58 lines
1.4 KiB
YAML
58 lines
1.4 KiB
YAML
project_name: source-controller
|
|
|
|
builds:
|
|
- skip: true
|
|
|
|
release:
|
|
extra_files:
|
|
- glob: config/release/*.yaml
|
|
prerelease: "auto"
|
|
header: |
|
|
## Changelog
|
|
|
|
[{{.Tag}} changelog](https://github.com/fluxcd/{{.ProjectName}}/blob/{{.Tag}}/CHANGELOG.md)
|
|
footer: |
|
|
## Container images
|
|
|
|
- `docker.io/fluxcd/{{.ProjectName}}:{{.Tag}}`
|
|
- `ghcr.io/fluxcd/{{.ProjectName}}:{{.Tag}}`
|
|
|
|
Supported architectures: `linux/amd64`, `linux/arm64` and `linux/arm/v7`.
|
|
|
|
The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC.
|
|
To verify the images and their provenance (SLSA level 3), please see the [security documentation](https://fluxcd.io/flux/security/).
|
|
|
|
changelog:
|
|
disable: true
|
|
|
|
checksum:
|
|
extra_files:
|
|
- glob: config/release/*.yaml
|
|
|
|
source:
|
|
enabled: true
|
|
name_template: "{{ .ProjectName }}_{{ .Version }}_source_code"
|
|
|
|
sboms:
|
|
- id: source
|
|
artifacts: source
|
|
documents:
|
|
- "{{ .ProjectName }}_{{ .Version }}_sbom.spdx.json"
|
|
|
|
# signs the checksum file
|
|
# all files (including the sboms) are included in the checksum
|
|
# https://goreleaser.com/customization/sign
|
|
signs:
|
|
- cmd: cosign
|
|
env:
|
|
- COSIGN_EXPERIMENTAL=1
|
|
certificate: "${artifact}.pem"
|
|
args:
|
|
- sign-blob
|
|
- "--yes"
|
|
- "--output-certificate=${certificate}"
|
|
- "--output-signature=${signature}"
|
|
- "${artifact}"
|
|
artifacts: checksum
|
|
output: true
|