🌱 use scorecard as binary name for all release builds #4518
+5
−9
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously, the binary name included the build platform which complicated running Scorecard after extracting the tarball. As all binaries now share the same name, we need a unique folder for each binary, so also removes `no_unique_dist_dir`. ossf#4517 Signed-off-by: Spencer Schrock <[email protected]>
snapshot.name_template was deprecated. https://goreleaser.com/deprecations/#snapshotname_template Signed-off-by: Spencer Schrock <[email protected]>
spencerschrock
requested review from
justaugustus and
raghavkaul
and removed request for
a team
spencerschrock
temporarily deployed
to
gitlab
GitHub Actions
Inactive
Before:make build-releaser
• building binaries
• building binary=dist/scorecard-linux-amd64
• building binary=dist/scorecard-darwin-arm64
• building binary=dist/scorecard-linux-arm64
• building binary=dist/scorecard-windows-arm64.exe
• building binary=dist/scorecard-windows-amd64.exe
• building binary=dist/scorecard-darwin-amd64
• archives
• archiving name=dist/scorecard_SNAPSHOT-2d95671c_windows_amd64.tar.gz
• archiving name=dist/scorecard_SNAPSHOT-2d95671c_linux_arm64.tar.gz
• archiving name=dist/scorecard_SNAPSHOT-2d95671c_darwin_amd64.tar.gz
• archiving name=dist/scorecard_SNAPSHOT-2d95671c_windows_arm64.tar.gz
• archiving name=dist/scorecard_SNAPSHOT-2d95671c_linux_amd64.tar.gz
• archiving name=dist/scorecard_SNAPSHOT-2d95671c_darwin_arm64.tar.gztar tvf dist/scorecard_SNAPSHOT-2d95671c_linux_arm64.tar.gz
-rw-r----- sschrock/primarygroup 11355 2024-09-20 11:00 LICENSE
-rw-r--r-- sschrock/primarygroup 44586 2025-02-03 10:14 README.md
-rwxr-xr-x sschrock/primarygroup 51642520 2025-02-10 14:47 scorecard-linux-arm64After:make build-releaser
• building binaries
• building binary=dist/windows_windows_arm64_v8.0/scorecard.exe
• building binary=dist/windows_windows_amd64_v1/scorecard.exe
• building binary=dist/darwin_darwin_arm64_v8.0/scorecard
• building binary=dist/darwin_darwin_amd64_v1/scorecard
• building binary=dist/linux_linux_amd64_v1/scorecard
• building binary=dist/linux_linux_arm64_v8.0/scorecard
• archives
• archiving name=dist/scorecard_SNAPSHOT-9544995d_linux_arm64.tar.gz
• archiving name=dist/scorecard_SNAPSHOT-9544995d_darwin_amd64.tar.gz
• archiving name=dist/scorecard_SNAPSHOT-9544995d_linux_amd64.tar.gz
• archiving name=dist/scorecard_SNAPSHOT-9544995d_windows_amd64.tar.gz
• archiving name=dist/scorecard_SNAPSHOT-9544995d_darwin_arm64.tar.gz
• archiving name=dist/scorecard_SNAPSHOT-9544995d_windows_arm64.tar.gztar tvf dist/scorecard_SNAPSHOT-9544995d_linux_arm64.tar.gz
-rw-r----- sschrock/primarygroup 11355 2024-09-20 11:00 LICENSE
-rw-r--r-- sschrock/primarygroup 44586 2025-02-03 10:14 README.md
-rwxr-xr-x sschrock/primarygroup 51642520 2025-02-11 10:05 scorecard |
spencerschrock
temporarily deployed
to
integration-test
GitHub Actions
Inactive
|
@timothysparg if you want to take a look |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #4518 +/- ##
==========================================
+ Coverage 66.80% 68.46% +1.65%
==========================================
Files 230 246 +16
Lines 16602 18444 +1842
==========================================
+ Hits 11091 12627 +1536
- Misses 4808 4991 +183
- Partials 703 826 +123 |
There was a problem hiding this comment.
Why not just have a single build that combines all of the goos and goarch?
goreleaser is smart enough to be able to know that windows needs an exe, which as far as I can see would be the only difference between all of the builds.
see https://github.com/timothysparg/scorecard/blob/feat/universal-binary-name/.goreleaser.yml
(I was about to submit the exact same pr, but you were too fast 😁)
There was a problem hiding this comment.
Submit anyway, happy to review + close this one when I get some time
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What kind of change does this PR introduce?
release config
What is the current behavior?
each release has the platform in the binary name
scorecard_5.0.0_darwin_arm64What is the new behavior (if this is a feature change)?**
Each scorecard binary is called
scorecardorscorecard.exeif WindowsWhich issue(s) this PR fixes
Fixes #4517
Special notes for your reviewer
Does this PR introduce a user-facing change?
For user-facing changes, please add a concise, human-readable release note to
the
release-note(In particular, describe what changes users might need to make in their
application as a result of this pull request.)