.goreleaser.yml

version: 2

before:
  hooks:
    - go mod tidy
builds:
  - main: ./cmd/osv-scanner/
    id: osv-scanner
    binary: osv-scanner
    env:
      # goreleaser does not work with CGO, it could also complicate
      # usage by users in CI/CD systems like Terraform Cloud where
      # they are unable to install libraries.
      - CGO_ENABLED=0
      - GO111MODULE=on
    mod_timestamp: "{{ .CommitTimestamp }}"
    flags:
      - -trimpath
    ldflags:
      # prettier-ignore
      - '-s -w -X github.com/google/osv-scanner/internal/version.OSVVersion={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}}'
    goos:
      # Further testing before supporting freebsd
      # - freebsd
      - windows
      - linux
      - darwin
    goarch:
      - amd64
      # 32bit does not compile at the moment because of spdx dependency
      # - '386'
      # Further testing before supporting arm
      # - arm
      - arm64
  - main: ./cmd/osv-scanner/
    id: osv-scanner-action
    binary: osv-scanner-action
    env:
      # goreleaser does not work with CGO, it could also complicate
      # usage by users in CI/CD systems like Terraform Cloud where
      # they are unable to install libraries.
      - CGO_ENABLED=0
      - GO111MODULE=on
    mod_timestamp: "{{ .CommitTimestamp }}"
    flags:
      - -trimpath
    ldflags:
      # prettier-ignore
      - '-s -w -X github.com/google/osv-scanner/internal/version.OSVVersion={{.Version}}_GHAction -X main.commit={{.Commit}} -X main.date={{.CommitDate}}'
    goos:
      - linux
    goarch:
      - amd64
  - main: ./cmd/osv-reporter/
    id: osv-reporter
    binary: osv-reporter
    env: # osv-reporter for github action
      - CGO_ENABLED=0
      - GO111MODULE=on
    mod_timestamp: "{{ .CommitTimestamp }}"
    flags:
      - -trimpath
    ldflags:
      # prettier-ignore
      - '-s -w -X github.com/google/osv-scanner/internal/version.OSVVersion={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}}'
    goos:
      - linux
    goarch:
      - amd64

dockers:
  # Arch: amd64
  - image_templates:
      - "ghcr.io/google/osv-scanner:{{ .Tag }}-amd64"
    dockerfile: goreleaser.dockerfile
    use: buildx
    build_flag_templates:
      - "--pull"
      - "--label=org.opencontainers.image.title=osv-scanner"
      - "--label=org.opencontainers.image.description=Vulnerability scanner written in Go which uses the data provided by https://osv.dev"
      - "--label=org.opencontainers.image.licenses=Apache License 2.0"
      - "--label=org.opencontainers.image.created={{.Date}}"
      - "--label=org.opencontainers.image.name={{.ProjectName}}"
      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
      - "--label=org.opencontainers.image.version={{.Version}}"
      - "--label=org.opencontainers.image.source={{.GitURL}}"
      - "--label=org.opencontainers.image.url={{.GitURL}}"
      - "--platform=linux/amd64"
  # Arch: arm64
  - image_templates:
      - "ghcr.io/google/osv-scanner:{{ .Tag }}-arm64"
    dockerfile: goreleaser.dockerfile
    use: buildx
    build_flag_templates:
      - "--pull"
      - "--label=org.opencontainers.image.title=osv-scanner"
      - "--label=org.opencontainers.image.description=Vulnerability scanner written in Go which uses the data provided by https://osv.dev"
      - "--label=org.opencontainers.image.licenses=Apache-2.0"
      - "--label=org.opencontainers.image.created={{.Date}}"
      - "--label=org.opencontainers.image.name={{.ProjectName}}"
      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
      - "--label=org.opencontainers.image.version={{.Version}}"
      - "--label=org.opencontainers.image.source={{.GitURL}}"
      - "--label=org.opencontainers.image.url={{.GitURL}}"
      - "--platform=linux/arm64"
    goarch: arm64
  # Github Action
  - image_templates:
      - "ghcr.io/google/osv-scanner-action:{{ .Tag }}"
    dockerfile: goreleaser-action.dockerfile
    use: buildx
    extra_files:
      - exit_code_redirect.sh
    build_flag_templates:
      - "--pull"
      - "--label=org.opencontainers.image.title=osv-scanner-action"
      - "--label=org.opencontainers.image.description=Vulnerability scanner written in Go which uses the data provided by https://osv.dev"
      - "--label=org.opencontainers.image.licenses=Apache-2.0"
      - "--label=org.opencontainers.image.created={{.Date}}"
      - "--label=org.opencontainers.image.name={{.ProjectName}}"
      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
      - "--label=org.opencontainers.image.version={{.Version}}"
      - "--label=org.opencontainers.image.source={{.GitURL}}"
      - "--label=org.opencontainers.image.url={{.GitURL}}"
      - "--platform=linux/amd64"
    goarch: amd64

docker_manifests:
  - name_template: "ghcr.io/google/osv-scanner:{{ .Tag }}"
    image_templates:
      - "ghcr.io/google/osv-scanner:{{ .Tag }}-amd64"
      - "ghcr.io/google/osv-scanner:{{ .Tag }}-arm64"
  - name_template: "ghcr.io/google/osv-scanner:latest"
    image_templates:
      - "ghcr.io/google/osv-scanner:{{ .Tag }}-amd64"
      - "ghcr.io/google/osv-scanner:{{ .Tag }}-arm64"

archives:
  - format: binary
    name_template: "{{ .Binary }}_{{ .Os }}_{{ .Arch }}"
    builds:
      - osv-scanner
checksum:
  name_template: "{{ .ProjectName }}_SHA256SUMS"
  algorithm: sha256
release:
  draft: true
changelog:
  disable: false