mirror of
https://github.com/securego/gosec.git
synced 2024-12-27 04:55:53 +00:00
26f10e0a7a
* Extend the release action to sign the docker image and binary files with cosign * Fix lint warnings * Fix the ling warnings * Fix the lint warnings
30 lines
552 B
YAML
30 lines
552 B
YAML
---
|
|
project_name: gosec
|
|
|
|
release:
|
|
extra_files:
|
|
- glob: ./bom.json
|
|
github:
|
|
owner: securego
|
|
name: gosec
|
|
|
|
builds:
|
|
- main: ./cmd/gosec/
|
|
binary: gosec
|
|
goos:
|
|
- darwin
|
|
- linux
|
|
- windows
|
|
goarch:
|
|
- amd64
|
|
- arm64
|
|
ldflags: -X main.Version={{.Version}} -X main.GitTag={{.Tag}} -X main.BuildDate={{.Date}}
|
|
env:
|
|
- CGO_ENABLED=0
|
|
|
|
signs:
|
|
- cmd: cosign
|
|
stdin: '{{ .Env.COSIGN_PASSWORD}}'
|
|
args: ["sign-blob", "--key=/tmp/cosign.key", "--output=${signature}", "${artifact}"]
|
|
artifacts: all
|
|
|