2021-02-18 20:38:32 +00:00
# This is an example .goreleaser.yml file with some sane defaults.
# Make sure to check the documentation at http://goreleaser.com
project_name : step-ca
2021-09-07 18:28:16 +00:00
2021-02-18 20:38:32 +00:00
before :
hooks :
# You may remove this if you don't use go modules.
- go mod download
2021-09-07 18:28:16 +00:00
2021-02-18 20:38:32 +00:00
builds :
-
2021-02-18 22:04:28 +00:00
id : step-ca
2021-02-18 20:38:32 +00:00
env :
- CGO_ENABLED=0
2021-10-12 22:44:04 +00:00
targets :
- darwin_amd64
- darwin_arm64
2021-10-12 23:40:24 +00:00
- freebsd_amd64
2021-10-12 22:44:04 +00:00
- linux_386
- linux_amd64
- linux_arm64
2022-03-23 22:14:04 +00:00
- linux_arm_5
2021-10-12 22:44:04 +00:00
- linux_arm_6
- linux_arm_7
- windows_amd64
2021-02-18 20:38:32 +00:00
flags :
- -trimpath
main : ./cmd/step-ca/main.go
2022-10-01 18:03:14 +00:00
binary : step-ca
2021-02-18 20:38:32 +00:00
ldflags :
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
2021-09-07 18:28:16 +00:00
2021-02-18 20:38:32 +00:00
archives :
-
# Can be used to change the archive formats for specific GOOSs.
# Most common use case is to archive as zip on Windows.
# Default is empty.
name_template : "{{ .ProjectName }}_{{ .Os }}_{{ .Version }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
2023-03-21 04:03:37 +00:00
rlcp : true
2021-05-10 23:58:20 +00:00
format_overrides :
- goos : windows
format : zip
2021-02-18 20:38:32 +00:00
wrap_in_directory : "{{ .ProjectName }}_{{ .Version }}"
files :
- README.md
- LICENSE
2022-10-01 18:03:14 +00:00
allow_different_binary_count : true
nfpms :
# Configure nFPM for .deb and .rpm releases
#
# See https://nfpm.goreleaser.com/configuration/
# and https://goreleaser.com/customization/nfpm/
#
# Useful tools for debugging .debs:
# List file contents: dpkg -c dist/step_...deb
# Package metadata: dpkg --info dist/step_....deb
#
-
builds :
- step-ca
package_name : step-ca
file_name_template : "{{ .PackageName }}_{{ .Version }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
vendor : Smallstep Labs
homepage : https://github.com/smallstep/certificates
maintainer : Smallstep <techadmin@smallstep.com>
description : >
step-ca is an online certificate authority for secure, automated certificate management.
license : Apache 2.0
section : utils
formats :
- deb
- rpm
priority : optional
bindir : /usr/bin
contents :
- src : debian/copyright
dst : /usr/share/doc/step-ca/copyright
2021-09-07 18:28:16 +00:00
2021-02-18 20:38:32 +00:00
source :
enabled : true
2023-03-21 04:03:37 +00:00
rlcp : true
2021-02-18 20:38:32 +00:00
name_template : '{{ .ProjectName }}_{{ .Version }}'
2021-09-07 18:28:16 +00:00
2021-02-18 20:38:32 +00:00
checksum :
name_template : 'checksums.txt'
2021-09-07 18:28:16 +00:00
extra_files :
- glob : ./.releases/*
2021-08-30 23:52:40 +00:00
signs :
- cmd : cosign
2022-10-26 04:26:50 +00:00
signature : "${artifact}.sig"
certificate : "${artifact}.pem"
args : [ "sign-blob" , "--oidc-issuer=https://token.actions.githubusercontent.com" , "--output-certificate=${certificate}" , "--output-signature=${signature}" , "${artifact}" ]
2021-08-30 23:52:40 +00:00
artifacts : all
2021-09-07 18:28:16 +00:00
2021-02-18 20:38:32 +00:00
snapshot :
name_template : "{{ .Tag }}-next"
2021-09-07 18:28:16 +00:00
2021-02-18 20:38:32 +00:00
release :
# Repo in which the release will be created.
# Default is extracted from the origin remote URL or empty if its private hosted.
# Note: it can only be one: either github, gitlab or gitea
github :
owner : smallstep
name : certificates
# IDs of the archives to use.
# Defaults to all.
#ids:
# - foo
# - bar
# If set to true, will not auto-publish the release.
# Default is false.
2021-03-15 19:27:29 +00:00
draft : false
2021-02-18 20:38:32 +00:00
# If set to auto, will mark the release as not ready for production
# in case there is an indicator for this in the tag e.g. v1.0.0-rc1
# If set to true, will mark the release as not ready for production.
# Default is false.
2021-03-15 19:27:29 +00:00
prerelease : auto
2021-02-18 20:38:32 +00:00
# You can change the name of the release.
# Default is `{{.Tag}}`
2021-09-11 20:05:17 +00:00
name_template : "Step CA {{ .Tag }} ({{ .Env.RELEASE_DATE }})"
2021-02-18 20:38:32 +00:00
2021-09-09 23:35:09 +00:00
# Header template for the release body.
# Defaults to empty.
header : |
2021-09-11 20:05:17 +00:00
## Official Release Artifacts
#### Linux
2023-05-17 02:58:54 +00:00
- 📦 [step-ca_linux_{{ .Version }}_amd64.tar.gz](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_linux_{{ .Version }}_amd64.tar.gz)
- 📦 [step-ca_{{ .Version }}_amd64.deb](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_{{ .Version }}_amd64.deb)
2021-09-11 20:05:17 +00:00
#### OSX Darwin
2023-05-17 02:58:54 +00:00
- 📦 [step-ca_darwin_{{ .Version }}_amd64.tar.gz](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_darwin_{{ .Version }}_amd64.tar.gz)
- 📦 [step-ca_darwin_{{ .Version }}_arm64.tar.gz](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_darwin_{{ .Version }}_arm64.tar.gz)
2021-09-11 20:05:17 +00:00
#### Windows
2023-05-17 02:58:54 +00:00
- 📦 [step-ca_windows_{{ .Version }}_amd64.zip](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_windows_{{ .Version }}_amd64.zip)
2021-09-11 20:05:17 +00:00
2021-09-15 17:30:04 +00:00
For more builds across platforms and architectures, see the `Assets` section below.
And for packaged versions (Docker, k8s, Homebrew), see our [installation docs](https://smallstep.com/docs/step-ca/installation).
2021-09-11 20:05:17 +00:00
Don't see the artifact you need? Open an issue [here](https://github.com/smallstep/certificates/issues/new/choose).
2021-09-09 23:35:09 +00:00
## Signatures and Checksums
`step-ca` uses [sigstore/cosign](https://github.com/sigstore/cosign) for signing and verifying release artifacts.
2021-09-11 20:05:17 +00:00
Below is an example using `cosign` to verify a release artifact :
2021-09-09 23:35:09 +00:00
```
2023-04-05 20:09:58 +00:00
cosign verify-blob \
2022-10-26 04:26:50 +00:00
--certificate ~/Downloads/step-ca_darwin_{{ .Version }}_amd64.tar.gz.sig.pem \
--signature ~/Downloads/step-ca_darwin_{{ .Version }}_amd64.tar.gz.sig \
2023-04-05 20:09:58 +00:00
--certificate-identity-regexp "https://github\.com/smallstep/certificates/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
2021-09-11 21:42:02 +00:00
~/Downloads/step-ca_darwin_{{ .Version }}_amd64.tar.gz
2021-09-09 23:35:09 +00:00
```
2021-09-11 20:05:17 +00:00
The `checksums.txt` file (in the `Assets` section below) contains a checksum for every artifact in the release.
2021-09-09 23:35:09 +00:00
# Footer template for the release body.
# Defaults to empty.
footer : |
## Thanks!
Those were the changes on {{ .Tag }}!
2021-09-11 20:05:17 +00:00
Come join us on [Discord](https://discord.gg/X2RKGwEbV9) to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
2021-09-09 23:35:09 +00:00
2021-02-18 20:38:32 +00:00
# You can disable this pipe in order to not upload any artifacts.
# Defaults to false.
#disable: true
# You can add extra pre-existing files to the release.
# The filename on the release will be the last part of the path (base). If
# another file with the same name exists, the latest one found will be used.
# Defaults to empty.
2021-09-07 18:28:16 +00:00
extra_files :
- glob : ./.releases/*
2021-02-18 20:38:32 +00:00
#extra_files:
# - glob: ./path/to/file.txt
# - glob: ./glob/**/to/**/file/**/*
# - glob: ./glob/foo/to/bar/file/foobar/override_from_previous
2023-01-31 19:25:16 +00:00
scoop :
# Template for the url which is determined by the given Token (github or gitlab)
# Default for github is "https://github.com/<repo_owner>/<repo_name>/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
# Default for gitlab is "https://gitlab.com/<repo_owner>/<repo_name>/uploads/{{ .ArtifactUploadHash }}/{{ .ArtifactName }}"
# Default for gitea is "https://gitea.com/<repo_owner>/<repo_name>/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
url_template : "http://github.com/smallstep/certificates/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
# Repository to push the app manifest to.
bucket :
owner : smallstep
name : scoop-bucket
# Git author used to commit to the repository.
# Defaults are shown.
commit_author :
name : goreleaserbot
email : goreleaser@smallstep.com
# The project name and current git tag are used in the format string.
commit_msg_template : "Scoop update for {{ .ProjectName }} version {{ .Tag }}"
# Your app's homepage.
# Default is empty.
homepage : "https://smallstep.com/docs/step-ca"
# Skip uploads for prerelease.
skip_upload : auto
# Your app's description.
# Default is empty.
description : "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH."
# Your app's license
# Default is empty.
license : "Apache-2.0"