From 336442430e04c882a986fc84cde0f47597bc2e2c Mon Sep 17 00:00:00 2001 From: cpanato Date: Thu, 2 May 2024 13:59:16 +0200 Subject: [PATCH 1/9] upgrade to go1.22 Signed-off-by: cpanato --- .github/workflows/tests.yaml | 4 ++-- Dockerfile | 6 +++--- go.mod | 2 +- hack/tools/go.mod | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 0d4808e6..6a5f86d5 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -95,5 +95,5 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 with: - version: v1.54 - args: --timeout=5m --verbose + version: v1.57 + args: --timeout=10m --verbose diff --git a/Dockerfile b/Dockerfile index 30d287f0..93f2cebb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.21.6@sha256:7b575fe0d9c2e01553b04d9de8ffea6d35ca3ab3380d2a8db2acc8f0f1519a53 AS builder +FROM golang:1.22.2@sha256:d5302d40dc5fbbf38ec472d1848a9d2391a13f93293a6a5b0b87c99dc0eaa6ae AS builder ENV APP_ROOT=/opt/app-root ENV GOPATH=$APP_ROOT @@ -29,7 +29,7 @@ RUN go build -ldflags "${SERVER_LDFLAGS}" ./cmd/timestamp-server RUN CGO_ENABLED=0 go build -gcflags "all=-N -l" -ldflags "${SERVER_LDFLAGS}" -o timestamp-server_debug ./cmd/timestamp-server # Multi-Stage production build -FROM golang:1.21.6@sha256:7b575fe0d9c2e01553b04d9de8ffea6d35ca3ab3380d2a8db2acc8f0f1519a53 as deploy +FROM golang:1.22.2@sha256:d5302d40dc5fbbf38ec472d1848a9d2391a13f93293a6a5b0b87c99dc0eaa6ae as deploy # Retrieve the binary from the previous stage COPY --from=builder /opt/app-root/src/timestamp-server /usr/local/bin/timestamp-server @@ -39,7 +39,7 @@ CMD ["timestamp-server", "serve"] # debug compile options & debugger FROM deploy as debug -RUN go install github.com/go-delve/delve/cmd/dlv@v1.9.0 +RUN go install github.com/go-delve/delve/cmd/dlv@v1.22.1 # overwrite server and include debugger COPY --from=builder /opt/app-root/src/timestamp-server_debug /usr/local/bin/timestamp-server diff --git a/go.mod b/go.mod index d0975738..8d3ee66f 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/sigstore/timestamp-authority -go 1.21 +go 1.22 require ( cloud.google.com/go/security v1.16.1 diff --git a/hack/tools/go.mod b/hack/tools/go.mod index b02f1c53..d48c8038 100644 --- a/hack/tools/go.mod +++ b/hack/tools/go.mod @@ -1,6 +1,6 @@ module github.com/sigstore/timestamp-authority/hack/tools -go 1.21 +go 1.22 require github.com/go-swagger/go-swagger v0.30.5 From 44b59624aadea83743d44512dc207fb0136eefe9 Mon Sep 17 00:00:00 2001 From: cpanato Date: Thu, 2 May 2024 13:59:44 +0200 Subject: [PATCH 2/9] add job to build with gorelease to test the flow Signed-off-by: cpanato --- .github/workflows/build-snapshot.yaml | 69 +++++++++++++++++++++++++++ .github/workflows/release.yaml | 2 +- .goreleaser.yml | 10 ++-- 3 files changed, 75 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/build-snapshot.yaml diff --git a/.github/workflows/build-snapshot.yaml b/.github/workflows/build-snapshot.yaml new file mode 100644 index 00000000..cfcfa4a7 --- /dev/null +++ b/.github/workflows/build-snapshot.yaml @@ -0,0 +1,69 @@ +name: build-snapshot + +on: + pull_request: + +permissions: {} + +jobs: + snapshot: + permissions: + contents: read + + runs-on: ubuntu-latest + outputs: + hashes: ${{ steps.hash.outputs.hashes }} + tag_name: ${{ steps.tag.outputs.tag_name }} + steps: + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version-file: './go.mod' + check-latest: true + + - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 + - uses: anchore/sbom-action/download-syft@7ccf588e3cf3cc2611714c2eeae48550fbc17552 # v0.15.11 + - uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 + + - name: Set LDFLAGS + id: ldflags + run: | + source ./release/ldflags.sh + goflags=$(ldflags) + echo "GO_FLAGS="${goflags}"" >> "$GITHUB_ENV" + + - name: Run GoReleaser + id: run-goreleaser + uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 + with: + version: latest + args: release --clean --skip=sign --snapshot + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + LDFLAGS: ${{ env.GO_FLAGS }} + + - name: Generate subject + id: hash + env: + ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}" + run: | + set -euo pipefail + checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path') + echo "hashes=$(cat $checksum_file | base64 -w0)" >> "$GITHUB_OUTPUT" + + - name: Set tag output + id: tag + run: echo "tag_name=${GITHUB_REF#refs/*/}" >> "$GITHUB_OUTPUT" + + provenance: + needs: + - snapshot + permissions: + actions: read # To read the workflow path. + id-token: write # To sign the provenance. + contents: write # To add assets to a release. + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 + with: + base64-subjects: "${{ needs.release.outputs.hashes }}" + upload-assets: false diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a862703a..8db963c0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -56,7 +56,7 @@ jobs: set -euo pipefail checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path') echo "hashes=$(cat $checksum_file | base64 -w0)" >> "$GITHUB_OUTPUT" - + - name: Set tag output id: tag run: echo "tag_name=${GITHUB_REF#refs/*/}" >> "$GITHUB_OUTPUT" diff --git a/.goreleaser.yml b/.goreleaser.yml index e6a6a6f2..fa177bda 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -10,11 +10,11 @@ env: before: hooks: - go mod tidy - - /bin/bash -c 'if [ -n "$(git --no-pager diff --exit-code go.mod go.sum)" ]; then exit 1; fi' -# if running a release we will generate the images in this step -# if running in the CI the CI env va is set by github action runner and we dont run the ko steps -# this is needed because we are generating files that goreleaser was not aware to push to GH project release - - /bin/bash -c 'if [ -n "$CI" ]; then make sign-container-release; fi' + # - /bin/bash -c 'if [ -n "$(git --no-pager diff --exit-code go.mod go.sum)" ]; then exit 1; fi' + # if running a release we will generate the images in this step + # if running in the CI the CI env va is set by github action runner and we dont run the ko steps + # this is needed because we are generating files that goreleaser was not aware to push to GH project release + # - /bin/bash -c 'if [ -n "$CI" ]; then make sign-container-release; fi' gomod: proxy: true From 22f59876ad36113601dfa10d567cfb06a7f5fd27 Mon Sep 17 00:00:00 2001 From: cpanato Date: Thu, 2 May 2024 14:00:01 +0200 Subject: [PATCH 3/9] group dependabot updates Signed-off-by: cpanato --- .github/dependabot.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a7c9ebcd..5ac1e919 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -19,15 +19,37 @@ updates: directory: "/" schedule: interval: "daily" + groups: + gomod: + update-types: + - "patch" + - package-ecosystem: "gomod" directory: "./hack/tools" schedule: interval: "daily" + groups: + gomod-hack: + update-types: + - "minor" + - "patch" + - package-ecosystem: "github-actions" directory: "/" schedule: interval: "daily" + groups: + actions: + update-types: + - "minor" + - "patch" + - package-ecosystem: "docker" directory: "/" schedule: interval: "daily" + groups: + docker: + update-types: + - "minor" + - "patch" From 3fecdcf181fbe94cf0b1fb372ad0e65faa1198ef Mon Sep 17 00:00:00 2001 From: cpanato Date: Thu, 2 May 2024 14:00:16 +0200 Subject: [PATCH 4/9] drop job that is not useful Signed-off-by: cpanato --- .github/workflows/auto_merge.yaml | 27 --------------------------- .github/workflows/build-snapshot.yaml | 3 +-- 2 files changed, 1 insertion(+), 29 deletions(-) delete mode 100644 .github/workflows/auto_merge.yaml diff --git a/.github/workflows/auto_merge.yaml b/.github/workflows/auto_merge.yaml deleted file mode 100644 index aa8f5100..00000000 --- a/.github/workflows/auto_merge.yaml +++ /dev/null @@ -1,27 +0,0 @@ -name: Dependabot auto-merge - -on: - pull_request: - -permissions: read-all - -jobs: - dependabot: - permissions: - contents: write - pull-requests: write - runs-on: ubuntu-latest - if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} - steps: - - name: Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@5e5f99653a5b510e8555840e80cbf1514ad4af38 # v2.1.0 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Enable auto-merge for Dependabot PRs - if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch' }} - run: gh pr merge --auto --squash "$PR_URL" - env: - PR_URL: ${{ github.event.pull_request.html_url }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/build-snapshot.yaml b/.github/workflows/build-snapshot.yaml index cfcfa4a7..5ce1b32a 100644 --- a/.github/workflows/build-snapshot.yaml +++ b/.github/workflows/build-snapshot.yaml @@ -61,9 +61,8 @@ jobs: - snapshot permissions: actions: read # To read the workflow path. - id-token: write # To sign the provenance. - contents: write # To add assets to a release. uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 with: base64-subjects: "${{ needs.release.outputs.hashes }}" upload-assets: false + continue-on-error: true From 31535c5a4c69c0d6fd8afa71aae93389ce0288a7 Mon Sep 17 00:00:00 2001 From: cpanato Date: Thu, 2 May 2024 14:12:02 +0200 Subject: [PATCH 5/9] fix lints Signed-off-by: cpanato --- .github/workflows/build-snapshot.yaml | 24 ------------------------ cmd/fetch-tsa-certs/fetch_tsa_certs.go | 4 ++-- cmd/timestamp-cli/app/format/wrap.go | 2 +- cmd/timestamp-cli/app/inspect.go | 4 ++-- cmd/timestamp-cli/app/root.go | 2 +- cmd/timestamp-cli/app/timestamp.go | 4 ++-- cmd/timestamp-cli/app/verify.go | 4 ++-- cmd/timestamp-server/app/serve.go | 2 +- pkg/signer/signer.go | 2 +- 9 files changed, 12 insertions(+), 36 deletions(-) diff --git a/.github/workflows/build-snapshot.yaml b/.github/workflows/build-snapshot.yaml index 5ce1b32a..6772390e 100644 --- a/.github/workflows/build-snapshot.yaml +++ b/.github/workflows/build-snapshot.yaml @@ -42,27 +42,3 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} LDFLAGS: ${{ env.GO_FLAGS }} - - - name: Generate subject - id: hash - env: - ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}" - run: | - set -euo pipefail - checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path') - echo "hashes=$(cat $checksum_file | base64 -w0)" >> "$GITHUB_OUTPUT" - - - name: Set tag output - id: tag - run: echo "tag_name=${GITHUB_REF#refs/*/}" >> "$GITHUB_OUTPUT" - - provenance: - needs: - - snapshot - permissions: - actions: read # To read the workflow path. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 - with: - base64-subjects: "${{ needs.release.outputs.hashes }}" - upload-assets: false - continue-on-error: true diff --git a/cmd/fetch-tsa-certs/fetch_tsa_certs.go b/cmd/fetch-tsa-certs/fetch_tsa_certs.go index 012cccd7..fe18517c 100644 --- a/cmd/fetch-tsa-certs/fetch_tsa_certs.go +++ b/cmd/fetch-tsa-certs/fetch_tsa_certs.go @@ -85,7 +85,7 @@ func fetchCertificateChain(ctx context.Context, parent, intermediateKMSKey, leaf if err != nil { return nil, err } - intermediateSigner, _, err := intermediateKMSSigner.CryptoSigner(ctx, func(err error) {}) + intermediateSigner, _, err := intermediateKMSSigner.CryptoSigner(ctx, func(_ error) {}) if err != nil { return nil, err } @@ -176,7 +176,7 @@ func fetchCertificateChain(ctx context.Context, parent, intermediateKMSKey, leaf if err != nil { return nil, err } - leafKMSSigner, _, err = kmsSigner.CryptoSigner(ctx, func(err error) {}) + leafKMSSigner, _, err = kmsSigner.CryptoSigner(ctx, func(_ error) {}) if err != nil { return nil, err } diff --git a/cmd/timestamp-cli/app/format/wrap.go b/cmd/timestamp-cli/app/format/wrap.go index 8148b26a..e2fbb6c8 100644 --- a/cmd/timestamp-cli/app/format/wrap.go +++ b/cmd/timestamp-cli/app/format/wrap.go @@ -29,7 +29,7 @@ type CobraCmd func(cmd *cobra.Command, args []string) type formatCmd func(args []string) (interface{}, error) func WrapCmd(f formatCmd) CobraCmd { - return func(cmd *cobra.Command, args []string) { + return func(_ *cobra.Command, args []string) { obj, err := f(args) if err != nil { log.CliLogger.Fatal(err) diff --git a/cmd/timestamp-cli/app/inspect.go b/cmd/timestamp-cli/app/inspect.go index aa724b7a..b2440348 100644 --- a/cmd/timestamp-cli/app/inspect.go +++ b/cmd/timestamp-cli/app/inspect.go @@ -44,13 +44,13 @@ var inspectCmd = &cobra.Command{ Use: "inspect", Short: "Inspect timestamp", Long: "Inspect the signed timestamp response.", - PreRunE: func(cmd *cobra.Command, args []string) error { + PreRunE: func(cmd *cobra.Command, _ []string) error { if err := viper.BindPFlags(cmd.Flags()); err != nil { log.CliLogger.Fatal("Error initializing cmd line args: ", err) } return nil }, - Run: format.WrapCmd(func(args []string) (interface{}, error) { + Run: format.WrapCmd(func(_ []string) (interface{}, error) { tsr := viper.GetString("timestamp") tsrBytes, err := os.ReadFile(filepath.Clean(tsr)) if err != nil { diff --git a/cmd/timestamp-cli/app/root.go b/cmd/timestamp-cli/app/root.go index 45f628eb..6b5c8ac8 100644 --- a/cmd/timestamp-cli/app/root.go +++ b/cmd/timestamp-cli/app/root.go @@ -32,7 +32,7 @@ var rootCmd = &cobra.Command{ Use: "timestamp-cli", Short: "Timestamp CLI", Long: `Timestamp command line interface tool`, - PersistentPreRunE: func(cmd *cobra.Command, args []string) error { + PersistentPreRunE: func(cmd *cobra.Command, _ []string) error { return initConfig(cmd) }, } diff --git a/cmd/timestamp-cli/app/timestamp.go b/cmd/timestamp-cli/app/timestamp.go index 42d6e331..c7e4b79f 100644 --- a/cmd/timestamp-cli/app/timestamp.go +++ b/cmd/timestamp-cli/app/timestamp.go @@ -60,13 +60,13 @@ var timestampCmd = &cobra.Command{ Use: "timestamp", Short: "Signed timestamp command", Long: "Fetches a signed RFC 3161 timestamp. The timestamp response can be verified locally using a timestamp certificate chain.", - PreRunE: func(cmd *cobra.Command, args []string) error { + PreRunE: func(cmd *cobra.Command, _ []string) error { if err := viper.BindPFlags(cmd.Flags()); err != nil { log.CliLogger.Fatal("Error initializing cmd line args: ", err) } return nil }, - Run: format.WrapCmd(func(args []string) (interface{}, error) { + Run: format.WrapCmd(func(_ []string) (interface{}, error) { return runTimestamp() }), } diff --git a/cmd/timestamp-cli/app/verify.go b/cmd/timestamp-cli/app/verify.go index b995b5ab..68036ce5 100644 --- a/cmd/timestamp-cli/app/verify.go +++ b/cmd/timestamp-cli/app/verify.go @@ -60,13 +60,13 @@ var verifyCmd = &cobra.Command{ Use: "verify", Short: "Verify timestamp", Long: "Verify the timestamp response using a timestamp certificate chain.", - PreRunE: func(cmd *cobra.Command, args []string) error { + PreRunE: func(cmd *cobra.Command, _ []string) error { if err := viper.BindPFlags(cmd.Flags()); err != nil { log.CliLogger.Fatal("Error initializing cmd line args: ", err) } return nil }, - Run: format.WrapCmd(func(args []string) (interface{}, error) { + Run: format.WrapCmd(func(_ []string) (interface{}, error) { return runVerify() }), } diff --git a/cmd/timestamp-server/app/serve.go b/cmd/timestamp-server/app/serve.go index 47bb96e1..e7b4bfbf 100644 --- a/cmd/timestamp-server/app/serve.go +++ b/cmd/timestamp-server/app/serve.go @@ -33,7 +33,7 @@ var serveCmd = &cobra.Command{ Use: "serve", Short: "start http server with configured api", Long: `Starts a http server and serves the configured api`, - Run: func(cmd *cobra.Command, args []string) { + Run: func(cmd *cobra.Command, _ []string) { if err := viper.BindPFlags(cmd.Flags()); err != nil { log.Logger.Fatal(err) } diff --git a/pkg/signer/signer.go b/pkg/signer/signer.go index b9b9663a..ee79d53d 100644 --- a/pkg/signer/signer.go +++ b/pkg/signer/signer.go @@ -49,7 +49,7 @@ func NewCryptoSigner(ctx context.Context, hash crypto.Hash, signer, kmsKey, tink if err != nil { return nil, err } - s, _, err := signer.CryptoSigner(ctx, func(err error) {}) + s, _, err := signer.CryptoSigner(ctx, func(_ error) {}) return s, err case TinkScheme: primaryKey, err := GetPrimaryKey(ctx, tinkKmsKey, hcVaultToken) From e9d9f594a9afceadf633142816dcfa531a61cffc Mon Sep 17 00:00:00 2001 From: cpanato Date: Tue, 7 May 2024 14:09:58 +0200 Subject: [PATCH 6/9] update codeql ci Signed-off-by: cpanato --- .github/workflows/codeql_analysis.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/codeql_analysis.yaml b/.github/workflows/codeql_analysis.yaml index 2c8e9672..ea31aa99 100644 --- a/.github/workflows/codeql_analysis.yaml +++ b/.github/workflows/codeql_analysis.yaml @@ -42,6 +42,11 @@ jobs: - name: Checkout repository uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + with: + go-version-file: './go.mod' + check-latest: true + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 From b9cf6b11b83ddfdd8e3759e0db9ebadb524255e3 Mon Sep 17 00:00:00 2001 From: cpanato Date: Tue, 7 May 2024 14:10:29 +0200 Subject: [PATCH 7/9] bump golangci-lint to v1.58 Signed-off-by: cpanato --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 6a5f86d5..e4885ac2 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -95,5 +95,5 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 with: - version: v1.57 + version: v1.58 args: --timeout=10m --verbose From 95b8da3db8c93fb027e6429720c8e25b5db34bc9 Mon Sep 17 00:00:00 2001 From: cpanato Date: Wed, 8 May 2024 19:37:37 +0200 Subject: [PATCH 8/9] move the build/push/sign images to after we successufuly built the binaries Signed-off-by: cpanato --- .github/workflows/release.yaml | 3 +++ .goreleaser.yml | 6 +----- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8db963c0..004cbf34 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -61,6 +61,9 @@ jobs: id: tag run: echo "tag_name=${GITHUB_REF#refs/*/}" >> "$GITHUB_OUTPUT" + - name: build and sign images + run: make sign-container-release + provenance: needs: [release] permissions: diff --git a/.goreleaser.yml b/.goreleaser.yml index fa177bda..c21b6a75 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -10,11 +10,7 @@ env: before: hooks: - go mod tidy - # - /bin/bash -c 'if [ -n "$(git --no-pager diff --exit-code go.mod go.sum)" ]; then exit 1; fi' - # if running a release we will generate the images in this step - # if running in the CI the CI env va is set by github action runner and we dont run the ko steps - # this is needed because we are generating files that goreleaser was not aware to push to GH project release - # - /bin/bash -c 'if [ -n "$CI" ]; then make sign-container-release; fi' + - /bin/bash -c 'if [ -n "$(git --no-pager diff --exit-code go.mod go.sum)" ]; then exit 1; fi' gomod: proxy: true From 0e4471e6e4fa1362698444d672f0c6393d2f7093 Mon Sep 17 00:00:00 2001 From: cpanato Date: Mon, 13 May 2024 09:57:01 +0200 Subject: [PATCH 9/9] to release in fork for testing Signed-off-by: cpanato --- .goreleaser.yml | 6 +++--- Makefile | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index c21b6a75..9241fd07 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -12,8 +12,8 @@ before: - go mod tidy - /bin/bash -c 'if [ -n "$(git --no-pager diff --exit-code go.mod go.sum)" ]; then exit 1; fi' -gomod: - proxy: true +# gomod: +# proxy: true sboms: - artifacts: binary @@ -90,5 +90,5 @@ release: prerelease: auto draft: true # allow for manual edits github: - owner: sigstore + owner: cpanato name: timestamp-authority diff --git a/Makefile b/Makefile index 52c51a06..663d20db 100644 --- a/Makefile +++ b/Makefile @@ -39,7 +39,7 @@ ifeq ($(DIFF), 1) GIT_TREESTATE = "dirty" endif -KO_PREFIX ?= ghcr.io/sigstore +KO_PREFIX ?= ghcr.io/cpanato export KO_DOCKER_REPO=$(KO_PREFIX) # Binaries