.goreleaser.yml

version: 2

builds:
  -
    env:
      - CGO_ENABLED=0
    binary: vault-kubernetes-kms
    goos:
      - linux
    goarch:
      - amd64

archives:
  -
    builds:
      - vault-kubernetes-kms
    format_overrides:
      - goos: windows
        format: zip
    name_template: >-
      {{- .ProjectName }}_
      {{- title .Os }}_
      {{- if eq .Arch "amd64" }}x86_64
      {{- else if eq .Arch "386" }}i386
      {{- else }}{{ .Arch }}{{ end }}
      {{- if .Arm }}v{{ .Arm }}{{ end -}}

dockers:
- image_templates:
  - 'ghcr.io/falcosuessgott/{{.ProjectName}}:{{ .Tag }}-amd64'
  - 'falcosuessgott/{{.ProjectName}}:{{ .Tag }}-amd64'
  dockerfile: Dockerfile.goreleaser
  use: buildx
  build_flag_templates:
  - "--pull"
  - "--label=io.artifacthub.package.readme-url=https://raw.githubusercontent.com/FalcoSuessgott/vault-kubernetes-kms/main/README.md"
  - "--label=io.artifacthub.package.maintainers=[{\"name\":\"Tom Morelly\",\"email\":\"tommorelly@gmail.com\"}]"
  - "--label=io.artifacthub.package.license=MIT"
  - "--label=org.opencontainers.image.description=Encrypt Kubernetes Secrets using Hashicorp Vault as the KMS Provider"
  - "--label=org.opencontainers.image.created={{.Date}}"
  - "--label=org.opencontainers.image.name={{.ProjectName}}"
  - "--label=org.opencontainers.image.revision={{.FullCommit}}"
  - "--label=org.opencontainers.image.version={{.Version}}"
  - "--label=org.opencontainers.image.source={{.GitURL}}"
  - "--platform=linux/amd64"
  extra_files:
      - go.mod
      - go.sum

docker_manifests:
- name_template: 'ghcr.io/falcosuessgott/{{.ProjectName}}:{{ .Tag }}'
  image_templates:
  - 'ghcr.io/falcosuessgott/{{.ProjectName}}:{{ .Tag }}-amd64'
- name_template: 'ghcr.io/falcosuessgott/{{.ProjectName}}:latest'
  image_templates:
  - 'ghcr.io/falcosuessgott/{{.ProjectName}}:{{ .Tag }}-amd64'
- name_template: 'falcosuessgott/{{.ProjectName}}:{{ .Tag }}'
  image_templates:
  - 'falcosuessgott/{{.ProjectName}}:{{ .Tag }}-amd64'
- name_template: 'falcosuessgott/{{.ProjectName}}:latest'
  image_templates:
  - 'falcosuessgott/{{.ProjectName}}:{{ .Tag }}-amd64'

gomod:
  proxy: true

source:
  enabled: true

sboms:
  - artifacts: archive
  - id: source
    artifacts: source

signs:
  - cmd: cosign
    certificate: "${artifact}.pem"
    artifacts: checksum
    output: true
    args:
      - sign-blob
      - "--output-certificate=${certificate}"
      - "--output-signature=${signature}"
      - "${artifact}"
      - "--yes"

docker_signs:
  - cmd: cosign
    artifacts: manifests
    output: true
    args:
      - "sign"
      - "${artifact}@${digest}"
      - "--yes"

checksum:
  name_template: "checksums.txt"

changelog:
  sort: asc
  use: github
  filters:
    exclude:
    - '^test:'
    - '^chore'
    - 'merge conflict'
    - Merge pull request
    - Merge remote-tracking branch
    - Merge branch
    - go mod tidy
  groups:
    - title: Dependency updates
      regexp: '^.*?(feat|fix)\(deps\)!?:.+$'
      order: 300
    - title: 'New Features'
      regexp: '^.*?feat(\([[:word:]]+\))??!?:.+$'
      order: 100
    - title: 'Bug fixes'
      regexp: '^.*?fix(\([[:word:]]+\))??!?:.+$'
      order: 200
    - title: 'Documentation updates'
      regexp: ^.*?doc(\([[:word:]]+\))??!?:.+$
      order: 400
    - title: Other work
      order: 9999