+gitsign -- Keyless Git signing with Sigstore (#3653)

* +gitsign -- Keyless Git signing with Sigstore

* add git dependency

* move git dep to top level

* fix typo and include git in test only

* if it needs git for the test, it'll need it to run

---------

Co-authored-by: Jacob Heider <jacob@pkgx.dev>
This commit is contained in:
Spencer Gilbert 2023-10-13 20:53:26 -04:00 committed by GitHub
parent 4b139e3e72
commit 3c235f6591
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -0,0 +1,40 @@
distributable:
url: https://github.com/sigstore/gitsign/archive/refs/tags/v{{version}}.tar.gz
strip-components: 1
versions:
github: sigstore/gitsign
dependencies:
git-scm.org: '*'
build:
dependencies:
go.dev: ^1.21
script:
- go mod download
- mkdir -p "{{ prefix }}"/bin
- go build -v -trimpath -ldflags="$LDFLAGS" -o "{{prefix}}"/bin/gitsign
- go build -v -trimpath -ldflags="$LDFLAGS" -o "{{prefix}}"/bin/gitsign-credential-cache ./cmd/gitsign-credential-cache
env:
GOPROXY: https://proxy.golang.org,direct
GOSUMDB: sum.golang.org
GO111MODULE: on
CGO_ENABLED: 0
LDFLAGS:
- -buildid=""
- -X github.com/sigstore/gitsign/pkg/version.gitVersion={{version}}
linux:
# or segmentation fault
# fix found here https://github.com/docker-library/golang/issues/402#issuecomment-982204575
LDFLAGS:
- -buildmode=pie
test:
script: |
gitsign version | grep {{version}}
gitsign-credential-cache --version | grep {{version}}
provides:
- bin/gitsign
- bin/gitsign-credential-cache