serv/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-26 13:43:47 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

supplychain: publish signing cert, sbom, and signatures of sbom (#5027)

Browse source
This commit is contained in:
Mohammed Al Sahaf 2022-09-13 01:59:53 +03:00 committed by GitHub
parent c5df7bb6bd
commit 9fe4f93bc7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.goreleaser.yml
View file

@ -68,12 +68,16 @@ builds:
signs: signs:
- cmd: cosign - cmd: cosign
signature: "${artifact}.sig" signature: "${artifact}.sig"
args: ["sign-blob", "--output-signature=${signature}", "--output-certificate", "${signature}.pem", "${artifact}"] certificate: '{{ trimsuffix .Env.artifact ".tar.gz" }}.pem'
args: ["sign-blob", "--output-signature=${signature}", "--output-certificate", "${certificate}", "${artifact}"]
artifacts: all artifacts: all
sboms: sboms:
- artifacts: binary - artifacts: binary
# defaults to
# documents:
# - "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}.sbom"
cmd: syft cmd: syft
args: ["$artifact", "--file", "$sbom", "--output", "cyclonedx-json"] args: ["$artifact", "--file", "${document}", "--output", "cyclonedx-json"]
archives: archives:
- format_overrides: - format_overrides:
- goos: windows - goos: windows