mirror of
https://github.com/smallstep/certificates.git
synced 2024-11-19 09:25:37 +00:00
356 lines
11 KiB
YAML
356 lines
11 KiB
YAML
# This is an example .goreleaser.yml file with some sane defaults.
|
|
# Make sure to check the documentation at http://goreleaser.com
|
|
project_name: step-ca
|
|
|
|
before:
|
|
hooks:
|
|
# You may remove this if you don't use go modules.
|
|
- go mod download
|
|
|
|
builds:
|
|
-
|
|
id: step-ca
|
|
env:
|
|
- CGO_ENABLED=0
|
|
targets:
|
|
- darwin_amd64
|
|
- darwin_arm64
|
|
- freebsd_amd64
|
|
- linux_386
|
|
- linux_amd64
|
|
- linux_arm64
|
|
- linux_arm_5
|
|
- linux_arm_6
|
|
- linux_arm_7
|
|
- windows_amd64
|
|
flags:
|
|
- -trimpath
|
|
main: ./cmd/step-ca/main.go
|
|
binary: step-ca
|
|
ldflags:
|
|
- -w -X main.Version={{.Version}} -X main.BuildTime={{.Date}}
|
|
|
|
archives:
|
|
- &ARCHIVE
|
|
# Can be used to change the archive formats for specific GOOSs.
|
|
# Most common use case is to archive as zip on Windows.
|
|
# Default is empty.
|
|
name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Version }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
|
|
format_overrides:
|
|
- goos: windows
|
|
format: zip
|
|
files:
|
|
- README.md
|
|
- LICENSE
|
|
allow_different_binary_count: true
|
|
-
|
|
<< : *ARCHIVE
|
|
id: unversioned
|
|
name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
|
|
wrap_in_directory: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
|
|
|
|
|
|
nfpms:
|
|
# Configure nFPM for .deb and .rpm releases
|
|
#
|
|
# See https://nfpm.goreleaser.com/configuration/
|
|
# and https://goreleaser.com/customization/nfpm/
|
|
#
|
|
# Useful tools for debugging .debs:
|
|
# List file contents: dpkg -c dist/step_...deb
|
|
# Package metadata: dpkg --info dist/step_....deb
|
|
#
|
|
- &NFPM
|
|
builds:
|
|
- step-ca
|
|
package_name: step-ca
|
|
file_name_template: "{{ .PackageName }}_{{ .Version }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
|
|
vendor: Smallstep Labs
|
|
homepage: https://github.com/smallstep/certificates
|
|
maintainer: Smallstep <techadmin@smallstep.com>
|
|
description: >
|
|
step-ca is an online certificate authority for secure, automated certificate management.
|
|
license: Apache 2.0
|
|
section: utils
|
|
formats:
|
|
- deb
|
|
- rpm
|
|
priority: optional
|
|
bindir: /usr/bin
|
|
contents:
|
|
- src: debian/copyright
|
|
dst: /usr/share/doc/step-ca/copyright
|
|
-
|
|
<< : *NFPM
|
|
id: unversioned
|
|
file_name_template: "{{ .PackageName }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
|
|
|
|
source:
|
|
enabled: true
|
|
name_template: '{{ .ProjectName }}_{{ .Version }}'
|
|
|
|
checksum:
|
|
name_template: 'checksums.txt'
|
|
extra_files:
|
|
- glob: ./.releases/*
|
|
|
|
signs:
|
|
- cmd: cosign
|
|
signature: "${artifact}.sig"
|
|
certificate: "${artifact}.pem"
|
|
args: ["sign-blob", "--oidc-issuer=https://token.actions.githubusercontent.com", "--output-certificate=${certificate}", "--output-signature=${signature}", "${artifact}"]
|
|
artifacts: all
|
|
|
|
snapshot:
|
|
name_template: "{{ .Tag }}-next"
|
|
|
|
release:
|
|
# Repo in which the release will be created.
|
|
# Default is extracted from the origin remote URL or empty if its private hosted.
|
|
# Note: it can only be one: either github, gitlab or gitea
|
|
github:
|
|
owner: smallstep
|
|
name: certificates
|
|
|
|
# IDs of the archives to use.
|
|
# Defaults to all.
|
|
#ids:
|
|
# - foo
|
|
# - bar
|
|
|
|
# If set to true, will not auto-publish the release.
|
|
# Default is false.
|
|
draft: false
|
|
|
|
# If set to auto, will mark the release as not ready for production
|
|
# in case there is an indicator for this in the tag e.g. v1.0.0-rc1
|
|
# If set to true, will mark the release as not ready for production.
|
|
# Default is false.
|
|
prerelease: auto
|
|
|
|
# You can change the name of the release.
|
|
# Default is `{{.Tag}}`
|
|
name_template: "Step CA {{ .Tag }} ({{ .Env.RELEASE_DATE }})"
|
|
|
|
# Header template for the release body.
|
|
# Defaults to empty.
|
|
header: |
|
|
## Official Release Artifacts
|
|
|
|
#### Linux
|
|
|
|
- 📦 [step-ca_linux_{{ .Version }}_amd64.tar.gz](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_linux_{{ .Version }}_amd64.tar.gz)
|
|
- 📦 [step-ca_{{ .Version }}_amd64.deb](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_{{ .Version }}_amd64.deb)
|
|
|
|
#### OSX Darwin
|
|
|
|
- 📦 [step-ca_darwin_{{ .Version }}_amd64.tar.gz](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_darwin_{{ .Version }}_amd64.tar.gz)
|
|
- 📦 [step-ca_darwin_{{ .Version }}_arm64.tar.gz](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_darwin_{{ .Version }}_arm64.tar.gz)
|
|
|
|
#### Windows
|
|
|
|
- 📦 [step-ca_windows_{{ .Version }}_amd64.zip](https://dl.smallstep.com/gh-release/certificates/gh-release-header/{{ .Tag }}/step-ca_windows_{{ .Version }}_amd64.zip)
|
|
|
|
For more builds across platforms and architectures, see the `Assets` section below.
|
|
And for packaged versions (Docker, k8s, Homebrew), see our [installation docs](https://smallstep.com/docs/step-ca/installation).
|
|
|
|
Don't see the artifact you need? Open an issue [here](https://github.com/smallstep/certificates/issues/new/choose).
|
|
|
|
## Signatures and Checksums
|
|
|
|
`step-ca` uses [sigstore/cosign](https://github.com/sigstore/cosign) for signing and verifying release artifacts.
|
|
|
|
Below is an example using `cosign` to verify a release artifact:
|
|
|
|
```
|
|
cosign verify-blob \
|
|
--certificate step-ca_darwin_{{ .Version }}_amd64.tar.gz.sig.pem \
|
|
--signature step-ca_darwin_{{ .Version }}_amd64.tar.gz.sig \
|
|
--certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
|
|
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
|
|
step-ca_darwin_{{ .Version }}_amd64.tar.gz
|
|
```
|
|
|
|
The `checksums.txt` file (in the `Assets` section below) contains a checksum for every artifact in the release.
|
|
|
|
# Footer template for the release body.
|
|
# Defaults to empty.
|
|
footer: |
|
|
## Thanks!
|
|
|
|
Those were the changes on {{ .Tag }}!
|
|
|
|
Come join us on [Discord](https://discord.gg/X2RKGwEbV9) to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
|
|
|
|
# You can disable this pipe in order to not upload any artifacts.
|
|
# Defaults to false.
|
|
#disable: true
|
|
|
|
# You can add extra pre-existing files to the release.
|
|
# The filename on the release will be the last part of the path (base). If
|
|
# another file with the same name exists, the latest one found will be used.
|
|
# Defaults to empty.
|
|
extra_files:
|
|
- glob: ./.releases/*
|
|
#extra_files:
|
|
# - glob: ./path/to/file.txt
|
|
# - glob: ./glob/**/to/**/file/**/*
|
|
# - glob: ./glob/foo/to/bar/file/foobar/override_from_previous
|
|
|
|
winget:
|
|
-
|
|
# IDs of the archives to use.
|
|
# Empty means all IDs.
|
|
ids: [ default ]
|
|
|
|
#
|
|
# Default: ProjectName
|
|
# Templates: allowed
|
|
name: step-ca
|
|
|
|
# Publisher name.
|
|
#
|
|
# Templates: allowed
|
|
# Required.
|
|
publisher: Smallstep
|
|
|
|
# Your app's description.
|
|
#
|
|
# Templates: allowed
|
|
# Required.
|
|
short_description: "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management."
|
|
|
|
# License name.
|
|
#
|
|
# Templates: allowed
|
|
# Required.
|
|
license: "Apache-2.0"
|
|
|
|
# Publisher URL.
|
|
#
|
|
# Templates: allowed
|
|
publisher_url: "https://smallstep.com"
|
|
|
|
# Publisher support URL.
|
|
#
|
|
# Templates: allowed
|
|
publisher_support_url: "https://github.com/smallstep/certificates/discussions"
|
|
|
|
# URL which is determined by the given Token (github, gitlab or gitea).
|
|
#
|
|
# Default depends on the client.
|
|
# Templates: allowed
|
|
url_template: "https://github.com/smallstep/certificates/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
|
|
|
|
# Git author used to commit to the repository.
|
|
commit_author:
|
|
name: goreleaserbot
|
|
email: goreleaser@smallstep.com
|
|
|
|
# The project name and current git tag are used in the format string.
|
|
#
|
|
# Templates: allowed
|
|
commit_msg_template: "{{ .PackageIdentifier }}: {{ .Tag }}"
|
|
|
|
# Your app's homepage.
|
|
homepage: "https://github.com/smallstep/certificates"
|
|
|
|
# Your app's long description.
|
|
#
|
|
# Templates: allowed
|
|
description: ""
|
|
|
|
# License URL.
|
|
#
|
|
# Templates: allowed
|
|
license_url: "https://github.com/smallstep/certificates/blob/master/LICENSE"
|
|
|
|
# Release notes URL.
|
|
#
|
|
# Templates: allowed
|
|
release_notes_url: "https://github.com/smallstep/certificates/releases/tag/{{.Version}}"
|
|
|
|
# Create the PR - for testing
|
|
skip_upload: auto
|
|
|
|
# Tags.
|
|
tags:
|
|
- certificates
|
|
- smallstep
|
|
- tls
|
|
|
|
# Repository to push the generated files to.
|
|
repository:
|
|
owner: smallstep
|
|
name: winget-pkgs
|
|
branch: step
|
|
|
|
# Optionally a token can be provided, if it differs from the token
|
|
# provided to GoReleaser
|
|
# Templates: allowed
|
|
#token: "{{ .Env.GITHUB_PERSONAL_AUTH_TOKEN }}"
|
|
|
|
# Sets up pull request creation instead of just pushing to the given branch.
|
|
# Make sure the 'branch' property is different from base before enabling
|
|
# it.
|
|
#
|
|
# Since: v1.17
|
|
pull_request:
|
|
# Whether to enable it or not.
|
|
enabled: true
|
|
check_boxes: true
|
|
# Whether to open the PR as a draft or not.
|
|
#
|
|
# Default: false
|
|
# Since: v1.19
|
|
# draft: true
|
|
|
|
# Base can also be another repository, in which case the owner and name
|
|
# above will be used as HEAD, allowing cross-repository pull requests.
|
|
#
|
|
# Since: v1.19
|
|
base:
|
|
owner: microsoft
|
|
name: winget-pkgs
|
|
branch: master
|
|
|
|
|
|
scoops:
|
|
-
|
|
ids: [ default ]
|
|
# Template for the url which is determined by the given Token (github or gitlab)
|
|
# Default for github is "https://github.com/<repo_owner>/<repo_name>/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
|
|
# Default for gitlab is "https://gitlab.com/<repo_owner>/<repo_name>/uploads/{{ .ArtifactUploadHash }}/{{ .ArtifactName }}"
|
|
# Default for gitea is "https://gitea.com/<repo_owner>/<repo_name>/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
|
|
url_template: "http://github.com/smallstep/certificates/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
|
|
# Repository to push the app manifest to.
|
|
repository:
|
|
owner: smallstep
|
|
name: scoop-bucket
|
|
branch: main
|
|
|
|
# Git author used to commit to the repository.
|
|
# Defaults are shown.
|
|
commit_author:
|
|
name: goreleaserbot
|
|
email: goreleaser@smallstep.com
|
|
|
|
# The project name and current git tag are used in the format string.
|
|
commit_msg_template: "Scoop update for {{ .ProjectName }} version {{ .Tag }}"
|
|
|
|
# Your app's homepage.
|
|
# Default is empty.
|
|
homepage: "https://smallstep.com/docs/step-ca"
|
|
|
|
# Skip uploads for prerelease.
|
|
skip_upload: auto
|
|
|
|
# Your app's description.
|
|
# Default is empty.
|
|
description: "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH."
|
|
|
|
# Your app's license
|
|
# Default is empty.
|
|
license: "Apache-2.0"
|
|
|