mirror of
https://github.com/goreleaser/goreleaser.git
synced 2024-12-27 01:33:39 +02:00
e4b91521d0
goreleaser currently uses `cosign` `v2.1.1`, this change switches it to `v2.4.0`. While there may be other useful updates, I'd like this update to workaround a bug which I'm experiencing: https://github.com/sigstore/cosign/issues/3614#issuecomment-2012521670, and which is solved by upgrading the `cosign` version.
29 lines
768 B
Docker
29 lines
768 B
Docker
FROM golang:1.23.0-alpine@sha256:d0b31558e6b3e4cc59f6011d79905835108c919143ebecc58f35965bf79948f4
|
|
|
|
RUN apk add --no-cache bash \
|
|
curl \
|
|
docker-cli \
|
|
docker-cli-buildx \
|
|
git \
|
|
gpg \
|
|
mercurial \
|
|
make \
|
|
openssh-client \
|
|
build-base \
|
|
tini
|
|
|
|
# install cosign
|
|
COPY --from=gcr.io/projectsigstore/cosign:v2.4.0@sha256:9d50ceb15f023eda8f58032849eedc0216236d2e2f4cfe1cdf97c00ae7798cfe /ko-app/cosign /usr/bin/cosign
|
|
|
|
# install syft
|
|
RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/v0.84.1/install.sh | sh -s -- -b /usr/local/bin
|
|
|
|
ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh"]
|
|
CMD [ "-h" ]
|
|
|
|
COPY scripts/entrypoint.sh /entrypoint.sh
|
|
RUN chmod +x /entrypoint.sh
|
|
|
|
COPY goreleaser_*.apk /tmp/
|
|
RUN apk add --no-cache --allow-untrusted /tmp/goreleaser_*.apk
|