Skip to content

feat: update release #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
VinnyBarton merged 1 commit into from
Apr 22, 2026
Merged

feat: update release #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions .github/workflows/release-cli.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ on:

permissions:
contents: write
packages: write

jobs:
release:
Expand All @@ -27,6 +28,20 @@ jobs:
go-version-file: go.mod
cache: true

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Derive image name
shell: bash
run: echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY@L}" >> "${GITHUB_ENV}"

- name: Run Goreleaser
uses: goreleaser/goreleaser-action@v6
with:
Expand All @@ -35,3 +50,4 @@ jobs:
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
IMAGE: ${{ env.IMAGE }}
66 changes: 66 additions & 0 deletions .goreleaser.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,69 @@ archives:

checksum:
name_template: checksums.txt

dockers:
- id: cli-amd64
ids:
- sbom-offline-verification
goos: linux
goarch: amd64
image_templates:
- "{{ .Env.IMAGE }}:{{ .Tag }}-amd64"
- "{{ .Env.IMAGE }}:v{{ .Major }}-amd64"
- "{{ .Env.IMAGE }}:v{{ .Major }}.{{ .Minor }}-amd64"
- "{{ .Env.IMAGE }}:latest-amd64"
dockerfile: Dockerfile.goreleaser
use: buildx
build_flag_templates:
- "--platform=linux/amd64"
- "--pull"
- "--label=org.opencontainers.image.created={{ .Date }}"
- "--label=org.opencontainers.image.description=Secure SBOM verification CLI"
- "--label=org.opencontainers.image.name={{ .ProjectName }}"
- "--label=org.opencontainers.image.revision={{ .FullCommit }}"
- "--label=org.opencontainers.image.source={{ .GitURL }}"
- "--label=org.opencontainers.image.version={{ .Version }}"

- id: cli-arm64
ids:
- sbom-offline-verification
goos: linux
goarch: arm64
image_templates:
- "{{ .Env.IMAGE }}:{{ .Tag }}-arm64"
- "{{ .Env.IMAGE }}:v{{ .Major }}-arm64"
- "{{ .Env.IMAGE }}:v{{ .Major }}.{{ .Minor }}-arm64"
- "{{ .Env.IMAGE }}:latest-arm64"
dockerfile: Dockerfile.goreleaser
use: buildx
build_flag_templates:
- "--platform=linux/arm64"
- "--pull"
- "--label=org.opencontainers.image.created={{ .Date }}"
- "--label=org.opencontainers.image.description=Secure SBOM verification CLI"
- "--label=org.opencontainers.image.name={{ .ProjectName }}"
- "--label=org.opencontainers.image.revision={{ .FullCommit }}"
- "--label=org.opencontainers.image.source={{ .GitURL }}"
- "--label=org.opencontainers.image.version={{ .Version }}"

docker_manifests:
- name_template: "{{ .Env.IMAGE }}:{{ .Tag }}"
image_templates:
- "{{ .Env.IMAGE }}:{{ .Tag }}-amd64"
- "{{ .Env.IMAGE }}:{{ .Tag }}-arm64"

- name_template: "{{ .Env.IMAGE }}:v{{ .Major }}.{{ .Minor }}"
image_templates:
- "{{ .Env.IMAGE }}:v{{ .Major }}.{{ .Minor }}-amd64"
- "{{ .Env.IMAGE }}:v{{ .Major }}.{{ .Minor }}-arm64"

- name_template: "{{ .Env.IMAGE }}:v{{ .Major }}"
image_templates:
- "{{ .Env.IMAGE }}:v{{ .Major }}-amd64"
- "{{ .Env.IMAGE }}:v{{ .Major }}-arm64"

- name_template: "{{ .Env.IMAGE }}:latest"
image_templates:
- "{{ .Env.IMAGE }}:latest-amd64"
- "{{ .Env.IMAGE }}:latest-arm64"
8 changes: 8 additions & 0 deletions Dockerfile.goreleaser
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
FROM gcr.io/distroless/static-debian12:nonroot

ARG TARGETPLATFORM

WORKDIR /
COPY ${TARGETPLATFORM}/sbom-offline-verification /usr/local/bin/sbom-offline-verification

ENTRYPOINT ["/usr/local/bin/sbom-offline-verification"]
5 changes: 4 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,10 @@ GOEXPERIMENT=jsonv2 go run ./cmd/sbom-offline-verification \

Tagged releases matching `vX.X.X` are built with Goreleaser using
[.goreleaser.yml](.goreleaser.yml). The release workflow publishes multi-platform
CLI archives and a checksum file to the GitHub release.
CLI archives, a checksum file, and a container image to GitHub-hosted release
surfaces. The container image is published to GitHub Container Registry as
`ghcr.io/<owner>/<repo>` for `linux/amd64` and `linux/arm64`, with tags for the
full version, `vMAJOR.MINOR`, `vMAJOR`, and `latest`.

## Examples

Expand Down
Loading