Merge pull request #76 from cpanato/add-bom

add bom and update release binary name
kubernetes-sigs · Apr 18, 2023 · dd657c9 · dd657c9
2 parents fcf9306 + 13c28af
commit dd657c9
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 5 deletions.
diff --git a/.bom-config.yaml b/.bom-config.yaml
@@ -0,0 +1,48 @@
+---
+namespace: https://sigs.k8s.io/tejolote
+license: Apache-2.0
+name: tejolote
+creator:
+ person: The Kubernetes Authors
+ tool: tejolote
+
+artifacts:
+  - type: file
+    source: tejolote-amd64-windows.exe
+    license: Apache-2.0
+    gomodules: true
+
+  - type: file
+    source: tejolote-amd64-darwin
+    license: Apache-2.0
+    gomodules: true
+
+  - type: file
+    source: tejolote-amd64-linux
+    license: Apache-2.0
+    gomodules: true
+
+  - type: file
+    source: tejolote-arm-linux
+    license: Apache-2.0
+    gomodules: true
+
+  - type: file
+    source: tejolote-arm64-darwin
+    license: Apache-2.0
+    gomodules: true
+
+  - type: file
+    source: tejolote-arm64-linux
+    license: Apache-2.0
+    gomodules: true
+
+  - type: file
+    source: tejolote-ppc64le-linux
+    license: Apache-2.0
+    gomodules: true
+
+  - type: file
+    source: tejolote-s390x-linux
+    license: Apache-2.0
+    gomodules: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -30,6 +30,9 @@ jobs:
       - name: Install cosign
         uses: sigstore/cosign-installer@9e9de2292db7abb3f51b7f4808d98f0d347a8919 # v3.0.2
 
+      - name: Install bom
+        uses: puerco/release-actions/setup-bom@8d40ac756bb1e4cab06267d89141baa650623919 # main
+
       - name: Install GoReleaser
         uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0
         with:
@@ -40,7 +43,7 @@ jobs:
         run: echo "TAG=${GITHUB_REF#refs/*/}" >> "$GITHUB_OUTPUT"
 
       - name: Run Mage
-        uses: magefile/mage-action@v2
+        uses: magefile/mage-action@3b833fb24c0d19eed3aa760b9eb285b4b84f420f # v2.3.0
         with:
           version: latest
           args: buildBinaries

diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml
@@ -24,11 +24,14 @@ jobs:
         with:
           install-only: true
 
+      - name: Install bom
+        uses: puerco/release-actions/setup-bom@8d40ac756bb1e4cab06267d89141baa650623919 # main
+
       - name: Run Mage
         uses: magefile/mage-action@3b833fb24c0d19eed3aa760b9eb285b4b84f420f # v2.3.0
         with:
           version: latest
           args: buildBinariesSnapshot
 
       - name: check binary
-        run: ./dist/tejolote_linux_amd64_v1/tejolote version
+        run: ./dist/tejolote-amd64-linux version
diff --git a/.go-version b/.go-version
@@ -1 +1 @@
-1.20.2
+1.20.3
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -15,8 +15,9 @@ gomod:
 
 builds:
   - id: tejolote
-    binary: tejolote
     main: ./cmd/tejolote
+    no_unique_dist_dir: true
+    binary: tejolote-{{ .Arch }}-{{ .Os }}
     goos:
       - darwin
       - linux
@@ -45,6 +46,7 @@ builds:
 
 archives:
   - format: binary
+    name_template: tejolote-{{ .Arch }}-{{ .Os }}
     allow_different_binary_count: true
 
 signs:
@@ -53,9 +55,32 @@ signs:
     signature: "${artifact}.sig"
     certificate: "${artifact}.pem"
     cmd: cosign
-    args: ["sign-blob", "--output-signature", "${artifact}.sig", "--output-certificate", "${artifact}.pem", "${artifact}"]
+    args:
+      - "sign-blob"
+      - "--output-signature"
+      - "${artifact}.sig"
+      - "--output-certificate"
+      - "${artifact}.pem"
+      - "${artifact}"
     artifacts: all
 
+sboms:
+  - id: tejolote
+    cmd: bom
+    args:
+      - generate
+      - "--output"
+      - "tejolote.json.spdx"
+      - "-d"
+      - "../"
+      - "-c"
+      - "../.bom-config.yaml"
+      - "--format"
+      - "json"
+    artifacts: any
+    documents:
+      - "tejolote.json.spdx"
+
 checksum:
   name_template: 'checksums.txt'