## What is this?
Just adding documentation for using cosign with GitHub's OIDC in CI.
## Why?
I spent 4 hours looking through goreleaser and GitHub's docs before I
finally discovered I was missing the `id-token: write` permission in my
workflow file.
This PR serves to just include the `id-token: write` scope in the `CI ->
(GH) actions` section of the docs to hopefully save other devs the
trouble 🤣
### Additional
I also considered adding this to docs for the other CI providers, but I
am not too familiar on the OIDC side of things; might be worth
considering for the team?
Cheers
---
Been using goreleaser for one of my [oss
projects](https://github.com/caffeine-addictt/waku) recently and it's
been great! Just wanted to contribute something back, keep up the great
work! :>
Signed-off-by: AlexNg <contact@ngjx.org>
this makes ko run on snapshot builds, too.
the image will be `goreleaser.ko.local:[your tags]`, not sure if we can
change this, seems like we can't.
also fixed a small doc error around it, as well as added a new test to
cover this.
closes#4683
---------
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
cyclonedx and go.version-m were removed from latest ko version
https://github.com/ko-build/ko/pull/1333
---------
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
this is different from the default signs, in the sense that this will
sign the binaries even if archive mode is not set to binary.
refs https://github.com/orgs/goreleaser/discussions/4989
---------
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Adds code to expose the ipk configuration values and registers the ipk
package format with nfpm.
Updates the documentation with how to use the new ipk specific
configuration parameters.
**This isn't ready to merge, but I have some questions**
1. I copied the `TestIPKSpecificConfig()`
([code](https://github.com/goreleaser/goreleaser/compare/main...schmidtw:goreleaser:main#diff-912a4af69daf4d89537b6bea43a1b7fe65683128ea1be66d6ec77046c76d064dR1358))
from the `TestAPKSpecificConfig()` and found it only is really testing
if specific scripts are there or not. Since IPK doesn't have any
additional scripts, just fields in one file do I need this test
function? Is there a better way to validate the output?
2. I have run into issues where the tests expect `goreleaser` to be the
org & repo - is there a way to override this in my fork without changing
the code?
3. Is the `ToNFPAlts()` and `ToNFP()` living in the config.go file ok?
There wasn't much code in that file, so I figured I'd ask if you'd
rather this code be elsewhere.
---------
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>