Comments (6)
I had a conversation with the core maintainer of the GoReleaser project, he told the same thing that I recommend.
cc: @caarlos0
from addlicense.
Sounds good. I've gone ahead and assigned this to you to start implementing when you're ready.
from addlicense.
kindly ping @willnorris
from addlicense.
interesting... I hadn't realized that goreleaser could build docker images as well.
I have somewhat mixed feelings though, since if I'm reading these docs correctly, it requires changing the Dockerfile in such a way that you can no longer simply docker build
the project. For the CI and releasing pipeline, that shouldn't really matter much, but it would certainly be nice if users could build the image themselves using standard tools (like just the docker CLI).
Do you know how other projects have handled that? Do they just accept that building the docker image locally either requires goreleaser, or a separate go build
step before running docker build
?
If the primary motivation is signing artifacts, then I'd want to get @mco-gh's opinion as well, since it would likely be him or someone else from Google that would need to maintain key management, etc.
from addlicense.
I have somewhat mixed feelings, though, since if I'm reading these docs correctly, it requires changing the Dockerfile in such a way that you can no longer simply docker build the project.
Yes, you are right, but we can create a separate Dockerfile for GoReleaser. There is an option to specify where the Dockerfile is.
# Path to the Dockerfile (from the project root).
dockerfile: Dockerfile
Do you know how other projects have handled that?
No, I don't, but we can use additional Dockerfile for GoReleaser use only, as I said above.
since it would likely be him or someone else from Google that would need to maintain key management, etc.
In cosign, you might already know that there is a keyless mode. Also, we've already made similar efforts in projects such as GoReleaser, and ko. However, they're all waiting for cosign v1.4.0 to complete the setup.
from addlicense.
thank you so much @willnorris, we'll start doing this immediately.
from addlicense.
Related Issues (20)
- use go-enry to identify generated, vendored and other types of code
- Ignore subdirectories pattern HOT 9
- Support adding license header in .txt, .patch and .tmpl files HOT 5
- Ignore doesn't work without equals sign HOT 2
- Using `//` comments for C++ header files
- malformed module path "io/fs" HOT 2
- Intermittent failure
- Include basic example of running for the first time. HOT 1
- [Proposal] Usage as module instead of CLI HOT 3
- Can a new tag be added? HOT 1
- Introduce a flag to prefer `//` over `/*...*/` HOT 1
- Copyright line should append after the SPDX identifier HOT 3
- An extra whitespace indentation for the Apache License template
- Recursive check pattern HOT 1
- (Provide option to) ignore empty files
- Feature Request: Add a version subcommand HOT 1
- Bug: Files generated by stringer are skipped HOT 4
- How to install? `go get` is deprecated
- provide fail-on-diff flag to enable checking licence headers HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from addlicense.