2021-02-18 20:38:32 +00:00
# This is an example .goreleaser.yml file with some sane defaults.
# Make sure to check the documentation at http://goreleaser.com
project_name : step-ca
2021-09-07 18:28:16 +00:00
2021-02-18 20:38:32 +00:00
before :
hooks :
# You may remove this if you don't use go modules.
- go mod download
2021-09-07 18:28:16 +00:00
2021-02-18 20:38:32 +00:00
builds :
-
2021-02-18 22:04:28 +00:00
id : step-ca
2021-02-18 20:38:32 +00:00
env :
- CGO_ENABLED=0
2021-10-12 22:44:04 +00:00
targets :
- darwin_amd64
- darwin_arm64
2021-10-12 23:40:24 +00:00
- freebsd_amd64
2021-10-12 22:44:04 +00:00
- linux_386
- linux_amd64
- linux_arm64
2022-03-23 22:14:04 +00:00
- linux_arm_5
2021-10-12 22:44:04 +00:00
- linux_arm_6
- linux_arm_7
- windows_amd64
2021-02-18 20:38:32 +00:00
flags :
- -trimpath
main : ./cmd/step-ca/main.go
2022-10-01 18:03:14 +00:00
binary : step-ca
2021-02-18 20:38:32 +00:00
ldflags :
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
2021-09-07 18:28:16 +00:00
2021-02-18 20:38:32 +00:00
archives :
2023-06-15 00:17:34 +00:00
- &ARCHIVE
2021-02-18 20:38:32 +00:00
# Can be used to change the archive formats for specific GOOSs.
# Most common use case is to archive as zip on Windows.
# Default is empty.
name_template : "{{ .ProjectName }}_{{ .Os }}_{{ .Version }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
2021-05-10 23:58:20 +00:00
format_overrides :
- goos : windows
format : zip
2021-02-18 20:38:32 +00:00
files :
- README.md
- LICENSE
2022-10-01 18:03:14 +00:00
allow_different_binary_count : true
2023-06-15 00:17:34 +00:00
-
<< : *ARCHIVE
id : unversioned
name_template : "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
2023-10-12 22:20:03 +00:00
wrap_in_directory : "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
2023-06-15 00:17:34 +00:00
2022-10-01 18:03:14 +00:00
nfpms :
# Configure nFPM for .deb and .rpm releases
#
# See https://nfpm.goreleaser.com/configuration/
# and https://goreleaser.com/customization/nfpm/
#
# Useful tools for debugging .debs:
# List file contents: dpkg -c dist/step_...deb
# Package metadata: dpkg --info dist/step_....deb
#
2023-06-15 00:17:34 +00:00
- &NFPM
2022-10-01 18:03:14 +00:00
builds :
- step-ca
package_name : step-ca
file_name_template : "{{ .PackageName }}_{{ .Version }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
vendor : Smallstep Labs
homepage : https://github.com/smallstep/certificates
maintainer : Smallstep <techadmin@smallstep.com>
description : >
step-ca is an online certificate authority for secure, automated certificate management.
license : Apache 2.0
section : utils
formats :
- deb
- rpm
priority : optional
bindir : /usr/bin
contents :
- src : debian/copyright
dst : /usr/share/doc/step-ca/copyright
2023-06-15 00:17:34 +00:00
-
<< : *NFPM
id : unversioned
file_name_template : "{{ .PackageName }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
2021-09-07 18:28:16 +00:00
2021-02-18 20:38:32 +00:00
source :
enabled : true
name_template : '{{ .ProjectName }}_{{ .Version }}'
2021-09-07 18:28:16 +00:00
2021-02-18 20:38:32 +00:00
checksum :
name_template : 'checksums.txt'
2021-09-07 18:28:16 +00:00
extra_files :
- glob : ./.releases/*
2021-08-30 23:52:40 +00:00
signs :
- cmd : cosign
2022-10-26 04:26:50 +00:00
signature : "${artifact}.sig"
certificate : "${artifact}.pem"
2024-03-20 20:33:09 +00:00
args : [ "sign-blob" , "--oidc-issuer=https://token.actions.githubusercontent.com" , "--output-certificate=${certificate}" , "--output-signature=${signature}" , "${artifact}" , "--yes" ]
2021-08-30 23:52:40 +00:00
artifacts : all
2021-09-07 18:28:16 +00:00
2021-02-18 20:38:32 +00:00
snapshot :
name_template : "{{ .Tag }}-next"
2021-09-07 18:28:16 +00:00
2021-02-18 20:38:32 +00:00
release :
# Repo in which the release will be created.
# Default is extracted from the origin remote URL or empty if its private hosted.
# Note: it can only be one: either github, gitlab or gitea
github :
owner : smallstep
name : certificates
# IDs of the archives to use.
# Defaults to all.
#ids:
# - foo
# - bar
# If set to true, will not auto-publish the release.
# Default is false.
2021-03-15 19:27:29 +00:00
draft : false
2021-02-18 20:38:32 +00:00
# If set to auto, will mark the release as not ready for production
# in case there is an indicator for this in the tag e.g. v1.0.0-rc1
# If set to true, will mark the release as not ready for production.
# Default is false.
2021-03-15 19:27:29 +00:00
prerelease : auto
2021-02-18 20:38:32 +00:00
# You can change the name of the release.
# Default is `{{.Tag}}`
2021-09-11 20:05:17 +00:00
name_template : "Step CA {{ .Tag }} ({{ .Env.RELEASE_DATE }})"
2021-02-18 20:38:32 +00:00
2021-09-09 23:35:09 +00:00
# Header template for the release body.
# Defaults to empty.
header : |
2021-09-11 20:05:17 +00:00
## Official Release Artifacts
#### Linux
2023-05-17 02:58:54 +00:00
- 📦 [step-ca_linux_{{ .Version }}_amd64.tar.gz](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_linux_{{ .Version }}_amd64.tar.gz)
- 📦 [step-ca_{{ .Version }}_amd64.deb](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_{{ .Version }}_amd64.deb)
2021-09-11 20:05:17 +00:00
#### OSX Darwin
2023-05-17 02:58:54 +00:00
- 📦 [step-ca_darwin_{{ .Version }}_amd64.tar.gz](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_darwin_{{ .Version }}_amd64.tar.gz)
- 📦 [step-ca_darwin_{{ .Version }}_arm64.tar.gz](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_darwin_{{ .Version }}_arm64.tar.gz)
2021-09-11 20:05:17 +00:00
#### Windows
2023-05-17 02:58:54 +00:00
- 📦 [step-ca_windows_{{ .Version }}_amd64.zip](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_windows_{{ .Version }}_amd64.zip)
2021-09-11 20:05:17 +00:00
2021-09-15 17:30:04 +00:00
For more builds across platforms and architectures, see the `Assets` section below.
And for packaged versions (Docker, k8s, Homebrew), see our [installation docs](https://smallstep.com/docs/step-ca/installation).
2021-09-11 20:05:17 +00:00
Don't see the artifact you need? Open an issue [here](https://github.com/smallstep/certificates/issues/new/choose).
2021-09-09 23:35:09 +00:00
## Signatures and Checksums
`step-ca` uses [sigstore/cosign](https://github.com/sigstore/cosign) for signing and verifying release artifacts.
2021-09-11 20:05:17 +00:00
Below is an example using `cosign` to verify a release artifact :
2021-09-09 23:35:09 +00:00
```
2023-04-05 20:09:58 +00:00
cosign verify-blob \
2023-09-29 00:06:03 +00:00
--certificate step-ca_darwin_{{ .Version }}_amd64.tar.gz.sig.pem \
--signature step-ca_darwin_{{ .Version }}_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
2023-04-05 20:09:58 +00:00
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
2023-09-29 00:06:03 +00:00
step-ca_darwin_{{ .Version }}_amd64.tar.gz
2021-09-09 23:35:09 +00:00
```
2021-09-11 20:05:17 +00:00
The `checksums.txt` file (in the `Assets` section below) contains a checksum for every artifact in the release.
2021-09-09 23:35:09 +00:00
# Footer template for the release body.
# Defaults to empty.
footer : |
## Thanks!
Those were the changes on {{ .Tag }}!
2024-03-06 09:49:45 +00:00
Come join us on [Discord](https://discord.gg/X2RKGwEbV9) to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.
2021-09-09 23:35:09 +00:00
2021-02-18 20:38:32 +00:00
# You can disable this pipe in order to not upload any artifacts.
# Defaults to false.
#disable: true
# You can add extra pre-existing files to the release.
# The filename on the release will be the last part of the path (base). If
# another file with the same name exists, the latest one found will be used.
# Defaults to empty.
2021-09-07 18:28:16 +00:00
extra_files :
- glob : ./.releases/*
2021-02-18 20:38:32 +00:00
#extra_files:
# - glob: ./path/to/file.txt
# - glob: ./glob/**/to/**/file/**/*
# - glob: ./glob/foo/to/bar/file/foobar/override_from_previous
2023-01-31 19:25:16 +00:00
2023-08-29 23:04:17 +00:00
winget :
-
# IDs of the archives to use.
# Empty means all IDs.
ids : [ default ]
#
# Default: ProjectName
# Templates: allowed
name : step-ca
# Publisher name.
#
# Templates: allowed
# Required.
publisher : Smallstep
# Your app's description.
#
# Templates: allowed
# Required.
short_description : "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management."
# License name.
#
# Templates: allowed
# Required.
license : "Apache-2.0"
# Publisher URL.
#
# Templates: allowed
publisher_url : "https://smallstep.com"
# Publisher support URL.
#
# Templates: allowed
publisher_support_url : "https://github.com/smallstep/certificates/discussions"
# URL which is determined by the given Token (github, gitlab or gitea).
#
# Default depends on the client.
# Templates: allowed
url_template : "https://github.com/smallstep/certificates/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
# Git author used to commit to the repository.
commit_author :
name : goreleaserbot
email : goreleaser@smallstep.com
# The project name and current git tag are used in the format string.
#
# Templates: allowed
commit_msg_template : "{{ .PackageIdentifier }}: {{ .Tag }}"
# Your app's homepage.
homepage : "https://github.com/smallstep/certificates"
# Your app's long description.
#
# Templates: allowed
description : ""
# License URL.
#
# Templates: allowed
license_url : "https://github.com/smallstep/certificates/blob/master/LICENSE"
# Release notes URL.
#
# Templates: allowed
2024-04-01 16:55:01 +00:00
release_notes_url : "https://github.com/smallstep/certificates/releases/tag/{{ .Tag }}"
2023-08-29 23:04:17 +00:00
# Create the PR - for testing
2023-09-01 00:35:08 +00:00
skip_upload : auto
2023-08-29 23:04:17 +00:00
# Tags.
tags :
- certificates
- smallstep
- tls
# Repository to push the generated files to.
repository :
owner : smallstep
name : winget-pkgs
2024-03-29 18:12:38 +00:00
branch : "step-ca-{{.Version}}"
2023-08-29 23:04:17 +00:00
# Optionally a token can be provided, if it differs from the token
# provided to GoReleaser
# Templates: allowed
#token: "{{ .Env.GITHUB_PERSONAL_AUTH_TOKEN }}"
# Sets up pull request creation instead of just pushing to the given branch.
# Make sure the 'branch' property is different from base before enabling
# it.
#
# Since: v1.17
pull_request :
# Whether to enable it or not.
enabled : true
2023-09-27 21:42:34 +00:00
check_boxes : true
2023-08-29 23:04:17 +00:00
# Whether to open the PR as a draft or not.
#
# Default: false
# Since: v1.19
# draft: true
# Base can also be another repository, in which case the owner and name
# above will be used as HEAD, allowing cross-repository pull requests.
#
# Since: v1.19
base :
owner : microsoft
name : winget-pkgs
branch : master
2023-06-15 00:17:34 +00:00
scoops :
-
ids : [ default ]
# Template for the url which is determined by the given Token (github or gitlab)
# Default for github is "https://github.com/<repo_owner>/<repo_name>/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
# Default for gitlab is "https://gitlab.com/<repo_owner>/<repo_name>/uploads/{{ .ArtifactUploadHash }}/{{ .ArtifactName }}"
# Default for gitea is "https://gitea.com/<repo_owner>/<repo_name>/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
url_template : "http://github.com/smallstep/certificates/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
# Repository to push the app manifest to.
2023-08-29 23:04:17 +00:00
repository :
2023-06-15 00:17:34 +00:00
owner : smallstep
name : scoop-bucket
2023-09-27 21:42:34 +00:00
branch : main
2023-06-15 00:17:34 +00:00
# Git author used to commit to the repository.
# Defaults are shown.
commit_author :
name : goreleaserbot
email : goreleaser@smallstep.com
# The project name and current git tag are used in the format string.
commit_msg_template : "Scoop update for {{ .ProjectName }} version {{ .Tag }}"
# Your app's homepage.
# Default is empty.
homepage : "https://smallstep.com/docs/step-ca"
2023-01-31 19:25:16 +00:00
2023-06-15 00:17:34 +00:00
# Skip uploads for prerelease.
skip_upload : auto
2023-01-31 19:25:16 +00:00
2023-06-15 00:17:34 +00:00
# Your app's description.
# Default is empty.
description : "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH."
2023-01-31 19:25:16 +00:00
2023-06-15 00:17:34 +00:00
# Your app's license
# Default is empty.
license : "Apache-2.0"
2023-01-31 19:25:16 +00:00