From f5eaa7576c8790d17a511e3d2d5a469173a06591 Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Sat, 31 Jan 2026 22:17:46 +0100 Subject: [PATCH] feat(goreleaser): support SBOM and ARMv5 The following patch adjusts the Goreleaser configuration to build ARMv5 binaries as well as container images. It also replaces docker and docker_manifest with docker_v2. Goreleaser has also been extended to generate SBOM files in cdx and spdx format. --- .goreleaser.yaml | 365 +++++++++++++++++++++---------- Dockerfile => Dockerfile.scratch | 0 2 files changed, 253 insertions(+), 112 deletions(-) rename Dockerfile => Dockerfile.scratch (100%) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index f450ce1..17c4b03 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -1,7 +1,17 @@ project_name: dcmerge archives: -- formats: [ "tar.xz" ] +- id: archives + formats: + - tar.xz + name_template: >- + {{ .ProjectName }}- + {{- .Version }}- + {{- .Os }}- + {{- if eq .Arch "amd64" }}amd64 + {{- else if eq .Arch "amd64_v1" }}amd64 + {{- else }}{{ .Arch }}{{ end }} + {{- if .Arm }}-{{ .Arm }}{{ end }} files: - README.md - LICENSE @@ -11,15 +21,9 @@ before: - go mod tidy builds: -- main: main.go - binary: >- - {{ .ProjectName }}- - {{- .Version }}- - {{- .Os }}- - {{- if eq .Arch "amd64" }}amd64 - {{- else if eq .Arch "amd64_v1" }}amd64 - {{- else }}{{ .Arch }}{{ end }} - {{- if .Arm }}-{{ .Arm }}{{ end }} +- id: dcmerge + main: main.go + binary: dcmerge env: - CGO_ENABLED=0 - GONOSUMDB={{ .Env.GONOSUMDB }} @@ -32,12 +36,15 @@ builds: - arm64 - riscv64 goarm: + - "5" - "6" - "7" flags: - -trimpath + - -mod=readonly + - -modcacherw ldflags: - - -s -w -X 'main.version={{ trimprefix .Tag "v" }}' + - -s -w -X 'main.version={{ .Version }}' changelog: filters: @@ -61,112 +68,246 @@ changelog: sort: asc use: git -dockers: -- build_flag_templates: - - --label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }} - - --label=org.opencontainers.image.description={{ .ProjectName }} - - --label=org.opencontainers.image.documentation={{ .ProjectName }} - - --label=org.opencontainers.image.revision={{ .FullCommit }} - - --label=org.opencontainers.image.source={{ .GitURL }} - - --label=org.opencontainers.image.title={{ .ProjectName }} - - --label=org.opencontainers.image.url=https://git.cryptic.systems/volker.raschek/{{ .ProjectName }} - - --label=org.opencontainers.image.version={{ trimprefix .Tag "v" }} - - --platform=linux/amd64 - - --pull - dockerfile: Dockerfile - goarch: amd64 - goos: linux - image_templates: - - 'git.cryptic.systems/volker.raschek/{{ .ProjectName }}:{{ trimprefix .Tag "v" }}-amd64' - skip_push: false - use: buildx +dockers_v2: +- # ID of the image, needed if you want to filter by it later on (e.g. on custom publishers). + # Default: project name + id: container-images -- build_flag_templates: - - --label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }} - - --label=org.opencontainers.image.description={{ .ProjectName }} - - --label=org.opencontainers.image.documentation={{ .ProjectName }} - - --label=org.opencontainers.image.revision={{ .FullCommit }} - - --label=org.opencontainers.image.source={{ .GitURL }} - - --label=org.opencontainers.image.title={{ .ProjectName }} - - --label=org.opencontainers.image.url=https://git.cryptic.systems/volker.raschek/{{ .ProjectName }} - - --label=org.opencontainers.image.version={{ trimprefix .Tag "v" }} - - --platform=linux/arm/v6 - - --pull - dockerfile: Dockerfile - goarch: arm - goarm: "6" - goos: linux - image_templates: - - 'git.cryptic.systems/volker.raschek/{{ .ProjectName }}:{{ trimprefix .Tag "v" }}-arm-v6' - skip_push: false - use: buildx + # Path to the Dockerfile (from the project root). + dockerfile: Dockerfile.scratch -- build_flag_templates: - - --label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }} - - --label=org.opencontainers.image.description={{ .ProjectName }} - - --label=org.opencontainers.image.documentation={{ .ProjectName }} - - --label=org.opencontainers.image.revision={{ .FullCommit }} - - --label=org.opencontainers.image.source={{ .GitURL }} - - --label=org.opencontainers.image.title={{ .ProjectName }} - - --label=org.opencontainers.image.url=https://git.cryptic.systems/volker.raschek/{{ .ProjectName }} - - --label=org.opencontainers.image.version={{ trimprefix .Tag "v" }} - - --platform=linux/arm/v7 - - --pull - dockerfile: Dockerfile - goarch: arm - goarm: "7" - goos: linux - image_templates: - - 'git.cryptic.systems/volker.raschek/{{ .ProjectName }}:{{ trimprefix .Tag "v" }}-arm-v7' - skip_push: false - use: buildx + # IDs to filter the binaries/packages. + # + # Make sure to only include the IDs of binaries you want to `COPY` in your + # Dockerfile. + # + # If you include IDs that don't exist or are not available for the current + # architecture being built, the build of the image will be skipped. + ids: + - dcmerge -- build_flag_templates: - - --label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }} - - --label=org.opencontainers.image.description={{ .ProjectName }} - - --label=org.opencontainers.image.documentation={{ .ProjectName }} - - --label=org.opencontainers.image.revision={{ .FullCommit }} - - --label=org.opencontainers.image.source={{ .GitURL }} - - --label=org.opencontainers.image.title={{ .ProjectName }} - - --label=org.opencontainers.image.url=https://git.cryptic.systems/volker.raschek/{{ .ProjectName }} - - --label=org.opencontainers.image.version={{ trimprefix .Tag "v" }} - - --platform=linux/arm64 - - --pull - dockerfile: Dockerfile - goarch: arm64 - goos: linux - image_templates: - - 'git.cryptic.systems/volker.raschek/{{ .ProjectName }}:{{ trimprefix .Tag "v" }}-arm64' - skip_push: false - use: buildx + # Annotations to be added to the image. + annotations: + org.opencontainers.image.authors: "Volker Raschek" + org.opencontainers.image.created: "{{ .Date }}" + org.opencontainers.image.description: "{{ .ProjectName }}" + org.opencontainers.image.documentation: "{{ .ProjectName }}" + org.opencontainers.image.licenses: "MIT" + org.opencontainers.image.revision: "{{ .FullCommit }}" + org.opencontainers.image.source: "{{ .GitURL }}" + org.opencontainers.image.title: "{{ .ProjectName }}" + org.opencontainers.image.url: "https://git.cryptic.systems/volker.raschek/{{ .ProjectName }}" + org.opencontainers.image.vendor: "Volker Raschek" + org.opencontainers.image.version: "{{ .Version }}" -- build_flag_templates: - - --label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }} - - --label=org.opencontainers.image.description={{ .ProjectName }} - - --label=org.opencontainers.image.documentation={{ .ProjectName }} - - --label=org.opencontainers.image.revision={{ .FullCommit }} - - --label=org.opencontainers.image.source={{ .GitURL }} - - --label=org.opencontainers.image.title={{ .ProjectName }} - - --label=org.opencontainers.image.url=https://git.cryptic.systems/volker.raschek/{{ .ProjectName }} - - --label=org.opencontainers.image.version={{ trimprefix .Tag "v" }} - - --platform=linux/riscv64 - - --pull - dockerfile: Dockerfile - goarch: riscv64 - goos: linux - image_templates: - - 'git.cryptic.systems/volker.raschek/{{ .ProjectName }}:{{ trimprefix .Tag "v" }}-riscv64' - skip_push: false - use: buildx + io.artifacthub.package.alternative-locations: "docker.io/volkerraschek/{{ .ProjectName }}:{{ .Version }}" + io.artifacthub.package.keywords: "docker,docker-compose,merge,ci" + io.artifacthub.package.license: "MIT" + io.artifacthub.package.readme-url: "https://git.cryptic.systems/volker.raschek/{{ .ProjectName }}/raw/tag/v{{ .Version }}/README.md" -docker_manifests: -- name_template: 'git.cryptic.systems/volker.raschek/{{ .ProjectName }}:{{ trimprefix .Tag "v" }}' - image_templates: - - 'git.cryptic.systems/volker.raschek/{{ .ProjectName }}:{{ trimprefix .Tag "v" }}-amd64' - - 'git.cryptic.systems/volker.raschek/{{ .ProjectName }}:{{ trimprefix .Tag "v" }}-arm-v6' - - 'git.cryptic.systems/volker.raschek/{{ .ProjectName }}:{{ trimprefix .Tag "v" }}-arm-v7' - - 'git.cryptic.systems/volker.raschek/{{ .ProjectName }}:{{ trimprefix .Tag "v" }}-arm64' - - 'git.cryptic.systems/volker.raschek/{{ .ProjectName }}:{{ trimprefix .Tag "v" }}-riscv64' + labels: {} + + images: + - 'git.cryptic.systems/volker.raschek/{{ .ProjectName }}' + + # Platforms to build. + platforms: + - linux/amd64 + - linux/arm/v5 + - linux/arm/v6 + - linux/arm/v7 + - linux/arm64 + - linux/riscv64 + + # Whether to create and attach a SBOM to the image. + sbom: "{{ not .IsNightly }}" + + # Tag names. + # + # Empty tags are ignored. + tags: + - "{{ .Version }}" + - "{{ if .IsNightly }}nightly{{ end }}" + - "{{ if not .IsNightly }}latest{{ end }}" + +# RPM packages +nfpms: +- id: nfpms + ids: + - dcmerge + package_name: dcmerge + file_name_template: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{- if .Arm }}-{{ .Arm }}{{ end }}" + vendor: "Volker Raschek" + homepage: "https://git.cryptic.systems/volker.raschek/{{ .ProjectName }}" + maintainer: "Volker Raschek " + description: |- + dcmerge is a tool to merge docker-compose files from multiple resources. + It supports merging local files and remote files via HTTP/HTTPS. + license: Apache 2.0 + formats: + - deb + - rpm + dependencies: + - git + recommends: + - docker-compose + suggests: + - docker + bindir: /usr/bin + contents: + - src: ./README.md + dst: "/usr/share/doc/{{ .ProjectName }}/README.md" + file_info: + mode: 0644 + # License + - src: ./LICENSE + dst: "/usr/share/doc/{{ .ProjectName }}/LICENSE" + file_info: + mode: 0644 + - src: ./LICENSE + dst: "/usr/share/licenses/{{ .ProjectName }}/LICENSE" + file_info: + mode: 0644 + # Create man page directory + - dst: /usr/share/man/man1 + type: dir + file_info: + mode: 0755 + rpm: + group: Development/Tools + summary: Tool to merge docker-compose files from multiple resources + compression: xz + deb: + lintian_overrides: + - statically-linked-binary + - changelog-file-missing-in-native-package + +sboms: +- # ID of the sbom config, must be unique. + # + # Default: 'default'. + id: sboms-cyclonedx + + # IDs of the artifacts to catalog. + # + # If `artifacts` is "source" or "any" then this fields has no effect. + ids: + - dcmerge + + # Which artifacts to catalog. + # + # Valid options are: + # - any: let the SBOM tool decide which artifacts available in + # the cwd should be cataloged + # - source: source archive + # - package: Linux packages (deb, rpm, apk, etc) + # - installer: Windows MSI installers (Pro only) + # - diskimage: macOS DMG disk images (Pro only) + # - archive: archives from archive pipe + # - binary: binaries output from the build stage + # + # Default: 'archive'. + artifacts: binary + + # List of names of the SBOM documents created at this step + # (relative to the dist dir). + # + # Each element configured is made available as variables. For example: + # documents: ["foo", "bar"] + # + # would make the following variables that can be referenced as template keys: + # document0: "foo" + # document1: "bar" + # + # Note that multiple sbom values are only allowed if the value of + # "artifacts" is "any". + # + # Default: + # When "binary": ["{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}.sbom.json"] + # When "any": [] + # Otherwise: ["{{ .ArtifactName }}.sbom.json"] + # Templates: allowed. + documents: + - "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{- if .Arm }}-{{ .Arm }}{{ end }}.cdx.json" + + # Path to the SBOM generator command + # + # Note: the process CWD will be set to the same location as "dist" + # + # Default: 'syft'. + cmd: syft + + # Command line arguments for the command + # + # Default: ["$artifact", "--output", "spdx-json=$document", "--enrich", "all"]. + # Templates: allowed. + args: + - "$artifact" + - "--enrich=all" + - "--output=cyclonedx-json=$document" + +- # ID of the sbom config, must be unique. + # + # Default: 'default'. + id: sboms-spdx + + # IDs of the artifacts to catalog. + # + # If `artifacts` is "source" or "any" then this fields has no effect. + ids: + - dcmerge + + # Which artifacts to catalog. + # + # Valid options are: + # - any: let the SBOM tool decide which artifacts available in + # the cwd should be cataloged + # - source: source archive + # - package: Linux packages (deb, rpm, apk, etc) + # - installer: Windows MSI installers (Pro only) + # - diskimage: macOS DMG disk images (Pro only) + # - archive: archives from archive pipe + # - binary: binaries output from the build stage + # + # Default: 'archive'. + artifacts: binary + + # List of names of the SBOM documents created at this step + # (relative to the dist dir). + # + # Each element configured is made available as variables. For example: + # documents: ["foo", "bar"] + # + # would make the following variables that can be referenced as template keys: + # document0: "foo" + # document1: "bar" + # + # Note that multiple sbom values are only allowed if the value of + # "artifacts" is "any". + # + # Default: + # When "binary": ["{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}.sbom.json"] + # When "any": [] + # Otherwise: ["{{ .ArtifactName }}.sbom.json"] + # Templates: allowed. + documents: + - "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{- if .Arm }}-{{ .Arm }}{{ end }}.spdx.json" + + # Path to the SBOM generator command + # + # Note: the process CWD will be set to the same location as "dist" + # + # Default: 'syft'. + cmd: syft + + # Command line arguments for the command + # + # Default: ["$artifact", "--output", "spdx-json=$document", "--enrich", "all"]. + # Templates: allowed. + args: + - "$artifact" + - "--enrich=all" + - "--output=spdx-json=$document" gitea_urls: api: https://git.cryptic.systems/api/v1 diff --git a/Dockerfile b/Dockerfile.scratch similarity index 100% rename from Dockerfile rename to Dockerfile.scratch