-
Notifications
You must be signed in to change notification settings - Fork 45
/
.goreleaser.yml
113 lines (103 loc) · 3.44 KB
/
.goreleaser.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# Goreleaser configuration for the nats-io/nsc tool.
#
# Note that while we use Goreleaser-Pro for official builds, this file should
# avoid using Pro features if possible, to make it as easy as possible for
# others to reproduce the builds and verify they match.
#
# It is an explicit goal to have reproducible builds.
project_name: nsc
version: 2
release:
github:
owner: nats-io
name: nsc
name_template: '{{.Tag}}'
draft: true
builds:
- id: nsc
goos:
- darwin
- linux
- windows
- freebsd
goarch:
- amd64
- arm64
- arm
- 386
goarm:
- 6
- 7
ignore:
- goos: windows
goarch: arm64
- goos: windows
goarch: arm
- goos: windows
goarch: 386
- goos: darwin
goarch: 386
- goos: freebsd
goarch: arm
- goos: freebsd
goarch: arm64
- goos: freebsd
goarch: 386
binary: nsc
main: .
env:
- CGO_ENABLED=0
# reproducible builds:
mod_timestamp: "{{ .CommitTimestamp }}"
flags:
- "-trimpath"
# ldflags: Default is `-s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}} -X main.builtBy=goreleaser`.
# We switch the .Date to .CommitDate per advice at bottom of <https://goreleaser.com/customization/build/> re reproducibility.
ldflags:
- "-s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser"
dist: build
archives:
- id: "nsc.zip"
wrap_in_directory: false
# documented default (2022-04-20):
# '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
name_template: '{{ .ProjectName }}-{{ .Os }}-{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
format: zip
files:
- none*
checksum:
name_template: 'SHA256SUMS-{{ .ProjectName }}.txt'
snapshot:
version_template: 'dev'
signs:
- id: cosign
cmd: "./release/sign-cosign"
args: ["${artifact}", "${signature}"]
signature: "${artifact}.cosign.sig"
artifacts: checksum
# We pass COSIGN_PASSWORD from GH secret through env, and cosign(1) picks up
# that automatically, so we don't need to pass the password on stdin.
# Disabled pending Ubuntu 22.04:
# - id: ssh
# cmd: "./release/sign-ssh"
# args: ["${artifact}", "${signature}"]
# signature: "${artifact}.ssh.sig"
# artifacts: checksum
brews:
- name: nsc
directory: Formula
repository:
owner: nats-io
name: homebrew-nats-tools
token: "{{ .Env.GITHUB_APP_TOKEN }}"
url_template: 'https://github.com/nats-io/nsc/releases/download/{{ .Tag }}/nsc-{{ .Os }}-{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}.zip'
homepage: "https://github.com/nats-io/nsc"
description: "A tool for creating NATS account and user access configurations"
license: "Apache-2.0"
# Cross-repo upload currently requires that $GITHUB_ACTION be a PAT which has some undesirable security characteristics.
# We are instead registering this as a build artifact, so that the file is available for a manual PR of nsc.rb in the tap.
skip_upload: false
test: |
system "#{bin}/nsc --version"
install: |
bin.install "nsc"