Thanks to visit codestin.com
Credit goes to github.com

Skip to content

update goreleaser with windows checksums #740

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jan 10, 2022
Merged

update goreleaser with windows checksums #740

merged 4 commits into from
Jan 10, 2022

Conversation

@spiffcs
Copy link
Contributor

@spiffcs spiffcs commented Jan 10, 2022

Refactor goreleaser syntax for checksums

How to test

Run make snapeshot on this branch. Under snapshot there should be a file called syft_0.35.0-SNAPSHOT-5e5312c_checksums.txt

Below is the output for that file.

0059dc697bca9c0368b676a0feafe98367da762e463e88f89cb740d4cb3bc4a5  syft_0.35.0-SNAPSHOT-b308f74_darwin_amd64.zip
3a72bf458ff4684dc761a825045d1e688f3729ff6e4e29140a0343eacef3f2a5  syft_0.35.0-SNAPSHOT-b308f74_linux_arm64.rpm
4295acf62ae1cd3675bdc1321a045d2b2039e017ecbf229707d1ae92e6f2dfb9  syft_0.35.0-SNAPSHOT-b308f74_darwin_amd64.tar.gz
5277b46093d67ee310fcbbc0e6fc059abe4dfa4799ac6797e58997fec6482a2a  syft_0.35.0-SNAPSHOT-b308f74_darwin_arm64.zip
744b967ef6b15f0e222fdf483b8b852002a493b09837ae14cb426bc32040d872  syft_0.35.0-SNAPSHOT-b308f74_Linux_amd64.tar.gz
82bb6dd3ac03673fa4abd4b027f6969ee4eccc675fd9295c77ce19b79cac97dd  syft_0.35.0-SNAPSHOT-b308f74_Linux_arm64.tar.gz
8b7b5c7c4210feb9ddcda69d24bd8c77a0b881aa638f1be9ab1044d4d48d7655  syft_0.35.0-SNAPSHOT-b308f74_Windows_arm64.zip
9cc259f0e67b3731aecbf9bd191bd17e29085bd41467a2aff514e846894a4c96  syft_0.35.0-SNAPSHOT-b308f74_linux_amd64.deb
d45b648403e9ed328740df02f5de57c8ef9ab0bdb59bb292503bc1ae2dbc0359  syft_0.35.0-SNAPSHOT-b308f74_linux_arm64.deb
e3a0dd098e1484b69cb37176e50a820f061222c1fe81e90330948d7a94d5e9fd  syft_0.35.0-SNAPSHOT-b308f74_Windows_amd64.zip
e711ea296a99656e44ba7f8d9435cf1687d42244eb259d59f84652f23896721a  syft_0.35.0-SNAPSHOT-b308f74_darwin_arm64.tar.gz
f1359b46535584c827b04145b929beacdf4f286cb74cdd39565023ff324b6874  syft_0.35.0-SNAPSHOT-b308f74_linux_amd64.rpm

Previously you would only see:

  1 6d7eec5285535c2d5435e5024717ccfc3ee4135fc6b5dbfbc5c1435a209a3874  syft_0.35.0-SNAPSHOT-5e5312c_linux_amd64.deb
  1 7391beb8769e1804c80be0615be4f52ac9604f7be7846cd2befb55ff7eb56a89  syft_0.35.0-SNAPSHOT-5e5312c_darwin_amd64.zip
  2 75f154f40c0986c27fcbe1ee2edf455cf96c67b4bf79fb16a5028057b3d56ae7  syft_0.35.0-SNAPSHOT-5e5312c_darwin_arm64.zip
  3 77d6ef81651ba1681b6e338a6a1c006394a1f97c3d7301788f86cfd9cf83641d  syft_0.35.0-SNAPSHOT-5e5312c_windows_amd64.zip
  4 88cfba09e4111a484663853dddc3511e4e8dec94155b94874f7e8bb7693cba3d  syft_0.35.0-SNAPSHOT-5e5312c_linux_arm64.rpm
  5 9b22fbc06f33ee8ca8e52c459ab2e04f46f3264dd510f321b545d16dfca03638  syft_0.35.0-SNAPSHOT-5e5312c_linux_amd64.rpm
  6 c537e8db525d628f757fcfbf0a1cd789dc5884d1fbe70ac843cd50c3d32acbc1  syft_0.35.0-SNAPSHOT-5e5312c_linux_amd64.tar.gz
  7 d05b46d5df0aa9478e7da011fa9f99b0d241e9303094c0b27d4df5701899f706  syft_0.35.0-SNAPSHOT-5e5312c_linux_arm64.deb
  8 dc07c287d73469afd6a0aa275daf5e2044943953d9cd0a89d22ca03753191caf  syft_0.35.0-SNAPSHOT-5e5312c_linux_arm64.tar.gz

Signed-off-by: Christopher Phillips [email protected]

@spiffcs
update goreleaser with windows checksums
b308f74 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs
update format to be closer to our previous implementation
244dd96 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs
remove linux replacement
df73b73 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs
typo
02b6740 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs spiffcs linked an issue Jan 10, 2022 that may be closed by this pull request
Missing checksums for other than Linux in 0.35.0 release #739
Closed
@spiffcs spiffcs requested a review from a team January 10, 2022 16:34
@github-actions
Copy link

github-actions bot commented Jan 10, 2022
edited
Loading

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
name                                                       old time/op    new time/op    delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2              1.64ms ± 2%    1.66ms ± 8%    ~     (p=1.000 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2            3.78ms ± 4%    3.65ms ± 3%  -3.34%  (p=0.008 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2    1.13ms ± 2%    1.14ms ± 3%    ~     (p=0.690 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2        1.01ms ± 1%    0.97ms ± 2%  -3.37%  (p=0.016 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                    1.18ms ± 2%    1.19ms ± 3%    ~     (p=0.841 n=5+5)
ImagePackageCatalogers/rpmdb-cataloger-2                     1.04ms ± 3%    1.05ms ± 4%    ~     (p=0.421 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      16.0ms ± 1%    16.1ms ± 4%    ~     (p=0.690 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.53ms ± 1%    1.53ms ± 4%    ~     (p=1.000 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2          2.23µs ± 1%    2.12µs ± 1%  -4.92%  (p=0.008 n=5+5)

name                                                       old alloc/op   new alloc/op   delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2               252kB ± 0%     252kB ± 0%    ~     (p=0.151 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2            1.06MB ± 0%    1.06MB ± 0%  +0.13%  (p=0.008 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     229kB ± 0%     230kB ± 0%    ~     (p=0.421 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         207kB ± 0%     207kB ± 0%  +0.20%  (p=0.008 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     253kB ± 0%     253kB ± 0%  +0.25%  (p=0.008 n=5+5)
ImagePackageCatalogers/rpmdb-cataloger-2                      234kB ± 0%     235kB ± 0%  +0.17%  (p=0.016 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      3.62MB ± 0%    3.62MB ± 0%    ~     (p=0.841 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.30MB ± 0%    1.30MB ± 0%    ~     (p=0.222 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            560B ± 0%      560B ± 0%    ~     (all equal)

name                                                       old allocs/op  new allocs/op  delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2               6.31k ± 0%     6.31k ± 0%    ~     (all equal)
ImagePackageCatalogers/python-package-cataloger-2             21.3k ± 0%     21.3k ± 0%    ~     (p=0.389 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     6.04k ± 0%     6.04k ± 0%    ~     (p=1.000 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         5.32k ± 0%     5.32k ± 0%    ~     (all equal)
ImagePackageCatalogers/dpkgdb-cataloger-2                     7.05k ± 0%     7.05k ± 0%    ~     (all equal)
ImagePackageCatalogers/rpmdb-cataloger-2                      6.78k ± 0%     6.78k ± 0%    ~     (all equal)
ImagePackageCatalogers/java-cataloger-2                       69.5k ± 0%     69.5k ± 0%    ~     (p=0.730 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                      7.34k ± 0%     7.34k ± 0%    ~     (p=0.968 n=4+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            13.0 ± 0%      13.0 ± 0%    ~     (all equal)

@spiffcs spiffcs mentioned this pull request Jan 10, 2022
Closed
kzantow
kzantow approved these changes Jan 10, 2022
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume there's a reason for removing the timestamp thing; that's the only question I have about this, otherwise seems 👍

.goreleaser.yaml
goarch:
- amd64
- arm64
# Set the modified timestamp on the output binary to the git timestamp (to ensure a reproducible build)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this somehow lose the reproducible build now? does it matter?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think anything was deleted here. We had two blocks that were doing the builds for windows/linux and I just zipped them into one. mod_timestamp is still in the file. id: syft-win was removed and everything was consolodated under id: syft

spiffcs
spiffcs commented Jan 10, 2022
View reviewed changes
.goreleaser.yaml
- amd64
- arm64
# Set the modified timestamp on the output binary to the git timestamp (to ensure a reproducible build)
mod_timestamp: '{{ .CommitTimestamp }}'
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kzantow mod_timestamp should still exist here on this line - This PR took the two builds sections and consolidated them into a single one

kzantow
kzantow approved these changes Jan 10, 2022
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@spiffcs spiffcs requested a review from wagoodman January 10, 2022 16:57
@spiffcs
Copy link
Contributor Author

spiffcs commented Jan 10, 2022

This works all the way through generating a snapshot, but before I merge @wagoodman if there is anything else you'd like to see tested since it affects our release process?

@spiffcs spiffcs merged commit dfefd2e into main Jan 10, 2022
@spiffcs spiffcs deleted the include-windows-checksum branch January 10, 2022 19:52
@spiffcs spiffcs self-assigned this Jan 14, 2022
spiffcs added a commit that referenced this pull request Jan 19, 2022
@spiffcs
Merge branch 'hectorj2f/add_dependencies_to_cyclonedx' of https://git…
1a1e9f7 
…hub.com/hectorj2f/syft into hectorj2f/add_dependencies_to_cyclonedx

* 'hectorj2f/add_dependencies_to_cyclonedx' of https://github.com/hectorj2f/syft: (29 commits)
  Improve CycloneDX format output (#710)
  Add additional PHP metadata (#753)
  Update Syft formats for SyftJson (#752)
  Add support for "file" source type in syftjson unmarshaling (#750)
  remove contains file from spdx dependency generation
  support .sar for java ecosystem (#748)
  Start developer documentation (#746)
  Align SPDX export more with SPDX 2.2 specification (#743)
  Replace distro type (#742)
  update goreleaser with windows checksums (#740)
  bump stereoscope version to remove old containerd (#741)
  Add support for multiple output files in different formats (#732)
  Add support for searching for jars within archives (#734)
  683 windows filepath (#735)
  Fix CPE encode/decode when it contains special chars (#714)
  support .par for java ecosystems (#727)
  Add arm64 support to install script (#729)
  Revert "bump goreleaser to v1.2 (#720)" (#731)
  Add a version flag (#722)
  Add lpkg as java package format (#694)
  ...
sergei-ivanov
sergei-ivanov reviewed Jan 19, 2022
View reviewed changes
.goreleaser.yaml
id: syft
replacements:
windows: Windows
amd64: x86_64
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi guys, evidently this has messed up artifact names for Linux and MacOS on amd64 architecture.

Release v0.35.1:

syft_0.35.1_linux_amd64.tar.gz

Release v0.36.0:

syft_0.36.0_darwin_x86_64.tar.gz   ## this one was not there before and is likely redundant
syft_0.36.0_linux_x86_64.tar.gz

fengshunli pushed a commit to fengshunli/syft that referenced this pull request Jan 24, 2022
@spiffcs @fengshunli
update goreleaser with windows checksums (anchore#740)
d1aa764 
* update goreleaser with windows checksums

Signed-off-by: Christopher Phillips <[email protected]>

* update format to be closer to our previous implementation

Signed-off-by: Christopher Phillips <[email protected]>

* remove linux replacement

Signed-off-by: Christopher Phillips <[email protected]>

* typo

Signed-off-by: Christopher Phillips <[email protected]>
Signed-off-by: fsl <[email protected]>
spiffcs added a commit that referenced this pull request Jan 24, 2022
@spiffcs
update goreleaser with windows checksums (#740)
5103660 
* update goreleaser with windows checksums

Signed-off-by: Christopher Phillips <[email protected]>

* update format to be closer to our previous implementation

Signed-off-by: Christopher Phillips <[email protected]>

* remove linux replacement

Signed-off-by: Christopher Phillips <[email protected]>

* typo

Signed-off-by: Christopher Phillips <[email protected]>
spiffcs added a commit that referenced this pull request Jan 25, 2022
@spiffcs
update goreleaser with windows checksums (#740)
5eac070 
* update goreleaser with windows checksums

Signed-off-by: Christopher Phillips <[email protected]>

* update format to be closer to our previous implementation

Signed-off-by: Christopher Phillips <[email protected]>

* remove linux replacement

Signed-off-by: Christopher Phillips <[email protected]>

* typo

Signed-off-by: Christopher Phillips <[email protected]>
jonasagx pushed a commit to jonasagx/syft that referenced this pull request Jan 28, 2022
@spiffcs @jonasagx
update goreleaser with windows checksums (anchore#740)
6846be8 
* update goreleaser with windows checksums

Signed-off-by: Christopher Phillips <[email protected]>

* update format to be closer to our previous implementation

Signed-off-by: Christopher Phillips <[email protected]>

* remove linux replacement

Signed-off-by: Christopher Phillips <[email protected]>

* typo

Signed-off-by: Christopher Phillips <[email protected]>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@spiffcs
update goreleaser with windows checksums (anchore#740)
0f88ea0 
* update goreleaser with windows checksums

Signed-off-by: Christopher Phillips <[email protected]>

* update format to be closer to our previous implementation

Signed-off-by: Christopher Phillips <[email protected]>

* remove linux replacement

Signed-off-by: Christopher Phillips <[email protected]>

* typo

Signed-off-by: Christopher Phillips <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kzantow kzantow kzantow approved these changes

@wagoodman wagoodman Awaiting requested review from wagoodman

+1 more reviewer

@sergei-ivanov sergei-ivanov sergei-ivanov left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@spiffcs spiffcs

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Missing checksums for other than Linux in 0.35.0 release

4 participants

@spiffcs @sergei-ivanov @kzantow