.goreleaser.yml

# This is an example .goreleaser.yml file with some sensible defaults.
# Make sure to check the documentation at https://goreleaser.com
before:
  hooks:
    # You may remove this if you don't use go modules.
    - go mod tidy
builds:

  - main: "./main.go"
    binary: vault-token-monitor
    env:
      - CGO_ENABLED=0
    goos:
      - linux
      - darwin
      - windows
    goarch:
      - amd64
      - arm64
      # - arm
      # - 386
    ldflags:
      ## auto inject commit and version at build time
      - -X github.com/vdbulcke/vault-token-monitor/cmd.GitCommit={{ .ShortCommit }} 
      - -X github.com/vdbulcke/vault-token-monitor/cmd.Version={{ .Version }}  
      - -X github.com/vdbulcke/vault-token-monitor/cmd.Date={{ .CommitDate }} 
      - -X github.com/vdbulcke/vault-token-monitor/cmd.BuiltBy=goreleaser
archives:
  - 
    ## Deprecated "replacements"
    # replacements:
    #   ## Rewrite Archive name 
    #   darwin: Darwin
    #   linux: Linux
    #   windows: Windows
    #   386: i386
    #   amd64: x86_64
    name_template: >-
      {{ .ProjectName }}_{{ .Version }}_
      {{- title .Os }}_
      {{- if eq .Arch "amd64" }}x86_64
      {{- else if eq .Arch "386" }}i386
      {{- else }}{{ .Arch }}{{ end }}
      {{- if .Arm }}v{{ .Arm }}{{ end }}
    ## use zip for windows release
    format_overrides:
      - goos: windows
        format: zip
    files:
    - LICENSE

## create MacOS universal binary
universal_binaries:
## set to true to ONLY generate a universal binary 
- replace: false

checksum:
  name_template: 'checksums.txt'
snapshot:
  name_template: "{{ incpatch .Version }}-next"


changelog:
  sort: asc
  filters:
    exclude:
      ## ignore commits from change log that starts with
      - '^docs:'
      - '^test:'
      - '^typo:'
      - '^ignore:'
  # Group commits messages by given regex and title.
  # Order value defines the order of the groups.
  # Proving no regex means all commits will be grouped under the default group.
  # Groups are disabled when using github-native, as it already groups things by itself.
  #
  # Default is no groups.
  groups:
    - title: Features
      regexp: "^.*feat[(\\w)]*:+.*$"
      order: 0
    - title: 'Bug fixes'
      regexp: "^.*fix[(\\w)]*:+.*$"
      order: 1
    - title: Others
      order: 999

dockers:
  - 
    # GOOS of the built binaries/packages that should be used.
    goos: linux

    # GOARCH of the built binaries/packages that should be used.
    goarch: amd64

    # GOARM of the built binaries/packages that should be used.
    goarm: ''

    image_templates:
    - "ghcr.io/vdbulcke/vault-token-monitor:v{{ .Version }}"

##
## Cosign
##
signs:
  - cmd: cosign
    signature: "${artifact}.sig"
    certificate: '${artifact}.pem'
    output: true
    args: 
      - "sign-blob"
      - "--oidc-issuer=https://token.actions.githubusercontent.com" 
      - "--output-certificate=${artifact}.pem"
      - "--output-signature=${artifact}.sig" 
      - "${artifact}"
    artifacts: all

docker_signs:
- cmd: cosign
  env:
  - COSIGN_EXPERIMENTAL=1
  artifacts: all
  output: true
  args:
  - 'sign'
  - "--oidc-issuer=https://token.actions.githubusercontent.com" 
  - '${artifact}'

release:
  ## set github header and footer
  header: |
    ## Docker

    ###  pull
    ```bash
    docker pull ghcr.io/vdbulcke/vault-token-monitor:v{{ .Version }}
    ``` 

    ### Validate Cosign Signature 
    ```bash
    cosign verify --certificate-oidc-issuer https://token.actions.githubusercontent.com  --certificate-identity  "https://github.com/vdbulcke/vault-token-monitor/.github/workflows/release.yaml@refs/tags/v{{ .Version }}"  ghcr.io/vdbulcke/vault-token-monitor:v{{ .Version }}
    ```

    ### Run 

    ```bash
    docker run --rm  -v /path/to/your/config.yaml:/app/config.yaml:z -p 9000:9000 ghcr.io/vdbulcke/vault-token-monitor:v{{ .Version }} 
    ```

  # # Footer template for the release body.
  # # Defaults to empty.
  # footer: |
  #   ## Thanks!

  #   Those were the changes on {{ .Tag }}!