summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMohammed Al Sahaf <msaa1990@gmail.com>2022-09-13 01:59:53 +0300
committerGitHub <noreply@github.com>2022-09-12 22:59:53 +0000
commit9fe4f93bc7afd92f9e98749006aab7f0dd45562c (patch)
tree5bb6a5d202ac4c80e15a818cebee5e089b6a0d35
parentc5df7bb6bd99b44ef0c0d70ca4988524f52730f3 (diff)
supplychain: publish signing cert, sbom, and signatures of sbom (#5027)
-rw-r--r--.goreleaser.yml8
1 files changed, 6 insertions, 2 deletions
diff --git a/.goreleaser.yml b/.goreleaser.yml
index d3de2b7..9369bc4 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -68,12 +68,16 @@ builds:
signs:
- cmd: cosign
signature: "${artifact}.sig"
- args: ["sign-blob", "--output-signature=${signature}", "--output-certificate", "${signature}.pem", "${artifact}"]
+ certificate: '{{ trimsuffix .Env.artifact ".tar.gz" }}.pem'
+ args: ["sign-blob", "--output-signature=${signature}", "--output-certificate", "${certificate}", "${artifact}"]
artifacts: all
sboms:
- artifacts: binary
+ # defaults to
+ # documents:
+ # - "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}.sbom"
cmd: syft
- args: ["$artifact", "--file", "$sbom", "--output", "cyclonedx-json"]
+ args: ["$artifact", "--file", "${document}", "--output", "cyclonedx-json"]
archives:
- format_overrides:
- goos: windows