Fix docs for goreleaser with the generic generator to include docker di…#1252
Fix docs for goreleaser with the generic generator to include docker di…#1252laurentsimon merged 6 commits intoslsa-framework:mainfrom
Conversation
laurentsimon
left a comment
There was a problem hiding this comment.
Thanks for the PR!
| ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}" | ||
| run: | | ||
| set -euo pipefail | ||
|
|
There was a problem hiding this comment.
Just to be clear: the new feature does not break backward compatibility, correct?
If we update the code, will users of the older goreleaser versions break?
There was a problem hiding this comment.
I'm afraid it will; it won't work for older versions.
I can edit the PR to also include the instructions for older versions (the current instructions) if that's preferred.
I can also rewrite the code with backwards compatibility, but that would result in a bit messier code.
There was a problem hiding this comment.
Yes, please edits the PR to account for older version.
Btw, since it's breaking backward compatibility, should you not bump the Action tag to a major change, like v4.0.0 instead of v3.2.0?
There was a problem hiding this comment.
np, will do.
Regarding the version bump -
- The github action actually isn't relevant here. The version of the goreleaser is the one affecting the output (the version of goreleaser is passed as an argument to the action).
- The chnage in goreleaser is backwards compatible, i.e. any code written for older versions should still work. The code that breaks is the code I added in this PR, which uses the new features that weren't available in older goreleaser versions (specifically, using the checksum file still works, so the current instructions won't break).
There was a problem hiding this comment.
Thanks for the clarification
There was a problem hiding this comment.
I pushed a new commit.
btw, I didn't want to amend (& force-push) the old commit to avoid noise, so note that I accidentally wrote "generic builder" rather than "generic generator" in the commit message, so you might want to fix that when you squash&merge.
There was a problem hiding this comment.
p.s. the instructions currently assume that the user didn't disable checksum generation in the goreleaser (see https://goreleaser.com/customization/checksum/).
It might be an obvious assumption, but disabling it would cause the job to hang (because of that cat $checksum_file when checksum_file is an empty string).
We might want to add a clarification for that. wdyt?
There was a problem hiding this comment.
Yes, please add a note. Thank you.
laurentsimon
left a comment
There was a problem hiding this comment.
Thanks. I proposed adding a link to goreleaser feature / doc for the docker. Let me know what you think.
goreleaser latest release includes a couple of new features that are useful for provenance generation:
The first one (published docker images) actually enables users to include the built dockers in their provenance documents.
The second one (checksums) is added mainly to simplify the usage.
This pull request updates the instructions in the documentation for the generic builder with goreleaser, to take advantage of these new features.