@@ -26,7 +26,6 @@ builds:
2626 - CGO_ENABLED=0
2727 goos :
2828 - windows
29- - linux
3029 - darwin
3130 - freebsd
3231 - openbsd
@@ -37,6 +36,27 @@ builds:
3736 goarm :
3837 - " 6"
3938 - " 7"
39+ # Docker-specific builds for Linux only
40+ - id : privatebin-docker
41+ main : ./cmd/privatebin
42+ binary : privatebin
43+ ldflags :
44+ - -s -w
45+ - -X 'main.cliVersion={{.Version}}'
46+ - -X 'main.commit={{.ShortCommit}}'
47+ - -X 'main.date={{.Date}}'
48+ gcflags :
49+ - -e
50+ flags :
51+ - -trimpath
52+ - -mod=readonly
53+ env :
54+ - CGO_ENABLED=0
55+ goos :
56+ - linux
57+ goarch :
58+ - amd64
59+ - arm64
4060
4161archives :
4262 - name_template : >-
@@ -67,11 +87,11 @@ checksum:
6787sboms :
6888 - artifacts : archive
6989 documents :
70- - " {{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}_sbom.json"
90+ - " {{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }} _sbom.json"
7191 cmd : syft
7292 args :
7393 - " dir:."
74- - " --output=cyclonedx-json={{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}_sbom.json"
94+ - " --output=cyclonedx-json={{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }} _sbom.json"
7595 - " --source-name={{ .ProjectName }}"
7696 - " --source-version={{ .Version }}"
7797
@@ -91,18 +111,99 @@ signs:
91111artifacts : checksum
92112 output : true
93113
94- changelog :
95- use : custom
96- custom :
97- cmd : ./scripts/extract-changelog.sh
114+ dockers :
115+ - image_templates :
116+ - " ghcr.io/gearnode/privatebin:{{ .Tag }}-amd64"
117+ - " ghcr.io/gearnode/privatebin:latest-amd64"
118+ dockerfile : Dockerfile
119+ use : buildx
120+ build_flag_templates :
121+ - " --platform=linux/amd64"
122+ - " --label=org.opencontainers.image.title={{.ProjectName}}"
123+ - " --label=org.opencontainers.image.description=A CLI for PrivateBin"
124+ - " --label=org.opencontainers.image.url=https://github.com/gearnode/privatebin"
125+ - " --label=org.opencontainers.image.source=https://github.com/gearnode/privatebin"
126+ - " --label=org.opencontainers.image.version={{.Version}}"
127+ - ' --label=org.opencontainers.image.created={{time "2006-01-02T15:04:05Z07:00"}}'
128+ - " --label=org.opencontainers.image.revision={{.FullCommit}}"
129+ - " --label=org.opencontainers.image.licenses=ISC"
130+ ids :
131+ - privatebin-docker
132+ goos : linux
133+ goarch : amd64
134+ skip_push : " {{ .IsSnapshot }}"
135+ - image_templates :
136+ - " ghcr.io/gearnode/privatebin:{{ .Tag }}-arm64"
137+ - " ghcr.io/gearnode/privatebin:latest-arm64"
138+ dockerfile : Dockerfile
139+ use : buildx
140+ build_flag_templates :
141+ - " --platform=linux/arm64"
142+ - " --label=org.opencontainers.image.title={{.ProjectName}}"
143+ - " --label=org.opencontainers.image.description=A CLI for PrivateBin"
144+ - " --label=org.opencontainers.image.url=https://github.com/gearnode/privatebin"
145+ - " --label=org.opencontainers.image.source=https://github.com/gearnode/privatebin"
146+ - " --label=org.opencontainers.image.version={{.Version}}"
147+ - ' --label=org.opencontainers.image.created={{time "2006-01-02T15:04:05Z07:00"}}'
148+ - " --label=org.opencontainers.image.revision={{.FullCommit}}"
149+ - " --label=org.opencontainers.image.licenses=ISC"
150+ ids :
151+ - privatebin-docker
152+ goos : linux
153+ goarch : arm64
154+ skip_push : " {{ .IsSnapshot }}"
155+
156+ docker_manifests :
157+ - name_template : " ghcr.io/gearnode/privatebin:{{ .Tag }}"
158+ image_templates :
159+ - " ghcr.io/gearnode/privatebin:{{ .Tag }}-amd64"
160+ - " ghcr.io/gearnode/privatebin:{{ .Tag }}-arm64"
161+ skip_push : " {{ .IsSnapshot }}"
162+ - name_template : " ghcr.io/gearnode/privatebin:latest"
163+ image_templates :
164+ - " ghcr.io/gearnode/privatebin:latest-amd64"
165+ - " ghcr.io/gearnode/privatebin:latest-arm64"
166+ skip_push : " {{ .IsSnapshot }}"
167+
168+ docker_signs :
169+ - id : images
170+ cmd : sh
171+ env :
172+ - COSIGN_EXPERIMENTAL=1
173+ artifacts : images
174+ output : true
175+ args :
176+ - -c
177+ - |
178+ if [ "{{ .IsSnapshot }}" = "true" ]; then
179+ echo "Skipping Docker image signing (snapshot: {{ .IsSnapshot }})"
180+ else
181+ cosign sign "${artifact}@${digest}" --yes
182+ fi
183+ id : manifests
184+ cmd : sh
185+ env :
186+ - COSIGN_EXPERIMENTAL=1
187+ artifacts : manifests
188+ output : true
98189 args :
99- - " {{ .Tag }}"
190+ - -c
191+ - |
192+ if [ "{{ .IsSnapshot }}" = "true" ]; then
193+ echo "Skipping Docker manifest signing (snapshot: {{ .IsSnapshot }})"
194+ else
195+ cosign sign "${artifact}@${digest}" --yes
196+ fi
197+
198+ changelog :
199+ use : github
200+ sort : asc
100201
101202release :
102203 github :
103204 owner : gearnode
104205 name : privatebin
105- draft : false
206+ draft : true
106207 prerelease : auto
107208 mode : replace
108209 header : |
@@ -112,8 +213,16 @@ release:
112213footer : |
113214 ---
114215
216+ ## Docker Images
217+ - `ghcr.io/gearnode/privatebin:{{ .Tag }}` (multi-arch: linux/amd64, linux/arm64)
218+ - `ghcr.io/gearnode/privatebin:latest` (multi-arch: linux/amd64, linux/arm64)
219+
220+ ### Architecture-specific images
221+ - `ghcr.io/gearnode/privatebin:{{ .Tag }}-amd64`
222+ - `ghcr.io/gearnode/privatebin:{{ .Tag }}-arm64`
223+
115224 **Full Changelog**: https://github.com/gearnode/privatebin/compare/{{ .PreviousTag }}...{{ .Tag }}
116225
117226 **Installation**: See the [README](https://github.com/gearnode/privatebin#installation) for installation instructions.
118227
119- **Verification**: All artifacts are signed with Cosign. Use `cosign verify-blob` to verify the checksums .
228+ **Verification**: All artifacts and Docker images are signed with Cosign. Use `cosign verify-blob` for files or `cosign verify` for container images .
0 commit comments