patdyn/terraformDummyRepo2
1
0
Fork 0
mirror of https://git.uploadfilter24.eu/lerentis/terraform-provider-gitea.git synced 2024-12-04 13:08:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

try to publish sbom with next release

Browse source
This commit is contained in:
Tobias Trabelsi 2022-12-24 18:37:41 +01:00
parent 0fe94d7dc1
commit edd03aca2f
No known key found for this signature in database
GPG key ID: FF0C2839718CAF2E
3 changed files with 13 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.drone.yml
View file

@ -30,6 +30,7 @@ steps:
- name: build - name: build
image: goreleaser/goreleaser image: goreleaser/goreleaser
commands: commands:
- curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin v0.64.0
- goreleaser build --snapshot - goreleaser build --snapshot
when: when:
event: event:
@ -59,6 +60,7 @@ steps:
GPG_PRIVATE_KEY_BASE64: GPG_PRIVATE_KEY_BASE64:
from_secret: GPG_PRIVATE_KEY_BASE64 from_secret: GPG_PRIVATE_KEY_BASE64
commands: commands:
- curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin v0.64.0
- apk add gpg-agent - apk add gpg-agent
- gpg-agent --daemon --default-cache-ttl 7200 - gpg-agent --daemon --default-cache-ttl 7200
- echo $GPG_PRIVATE_KEY_BASE64 | base64 -d | gpg --import --batch --no-tty - echo $GPG_PRIVATE_KEY_BASE64 | base64 -d | gpg --import --batch --no-tty

19
.github/workflows/release.yml vendored
View file

@ -18,26 +18,25 @@ jobs:
goreleaser: goreleaser:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- - name: Checkout
name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
- - name: Unshallow
name: Unshallow
run: git fetch --prune --unshallow run: git fetch --prune --unshallow
- - name: Set up Go
name: Set up Go
uses: actions/setup-go@v3 uses: actions/setup-go@v3
with: with:
go-version: 1.18 go-version: 1.18
- - name: Import GPG key
name: Import GPG key
id: import_gpg id: import_gpg
uses: crazy-max/ghaction-import-gpg@v5.2.0 uses: crazy-max/ghaction-import-gpg@v5.2.0
with: with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }} passphrase: ${{ secrets.PASSPHRASE }}
- - name: setup-syft
name: Run GoReleaser run: |
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | \
sh -s -- -b /usr/local/bin v0.64.0
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v4.1.0 uses: goreleaser/goreleaser-action@v4.1.0
with: with:
version: latest version: latest

2
.goreleaser.yml
View file

@ -41,6 +41,8 @@ checksum:
name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json' name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS' name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
algorithm: sha256 algorithm: sha256
sboms:
- artifacts: archive
signs: signs:
- artifacts: checksum - artifacts: checksum
args: args: