diff --git a/.drone.yml b/.drone.yml index 932bc8e..c156fed 100644 --- a/.drone.yml +++ b/.drone.yml @@ -30,6 +30,7 @@ steps: - name: build image: goreleaser/goreleaser commands: + - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin v0.64.0 - goreleaser build --snapshot when: event: @@ -59,6 +60,7 @@ steps: GPG_PRIVATE_KEY_BASE64: from_secret: GPG_PRIVATE_KEY_BASE64 commands: + - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin v0.64.0 - apk add gpg-agent - gpg-agent --daemon --default-cache-ttl 7200 - echo $GPG_PRIVATE_KEY_BASE64 | base64 -d | gpg --import --batch --no-tty diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e8634e3..c3dcdcd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,26 +18,25 @@ jobs: goreleaser: runs-on: ubuntu-latest steps: - - - name: Checkout + - name: Checkout uses: actions/checkout@v3 - - - name: Unshallow + - name: Unshallow run: git fetch --prune --unshallow - - - name: Set up Go + - name: Set up Go uses: actions/setup-go@v3 with: go-version: 1.18 - - - name: Import GPG key + - name: Import GPG key id: import_gpg uses: crazy-max/ghaction-import-gpg@v5.2.0 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.PASSPHRASE }} - - - name: Run GoReleaser + - name: setup-syft + run: | + curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | \ + sh -s -- -b /usr/local/bin v0.64.0 + - name: Run GoReleaser uses: goreleaser/goreleaser-action@v4.1.0 with: version: latest diff --git a/.goreleaser.yml b/.goreleaser.yml index 44d007b..7a82dfd 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -41,6 +41,8 @@ checksum: name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json' name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS' algorithm: sha256 +sboms: + - artifacts: archive signs: - artifacts: checksum args: