+gitsign -- Keyless Git signing with Sigstore (#3653)

* +gitsign -- Keyless Git signing with Sigstore * add git dependency * move git dep to top level * fix typo and include git in test only * if it needs git for the test, it'll need it to run --------- Co-authored-by: Jacob Heider <jacob@pkgx.dev>
2024-11-10 02:25:18 +03:00 · 2023-10-13 20:53:26 -04:00 · 2023-10-13 20:53:26 -04:00 · 3c235f6591
parent 4b139e3e72
commit 3c235f6591
1 changed files with 40 additions and 0 deletions
--- a/projects/sigstore.dev/gitsign/package.yml
+++ b/projects/sigstore.dev/gitsign/package.yml
@ -0,0 +1,40 @@
+distributable:
+  url: https://github.com/sigstore/gitsign/archive/refs/tags/v{{version}}.tar.gz
+  strip-components: 1
+
+versions:
+  github: sigstore/gitsign
+
+dependencies:
+  git-scm.org: '*'
+
+build:
+  dependencies:
+    go.dev: ^1.21
+  script:
+    - go mod download
+    - mkdir -p "{{ prefix }}"/bin
+    - go build -v -trimpath -ldflags="$LDFLAGS" -o "{{prefix}}"/bin/gitsign
+    - go build -v -trimpath -ldflags="$LDFLAGS" -o "{{prefix}}"/bin/gitsign-credential-cache ./cmd/gitsign-credential-cache
+  env:
+    GOPROXY: https://proxy.golang.org,direct
+    GOSUMDB: sum.golang.org
+    GO111MODULE: on
+    CGO_ENABLED: 0
+    LDFLAGS:
+      - -buildid=""
+      - -X github.com/sigstore/gitsign/pkg/version.gitVersion={{version}}
+    linux:
+      # or segmentation fault
+      # fix found here https://github.com/docker-library/golang/issues/402#issuecomment-982204575
+      LDFLAGS:
+      - -buildmode=pie
+
+test:
+  script: |
+    gitsign version | grep {{version}}
+    gitsign-credential-cache --version | grep {{version}}
+
+provides:
+  - bin/gitsign
+  - bin/gitsign-credential-cache