From 04ffedee4e35513c5d7d0e7ebf1e96b523774fa6 Mon Sep 17 00:00:00 2001 From: Alexander Sharov Date: Thu, 25 Jul 2024 15:44:15 +0300 Subject: [PATCH] fix: push to docker registries --- .goreleaser.yml | 90 +++++++++++++++++++++++++++---------------------- 1 file changed, 50 insertions(+), 40 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 153a03ed..2638134d 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -207,6 +207,8 @@ dockers: - '--label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }}' image_templates: - "ghcr.io/tofuutils/tenv:{{ .Version }}-amd64" + - "registry.hub.docker.com/tofuutils/tenv:{{ .Version }}-amd64" + skip_push: true - use: buildx goarch: arm64 @@ -225,6 +227,8 @@ dockers: - '--label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }}' image_templates: - "ghcr.io/tofuutils/tenv:{{ .Version }}-arm64" + - "registry.hub.docker.com/tofuutils/tenv:{{ .Version }}-arm64" + skip_push: true - use: buildx goarch: arm @@ -243,6 +247,8 @@ dockers: - '--label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }}' image_templates: - "ghcr.io/tofuutils/tenv:{{ .Version }}-arm" + - "registry.hub.docker.com/tofuutils/tenv:{{ .Version }}-arm" + skip_push: true - use: buildx goarch: "386" @@ -261,6 +267,8 @@ dockers: - '--label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }}' image_templates: - "ghcr.io/tofuutils/tenv:{{ .Version }}-386" + - "registry.hub.docker.com/tofuutils/tenv:{{ .Version }}-386" + skip_push: true docker_manifests: - name_template: ghcr.io/tofuutils/tenv:{{ .Version }} @@ -300,14 +308,49 @@ docker_manifests: skip_push: true docker_signs: - - artifacts: all + - cmd: cosign + env: + - COSIGN_EXPERIMENTAL=1 + args: + - "sign" + - "--oidc-issuer=https://token.actions.githubusercontent.com" + - "${artifact}@${digest}" + - "--yes" + artifacts: all + output: true + +signs: + - cmd: cosign + env: + - COSIGN_EXPERIMENTAL=1 + signature: "${artifact}.sig" + certificate: "${artifact}.pem" args: - [ - "sign", - "--oidc-issuer=https://token.actions.githubusercontent.com", - "${artifact}@${digest}", - "--yes", - ] + - "sign-blob" + - "--oidc-issuer=https://token.actions.githubusercontent.com" + - "--output-certificate=${certificate}" + - "--output-signature=${signature}" + - "${artifact}" + - "--yes" + artifacts: all + output: true + + - cmd: gpg + args: + - "--pinentry-mode" + - "loopback" + - "--batch" + - "-u" + - "{{ .Env.GPG_FINGERPRINT }}" + - "--passphrase" + - "{{ .Env.GPG_PASSPHRASE }}" + - "--output" + - "${signature}" + - "--detach-sign" + - "${artifact}" + artifacts: all + signature: "${artifact}.gpgsig" + id: gpg archives: - format: tar.gz @@ -339,39 +382,6 @@ checksum: name_template: "{{ .ProjectName }}_{{ .Tag }}_checksums.txt" algorithm: sha256 -signs: - - cmd: cosign - env: - - COSIGN_EXPERIMENTAL=1 - signature: "${artifact}.sig" - certificate: "${artifact}.pem" - args: - - "sign-blob" - - "--oidc-issuer=https://token.actions.githubusercontent.com" - - "--output-certificate=${certificate}" - - "--output-signature=${signature}" - - "${artifact}" - - "--yes" - artifacts: all - output: true - - - artifacts: all - signature: "${artifact}.gpgsig" - id: gpg - cmd: gpg - args: - - "--pinentry-mode" - - "loopback" - - "--batch" - - "-u" - - "{{ .Env.GPG_FINGERPRINT }}" - - "--passphrase" - - "{{ .Env.GPG_PASSPHRASE }}" - - "--output" - - "${signature}" - - "--detach-sign" - - "${artifact}" - nfpms: - file_name_template: "{{ .ProjectName }}_{{- .Tag }}_{{ .Arch }}" maintainer: "https://github.com/dvaumoron"