Git Product home page Git Product logo

Comments (6)

developer-guy avatar developer-guy commented on May 5, 2024 1

I had a conversation with the core maintainer of the GoReleaser project, he told the same thing that I recommend.

cc: @caarlos0

from addlicense.

willnorris avatar willnorris commented on May 5, 2024 1

Sounds good. I've gone ahead and assigned this to you to start implementing when you're ready.

from addlicense.

developer-guy avatar developer-guy commented on May 5, 2024

kindly ping @willnorris

from addlicense.

willnorris avatar willnorris commented on May 5, 2024

interesting... I hadn't realized that goreleaser could build docker images as well.

I have somewhat mixed feelings though, since if I'm reading these docs correctly, it requires changing the Dockerfile in such a way that you can no longer simply docker build the project. For the CI and releasing pipeline, that shouldn't really matter much, but it would certainly be nice if users could build the image themselves using standard tools (like just the docker CLI).

Do you know how other projects have handled that? Do they just accept that building the docker image locally either requires goreleaser, or a separate go build step before running docker build ?

If the primary motivation is signing artifacts, then I'd want to get @mco-gh's opinion as well, since it would likely be him or someone else from Google that would need to maintain key management, etc.

from addlicense.

developer-guy avatar developer-guy commented on May 5, 2024

I have somewhat mixed feelings, though, since if I'm reading these docs correctly, it requires changing the Dockerfile in such a way that you can no longer simply docker build the project.

Yes, you are right, but we can create a separate Dockerfile for GoReleaser. There is an option to specify where the Dockerfile is.

 # Path to the Dockerfile (from the project root).
    dockerfile: Dockerfile

Do you know how other projects have handled that?

No, I don't, but we can use additional Dockerfile for GoReleaser use only, as I said above.

since it would likely be him or someone else from Google that would need to maintain key management, etc.

In cosign, you might already know that there is a keyless mode. Also, we've already made similar efforts in projects such as GoReleaser, and ko. However, they're all waiting for cosign v1.4.0 to complete the setup.

from addlicense.

developer-guy avatar developer-guy commented on May 5, 2024

thank you so much @willnorris, we'll start doing this immediately.

from addlicense.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.