Skip to content

Commit f677d68

Browse files
smlxsmlx
authored
Merge pull request #173 from smlx/multiple-artifacts
feat: implement attesting of multiple binary artefacts
2 parents a193466 + 20690a9 commit f677d68

File tree

4 files changed

+60
-9
lines changed

4 files changed

+60
-9
lines changed

.github/workflows/build.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ jobs:
1414
matrix:
1515
binary:
1616
- go-cli-github
17+
- another-binary
1718
steps:
1819
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
1920
with:

.github/workflows/release.yaml

Lines changed: 20 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -63,20 +63,32 @@ jobs:
6363
env:
6464
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
6565
GITHUB_SBOM_PATH: ./sbom.spdx.json
66+
# attest archives
67+
- uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0
68+
with:
69+
subject-path: "dist/*.tar.gz"
6670
# parse artifacts to the format required for image attestation
6771
- run: |
68-
echo "digest=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test(":v"))|.extra.Digest')" >> "$GITHUB_OUTPUT"
69-
echo "name=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test(":v"))|.name|split(":")[0]')" >> "$GITHUB_OUTPUT"
70-
id: image_metadata
72+
echo "$ARTIFACTS"
73+
echo "digest=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test("go-cli-github:v"))|.extra.Digest')" >> "$GITHUB_OUTPUT"
74+
echo "name=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test("go-cli-github:v"))|.name|split(":")[0]')" >> "$GITHUB_OUTPUT"
75+
id: image_metadata_go_cli_github
7176
env:
7277
ARTIFACTS: ${{steps.goreleaser.outputs.artifacts}}
73-
# attest archives
78+
- run: |
79+
echo "digest=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test("another-binary:v"))|.extra.Digest')" >> "$GITHUB_OUTPUT"
80+
echo "name=$(echo "$ARTIFACTS" | jq -r '.[]|select(.type=="Docker Manifest")|select(.name|test("another-binary:v"))|.name|split(":")[0]')" >> "$GITHUB_OUTPUT"
81+
id: image_metadata_another_binary
82+
env:
83+
ARTIFACTS: ${{steps.goreleaser.outputs.artifacts}}
84+
# attest images
7485
- uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0
7586
with:
76-
subject-path: "dist/*.tar.gz"
77-
# attest images
87+
subject-digest: ${{steps.image_metadata_go_cli_github.outputs.digest}}
88+
subject-name: ${{steps.image_metadata_go_cli_github.outputs.name}}
89+
push-to-registry: true
7890
- uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0
7991
with:
80-
subject-digest: ${{steps.image_metadata.outputs.digest}}
81-
subject-name: ${{steps.image_metadata.outputs.name}}
92+
subject-digest: ${{steps.image_metadata_another_binary.outputs.digest}}
93+
subject-name: ${{steps.image_metadata_another_binary.outputs.name}}
8294
push-to-registry: true

.goreleaser.yaml

Lines changed: 31 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
version: 2
22
builds:
3-
- id: go-cli-github
3+
- &buildDefinition
4+
id: go-cli-github
45
binary: go-cli-github
56
main: ./cmd/go-cli-github
67
ldflags:
@@ -19,6 +20,10 @@ builds:
1920
goarch:
2021
- amd64
2122
- arm64
23+
- <<: *buildDefinition
24+
id: another-binary
25+
binary: another-binary
26+
main: ./cmd/another-binary
2227

2328
changelog:
2429
use: github-native
@@ -41,6 +46,23 @@ dockers:
4146
build_flag_templates:
4247
- "--build-arg=BINARY=go-cli-github"
4348
- "--platform=linux/arm64/v8"
49+
- ids:
50+
- another-binary
51+
image_templates:
52+
- "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:v{{ .Version }}-amd64"
53+
use: buildx
54+
build_flag_templates:
55+
- "--build-arg=BINARY=another-binary"
56+
- "--platform=linux/amd64"
57+
- ids:
58+
- another-binary
59+
image_templates:
60+
- "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:v{{ .Version }}-arm64v8"
61+
use: buildx
62+
goarch: arm64
63+
build_flag_templates:
64+
- "--build-arg=BINARY=another-binary"
65+
- "--platform=linux/arm64/v8"
4466

4567
docker_manifests:
4668
- name_template: "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/go-cli-github:v{{ .Version }}"
@@ -51,6 +73,14 @@ docker_manifests:
5173
image_templates:
5274
- "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/go-cli-github:v{{ .Version }}-amd64"
5375
- "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/go-cli-github:v{{ .Version }}-arm64v8"
76+
- name_template: "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:v{{ .Version }}"
77+
image_templates:
78+
- "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:v{{ .Version }}-amd64"
79+
- "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:v{{ .Version }}-arm64v8"
80+
- name_template: "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:latest"
81+
image_templates:
82+
- "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:v{{ .Version }}-amd64"
83+
- "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}/another-binary:v{{ .Version }}-arm64v8"
5484

5585
release:
5686
extra_files:

cmd/another-binary/main.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
// Package main implements the command-line interface of a server.
2+
package main
3+
4+
import "fmt"
5+
6+
func main() {
7+
fmt.Println("Hello, World!")
8+
}

0 commit comments

Comments
 (0)