before:
  hooks:
    # The build is done in this particular way to build Caddy in a designated directory named in .gitignore.
    # This is so we can run goreleaser on tag without Git complaining of being dirty. The main.go in cmd/caddy directory 
    # cannot be built within that directory due to changes necessary for the build causing Git to be dirty, which
    # subsequently causes gorleaser to refuse running.
    - rm -rf caddy-build caddy-dist vendor
    # vendor Caddy deps
    - go mod vendor
    - mkdir -p caddy-build
    - cp cmd/caddy/main.go caddy-build/main.go
    - /bin/sh -c 'cd ./caddy-build && go mod init caddy'
    # GoReleaser doesn't seem to offer {{.Tag}} at this stage, so we have to embed it into the env
    # so we run: TAG=$(git describe --abbrev=0) goreleaser release --rm-dist --skip-publish --skip-validate
    - go mod edit -require=github.com/caddyserver/caddy/v2@{{.Env.TAG}} ./caddy-build/go.mod
    # as of Go 1.16, `go` commands no longer automatically change go.{mod,sum}. We now have to explicitly
    # run `go mod tidy`. The `/bin/sh -c '...'` is because goreleaser can't find cd in PATH without shell invocation.
    - /bin/sh -c 'cd ./caddy-build && go mod tidy'
    # vendor the deps of the prepared to-build module
    - /bin/sh -c 'cd ./caddy-build && go mod vendor'
    - git clone --depth 1 https://github.com/caddyserver/dist caddy-dist
    - mkdir -p caddy-dist/man
    - go mod download
    - go run cmd/caddy/main.go manpage --directory ./caddy-dist/man
    - gzip -r ./caddy-dist/man/
    - /bin/sh -c 'go run cmd/caddy/main.go completion bash > ./caddy-dist/scripts/bash-completion'

builds:
- env:
  - CGO_ENABLED=0
  - GO111MODULE=on
  main: main.go
  dir: ./caddy-build
  binary: caddy
  goos:
  - darwin
  - linux
  - windows
  - freebsd
  goarch:
  - amd64
  - arm
  - arm64
  - s390x
  - ppc64le
  - riscv64
  goarm:
  - "5"
  - "6"
  - "7"
  ignore:
    - goos: darwin
      goarch: arm
    - goos: darwin
      goarch: ppc64le
    - goos: darwin
      goarch: s390x
    - goos: darwin
      goarch: riscv64
    - goos: windows
      goarch: ppc64le
    - goos: windows
      goarch: s390x
    - goos: windows
      goarch: riscv64
    - goos: freebsd
      goarch: ppc64le
    - goos: freebsd
      goarch: s390x
    - goos: freebsd
      goarch: riscv64
    - goos: freebsd
      goarch: arm
      goarm: "5"
  flags:
  - -trimpath
  - -mod=readonly
  ldflags:
  - -s -w

signs:
  - cmd: cosign
    signature: "${artifact}.sig"
    certificate: '{{ trimsuffix (trimsuffix .Env.artifact ".zip") ".tar.gz" }}.pem'
    args: ["sign-blob", "--yes", "--output-signature=${signature}", "--output-certificate", "${certificate}", "${artifact}"]
    artifacts: all

sboms:
  - artifacts: binary
    documents:
      - >-
        {{ .ProjectName }}_
        {{- .Version }}_
        {{- if eq .Os "darwin" }}mac{{ else }}{{ .Os }}{{ end }}_
        {{- .Arch }}
        {{- with .Arm }}v{{ . }}{{ end }}
        {{- with .Mips }}_{{ . }}{{ end }}
        {{- if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}.sbom
    cmd: syft
    args: ["$artifact", "--file", "${document}", "--output", "cyclonedx-json"]

archives:
  - id: default
    format_overrides:
      - goos: windows
        format: zip
    name_template: >-
      {{ .ProjectName }}_
      {{- .Version }}_
      {{- if eq .Os "darwin" }}mac{{ else }}{{ .Os }}{{ end }}_
      {{- .Arch }}
      {{- with .Arm }}v{{ . }}{{ end }}
      {{- with .Mips }}_{{ . }}{{ end }}
      {{- if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}
  
  # package the 'caddy-build' directory into a tarball,
  # allowing users to build the exact same set of files as ours.
  - id: source
    meta: true
    name_template: "{{ .ProjectName }}_{{ .Version }}_buildable-artifact"
    files:
      - src: LICENSE
        dst: ./LICENSE
      - src: README.md
        dst: ./README.md
      - src: AUTHORS
        dst: ./AUTHORS
      - src: ./caddy-build
        dst: ./

source:
  enabled: true
  name_template: '{{ .ProjectName }}_{{ .Version }}_src'
  format: 'tar.gz'

  # Additional files/template/globs you want to add to the source archive.
  #
  # Default: empty.
  files:
    - vendor


checksum:
  algorithm: sha512

nfpms:
  - id: default
    package_name: caddy

    vendor: Dyanim
    homepage: https://caddyserver.com
    maintainer: Matthew Holt <mholt@users.noreply.github.com>
    description: |
      Caddy - Powerful, enterprise-ready, open source web server with automatic HTTPS written in Go
    license: Apache 2.0

    formats:
      - deb
      # - rpm

    bindir: /usr/bin
    contents:
      - src: ./caddy-dist/init/caddy.service
        dst: /lib/systemd/system/caddy.service
        
      - src: ./caddy-dist/init/caddy-api.service
        dst: /lib/systemd/system/caddy-api.service
      
      - src: ./caddy-dist/welcome/index.html
        dst: /usr/share/caddy/index.html
      
      - src: ./caddy-dist/scripts/bash-completion
        dst: /etc/bash_completion.d/caddy
    
      - src: ./caddy-dist/config/Caddyfile
        dst: /etc/caddy/Caddyfile
        type: config

      - src: ./caddy-dist/man/*
        dst: /usr/share/man/man8/

    scripts:
      postinstall: ./caddy-dist/scripts/postinstall.sh
      preremove: ./caddy-dist/scripts/preremove.sh
      postremove: ./caddy-dist/scripts/postremove.sh

release:
  github:
    owner: caddyserver
    name: caddy
  draft: true
  prerelease: auto

changelog:
  sort: asc
  filters:
    exclude:
    - '^chore:'
    - '^ci:'
    - '^docs?:'
    - '^readme:'
    - '^tests?:'
    - '^\w+\s+' # a hack to remove commit messages without colons thus don't correspond to a package