1
0
mirror of https://github.com/securego/gosec.git synced 2024-12-28 21:08:22 +02:00
gosec/.goreleaser.yml
Cosmin Cojocar 26f10e0a7a
Extend the release action to sign the docker image and binary files with cosign (#781)
* Extend the release action to sign the docker image and binary files with cosign

* Fix lint warnings

* Fix the ling warnings

* Fix the lint warnings
2022-02-22 21:33:42 +01:00

31 lines
552 B
YAML

---
project_name: gosec
release:
extra_files:
- glob: ./bom.json
github:
owner: securego
name: gosec
builds:
- main: ./cmd/gosec/
binary: gosec
goos:
- darwin
- linux
- windows
goarch:
- amd64
- arm64
ldflags: -X main.Version={{.Version}} -X main.GitTag={{.Tag}} -X main.BuildDate={{.Date}}
env:
- CGO_ENABLED=0
signs:
- cmd: cosign
stdin: '{{ .Env.COSIGN_PASSWORD}}'
args: ["sign-blob", "--key=/tmp/cosign.key", "--output=${signature}", "${artifact}"]
artifacts: all