diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/slsa-goreleaser.yml index f6e0bc6..4ed9186 100644 --- a/.github/workflows/slsa-goreleaser.yml +++ b/.github/workflows/slsa-goreleaser.yml @@ -56,6 +56,18 @@ jobs: go-version: 1.21 evaluated-envs: "COMMIT_DATE:${{needs.args.outputs.commit-date}}, COMMIT:${{needs.args.outputs.commit}}, VERSION:${{needs.args.outputs.version}}, TREE_STATE:${{needs.args.outputs.tree-state}}, VERSION_PKG:${{needs.args.outputs.version-package}}" + build-darwin-arm64: + permissions: + id-token: write # To sign the provenance. + contents: write # To upload assets to release. + actions: read # To read the workflow path. + needs: args + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0 + with: + config-file: .slsa-goreleaser-darwin-arm64.yml + go-version: 1.21 + evaluated-envs: "COMMIT_DATE:${{needs.args.outputs.commit-date}}, COMMIT:${{needs.args.outputs.commit}}, VERSION:${{needs.args.outputs.version}}, TREE_STATE:${{needs.args.outputs.tree-state}}, VERSION_PKG:${{needs.args.outputs.version-package}}" + build-windows-amd64: permissions: id-token: write # To sign the provenance. diff --git a/.slsa-goreleaser-darwin-arm64.yml b/.slsa-goreleaser-darwin-arm64.yml new file mode 100644 index 0000000..16b7df0 --- /dev/null +++ b/.slsa-goreleaser-darwin-arm64.yml @@ -0,0 +1,36 @@ +# Version for this file. +version: 1 + +# (Optional) List of env variables used during compilation. +env: + - GO111MODULE=on + - CGO_ENABLED=0 + +# (Optional) Flags for the compiler. +flags: + - -trimpath + - -tags=netgo + +# The OS to compile for. `GOOS` env variable will be set to this value. +goos: darwin + +# The architecture to compile for. `GOARCH` env variable will be set to this value. +goarch: arm64 + +# (Optional) Entrypoint to compile. +main: ./cmd/kubectl-sigstore + +# (Optional) Working directory. (default: root of the project) +# dir: ./relative/path/to/dir + +# Binary output name. +# {{ .Os }} will be replaced by goos field in the config file. +# {{ .Arch }} will be replaced by goarch field in the config file. +binary: kubectl-sigstore-darwin-arm64 + +# (Optional) ldflags generated dynamically in the workflow, and set as the `evaluated-envs` input variables in the workflow. +ldflags: + - "-X '{{ .Env.VERSION_PKG }}.GitVersion={{ .Env.VERSION }}'" + - "-X '{{ .Env.VERSION_PKG }}.gitCommit={{ .Env.COMMIT }}'" + - "-X '{{ .Env.VERSION_PKG }}.buildDate={{ .Env.COMMIT_DATE }}'" + - "-X '{{ .Env.VERSION_PKG }}.gitTreeState={{ .Env.TREE_STATE }}'"