.1...v0.15.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[github.com/charmbracelet/keygen](https://github.com/charmbracelet/keygen)
from 0.4.2 to 0.4.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/charmbracelet/keygen/releases">github.com/charmbracelet/keygen's
releases</a>.</em></p>
<blockquote>
<h2>v0.4.3</h2>
<h2>Changelog</h2>
<h3>Bug fixes</h3>
<ul>
<li>85d0702110001be573050fee0d6d7003a2a81404: fix: do not recreate key
if public key don't exist (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
</ul>
<h3>Documentation updates</h3>
<ul>
<li>ae518268d3d88fba0f880e9f2521d9d3b6b70c2b: docs: update license (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
</ul>
<hr />
<p><!-- raw HTML omitted --><!-- raw HTML omitted --><!-- raw HTML
omitted --></p>
<p>Thoughts? Questions? We love hearing from you. Feel free to reach out
on <a href="https://twitter.com/charmcli">Twitter</a>, <a
href="https://mastodon.technology/@charm">The Fediverse</a>, or on <a
href="https://charm.sh/chat">Discord</a>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="85d0702110"><code>85d0702</code></a>
fix: do not recreate key if public key don't exist</li>
<li><a
href="ae518268d3"><code>ae51826</code></a>
docs: update license</li>
<li>See full diff in <a
href="https://github.com/charmbracelet/keygen/compare/v0.4.2...v0.4.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The check to skip Scoop releases when SCM ones are disabled seems to be
the only place where this is happening and in conflict to Brew releases.
These two need not be linked as users can configure the `url_template`
to point elsewhere.
---
Consider the following use case:
```
* goreleaser/my-app.yml
- builds: spec for building a Go binary for my-app
- dockers: spec for packaging my-app in a container and pushing to Artifactory & GCP
- archives: spec for zipping up my-app binary
- artifactories: spec for pushing archives of my-app to a private jfrog artifactory
- brews: spec for publishing my-app through brew on macOS with URLs from artifactory
- scoop: spec for publishing my-app through scoop on Windows with URLs from artifactory
- release: disabled SCM (e.g. GitHub) release
```
Running `goreleaser release -f goreleaser/my-app.yml` with the above
setup results in the correct artifacts (archives & containers) being
published to Artifactory, GCP, Brew, but no Scoop.
Given that Scoop's `skip_upload` cannot be templated in 1.18 and I do
not wish to have SCM releases & tags on every release, one can be rather
stuck.
