add syft for sbom and image templates

kartverket · Sep 15, 2023 · 436bd32 · 436bd32
1 parent 348c4d5
commit 436bd32
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 1 deletion.
diff --git a/.github/workflows/release-version.yaml b/.github/workflows/release-version.yaml
@@ -34,6 +34,10 @@ jobs:
  - name: Install Cosign
  uses: sigstore/cosign-installer@v3.1.2
 
+ - name: Install Syft for SBOM Generation
+ shell: bash
+ run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
+
  - name: Release with Goreleaser
  uses: goreleaser/goreleaser-action@v4
  with:

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -33,16 +33,38 @@ archives:
 
 dockers:
  - image_templates:
- - "ghcr.io/kartverket/skiperator"
+ - "ghcr.io/kartverket/skiperator:{{ .Version }}-amd64"
  extra_files:
  - ./
+ use: buildx
+ dockerfile: Dockerfile
+ build_flag_templates:
+ - "--platform=linux/amd64"
+ - image_templates:
+ - "ghcr.io/kartverket/skiperator:{{ .Version }}-arm64v8"
+ extra_files:
+ - ./
+ use: buildx
+ goarch: arm64
+ dockerfile: Dockerfile
+ build_flag_templates:
+ - "--platform=linux/arm64/v8"
+
+docker_manifests:
+ - name_template: "ghcr.io/kartverket/skiperator:{{ .Version }}"
+ image_templates:
+ - "ghcr.io/kartverket/skiperator:{{ .Version }}-amd64"
+ - "ghcr.io/kartverket/skiperator:{{ .Version }}-arm64v8"
 
 signs:
  - cmd: cosign
  signature: "${artifact}.sig"
  args: ["sign-blob", "--oidc-issuer=https://token.actions.githubusercontent.com", "--output-signature=${signature}", "-y", "${artifact}"]
  artifacts: all
 
+sboms:
+ - artifacts: archive
+
 checksum:
  name_template: "checksums.txt"
 snapshot: