feat: update goreleaser

goreleaser/.github/workflows/build.yml

@@ -29,7 +29,7 @@ jobs:
     env:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
     steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
         with:
           fetch-depth: 0
       - uses: arduino/setup-task@e26d8975574116b0097a1161e0fe16ba75d84c1c # v1
@@ -48,14 +48,14 @@ jobs:
       - uses: crazy-max/ghaction-upx@v3
         with:
           install-only: true
-      - uses: cachix/install-nix-action@v23
+      - uses: cachix/install-nix-action@v24
         with:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v4
         with:
           go-version: stable
-      - uses: sigstore/cosign-installer@v3.1.2
-      - uses: anchore/sbom-action/download-syft@v0.14.3
+      - uses: sigstore/cosign-installer@v3.3.0
+      - uses: anchore/sbom-action/download-syft@v0.15.1
       - name: setup-validate-krew-manifest
         run: go install sigs.k8s.io/krew/cmd/validate-krew-manifest@latest
       - name: setup-tparse

goreleaser/.github/workflows/codeql.yml

@@ -15,8 +15,8 @@ jobs:
       contents: read
 
     steps:
-    - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3
-    - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
+    - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v4
       with:
         go-version: stable
     - uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2

goreleaser/.github/workflows/depsreview.yaml

@@ -8,7 +8,7 @@ jobs:
   dependency-review:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
       - uses: actions/dependency-review-action@v3
         with:
           allow-licenses: BSD-2-Clause, BSD-3-Clause, MIT, Apache-2.0, MPL-2.0

goreleaser/.github/workflows/docs.yml

@@ -19,11 +19,11 @@ jobs:
   htmltest:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
       - uses: arduino/setup-task@e26d8975574116b0097a1161e0fe16ba75d84c1c # v1
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v4
         with:
           go-version: stable
       - run: task docs:build

goreleaser/.github/workflows/fig.yml

@@ -13,8 +13,8 @@ jobs:
   fig:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3
-      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v4
         with:
           go-version: stable
           cache: true

goreleaser/.github/workflows/generate.yml

@@ -1,35 +1,35 @@
 name: generate
 
 on:
-  push:
-    branches:
-      - 'main'
-    paths:
-      - '.github/workflows/generate.yml'
-      - pkg/config/config.go
-      - CONTRIBUTING.md
-      - USERS.md
+  workflow_dispatch: {}
 
 permissions:
   contents: read
 
 jobs:
   docs:
     permissions:
-      contents: write  # for stefanzweifel/git-auto-commit-action to push code in repo
+      contents: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
         with:
           token: ${{ secrets.GH_PAT }}
-      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v4
         with:
           go-version: stable
           cache: true
       - uses: arduino/setup-task@e26d8975574116b0097a1161e0fe16ba75d84c1c # v1
+        with:
+          version: 3.x
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+      - run: task docs:releases
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - run: task docs:generate
       - run: task schema:generate
-      - uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4
+      - run: task nix:licenses:generate
+      - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5
         with:
           commit_message: "chore: docs auto-update"
           branch: main

goreleaser/.github/workflows/gitleaks.yml

@@ -14,7 +14,7 @@ jobs:
   gitleaks:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
         with:
           fetch-depth: 0
       - uses: gitleaks/gitleaks-action@v2

goreleaser/.github/workflows/grype.yml

@@ -17,7 +17,7 @@ jobs:
       contents: read
 
     steps:
-    - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
     - uses: anchore/scan-action@v3
       with:
         path: "."

goreleaser/.github/workflows/lint.yml

@@ -12,17 +12,18 @@ permissions:
 jobs:
   golangci:
     permissions:
-      contents: read  # for actions/checkout to fetch code
-      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
+      contents: read # for actions/checkout to fetch code
+      pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
     name: lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3
-      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v4
         with:
           go-version: stable
           cache: false
       - name: golangci-lint
         uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3
         with:
           args: --timeout=5m
+          only-new-issues: true

goreleaser/.github/workflows/milestone.yml

@@ -25,7 +25,7 @@ jobs:
       statuses: none
 
     steps:
-      - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
+      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v6
         with:
           script: |
             if (!context.payload.pull_request.merged) {

goreleaser/.github/workflows/nightly-oss.yml

@@ -16,7 +16,7 @@ jobs:
     env:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
     steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
         with:
           fetch-depth: 0
       - uses: arduino/setup-task@e26d8975574116b0097a1161e0fe16ba75d84c1c # v1
@@ -25,15 +25,15 @@ jobs:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
       - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v2
       - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v2
-      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v4
         with:
           go-version: stable
-      - uses: sigstore/cosign-installer@v3.1.2
-      - uses: anchore/sbom-action/download-syft@v0.14.3
+      - uses: sigstore/cosign-installer@v3.3.0
+      - uses: anchore/sbom-action/download-syft@v0.15.1
       - uses: crazy-max/ghaction-upx@v3
         with:
           install-only: true
-      - uses: cachix/install-nix-action@v23
+      - uses: cachix/install-nix-action@v24
         with:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
       - name: dockerhub-login

goreleaser/.github/workflows/release.yml

@@ -3,9 +3,9 @@ name: release
 on:
   push:
     branches:
-      - 'main'
+      - "main"
     tags:
-      - 'v*'
+      - "v*"
 
 permissions:
   contents: write
@@ -15,18 +15,18 @@ permissions:
 jobs:
   trigger-generate:
     runs-on: ubuntu-latest
-    needs: [ goreleaser ]
+    needs: [goreleaser]
     steps:
       - uses: benc-uk/workflow-dispatch@v121
         if: startsWith(github.ref, 'refs/tags/v')
         with:
           repo: goreleaser/goreleaser
           ref: main
           token: ${{ secrets.GH_PAT }}
-          workflow: generate-releases.yml
+          workflow: generate.yml
   notify-goreleaser-cross:
     runs-on: ubuntu-latest
-    needs: [ trigger-generate ]
+    needs: [trigger-generate]
     steps:
       - name: get version
         if: startsWith(github.ref, 'refs/tags/v')
@@ -43,13 +43,13 @@ jobs:
     runs-on: ubuntu-latest
     env:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
-    needs: [ goreleaser ]
+    needs: [goreleaser]
     if: github.ref == 'refs/heads/main'
     strategy:
       matrix:
-        format: [ deb, rpm, apk ]
+        format: [deb, rpm, apk]
     steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
         with:
           fetch-depth: 0
       - uses: arduino/setup-task@e26d8975574116b0097a1161e0fe16ba75d84c1c # v1
@@ -70,7 +70,7 @@ jobs:
     env:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
     steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
         with:
           fetch-depth: 0
       - uses: arduino/setup-task@e26d8975574116b0097a1161e0fe16ba75d84c1c # v1
@@ -86,7 +86,7 @@ jobs:
           sudo apt-get -yq --no-install-suggests --no-install-recommends install snapcraft
           mkdir -p $HOME/.cache/snapcraft/download
           mkdir -p $HOME/.cache/snapcraft/stage-packages
-      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v4
         with:
           go-version: stable
       - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
@@ -96,12 +96,12 @@ jobs:
             ./dist/*.rpm
             ./dist/*.apk
           key: ${{ github.ref }}
-      - uses: sigstore/cosign-installer@v3.1.2
-      - uses: anchore/sbom-action/download-syft@v0.14.3
+      - uses: sigstore/cosign-installer@v3.3.0
+      - uses: anchore/sbom-action/download-syft@v0.15.1
       - uses: crazy-max/ghaction-upx@v3
         with:
           install-only: true
-      - uses: cachix/install-nix-action@v23
+      - uses: cachix/install-nix-action@v24
         with:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
       - name: dockerhub-login

goreleaser/.golangci.yaml

@@ -14,7 +14,12 @@ linters:
     - tagliatelle
     - misspell
     - depguard
+    - testifylint
 linters-settings:
+  staticcheck:
+    checks:
+      - all
+      - "-SA1019"
   forbidigo:
     forbid:
       - 'ioutil\.*'

goreleaser/.goreleaser.yaml

@@ -1,5 +1,7 @@
 # yaml-language-server: $schema=https://goreleaser.com/static/schema.json
 # vim: set ts=2 sw=2 tw=0 fo=jcroql
+version: 1
+
 env:
   - GO111MODULE=on
 
@@ -362,8 +364,9 @@ milestones:
 release:
   name_template: "v{{ .Version }}"
   footer: |
-    **Full Changelog**: https://github.com/goreleaser/goreleaser/compare/{{ .PreviousTag }}...{{ .Tag }}
+    **Full Changelog**: https://github.com/goreleaser/goreleaser/compare/{{ .PreviousTag }}...{{ if .IsNightly }}nightly{{ else }}{{ .Tag }}{{ end }}
 
+    {{ if not .IsNightly }}
     ## Helping out
 
     This release is only possible thanks to **all** the support of some **awesome people**!
@@ -377,6 +380,7 @@ release:
     * Reach out on [Discord](https://discord.gg/RGEBtg8vQ6) and [Twitter](https://twitter.com/goreleaser)!
 
     <a href="https://goreleaser.com"><img src="https://raw.githubusercontent.com/goreleaser/artwork/master/opencollective-header.png" with="100%" alt="GoReleaser logo"></a>
+    {{ end }}
 
 announce:
   twitter:

goreleaser/CONTRIBUTING.md

@@ -20,6 +20,7 @@ Other things you might need to run the tests:
 - [Podman](https://podman.io/)
 - [Snapcraft](https://snapcraft.io/)
 - [Syft](https://github.com/anchore/syft)
+- [upx](https://upx.github.io/)
 
 Clone `goreleaser` anywhere:
 

goreleaser/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.21.1-alpine@sha256:96634e55b363cb93d39f78fb18aa64abc7f96d372c176660d7b8b6118939d97b
+FROM golang:1.21.5-alpine@sha256:4db4aac30880b978cae5445dd4a706215249ad4f43d28bd7cdf7906e9be8dd6b
 
 RUN apk add --no-cache bash \
 	curl \

goreleaser/SECURITY.md

@@ -6,6 +6,7 @@ Only the last stable version at any given point.
 
 ## Reporting a Vulnerability
 
-Vulnerabilies can be disclosed in private using GitHub advisories: https://github.com/goreleaser/goreleaser/security
+Vulnerabilities can be disclosed in private using
+[GitHub advisories](https://github.com/goreleaser/goreleaser/security).
 
 Thanks!

goreleaser/Taskfile.yml

@@ -53,7 +53,7 @@ tasks:
   lint:
     desc: Lint the code with golangci-lint
     cmds:
-      - golangci-lint run ./...
+      - golangci-lint run --config ./.golangci.yaml ./...
 
   ci:
     desc: Run all CI steps
@@ -67,6 +67,13 @@ tasks:
     cmds:
       - task: ci
 
+  nix:licenses:generate:
+    desc: Generate nix/licenses.go
+    cmds:
+      - ./scripts/gen-nix-licenses.sh
+    generates:
+      - ./internal/pipe/nix/licenses.go
+
   schema:generate:
     desc: Generate JSONSchema
     cmds: