From 426fa351b2ca1b743f68271491a2d579b1b4d931 Mon Sep 17 00:00:00 2001
From: Luca Comellini <luca.com@gmail.com>
Date: Fri, 4 Aug 2023 09:28:33 -0700
Subject: [PATCH] Update GoReleaser and sign artifacts (#359)

---
 .github/workflows/ci.yml |  9 ++++++-
 .goreleaser.yml          | 53 ++++++++++++++++++++++++++++++----------
 LICENSES                 |  6 ++---
 Makefile                 |  4 +--
 README.md                |  6 ++---
 5 files changed, 56 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 550002c6..15003b46 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -64,6 +64,7 @@ jobs:
     needs: [binary, unit-tests]
     permissions:
       contents: write
+      id-token: write
     steps:
       - name: Checkout Repository
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
@@ -94,12 +95,18 @@ jobs:
 
       - name: Download Syft
         uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
+        if: github.ref_type == 'tag'
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1
+        if: github.ref_type == 'tag'
 
       - name: Build binaries
         uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0
         with:
           version: latest
-          args: release ${{ github.ref_type == 'tag' && '' || '--snapshot' }} --clean
+          args: ${{ github.ref_type == 'tag' && 'release' || 'build --snapshot' }} --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GOPATH: ${{ steps.go.outputs.go_path }}
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_COMMUNITY }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
index f0fe33de..937aafe4 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -13,6 +13,7 @@ builds:
       - 386
       - amd64
       - arm64
+      - ppc64le
       - s390x
     flags:
       - -trimpath
@@ -23,19 +24,6 @@ builds:
     main: ./cmd/sync
     binary: nginx-asg-sync
 
-archives:
-  - files:
-      - README.md
-      - LICENSE
-      - CHANGELOG.md
-      - build/config.yaml.example
-
-sboms:
-  - artifacts: archive
-
-changelog:
-  skip: true
-
 nfpms:
   - file_name_template: "{{ .ConventionalFileName }}"
     vendor: NGINX Inc.
@@ -89,3 +77,42 @@ nfpms:
           postinstall: "build/postinstall.sh"
           preremove: "build/preremove.sh"
           postremove: "build/postremove.sh"
+
+changelog:
+  skip: true
+
+archives:
+  - files:
+      - README.md
+      - LICENSE
+      - CHANGELOG.md
+      - build/config.yaml.example
+
+sboms:
+  - artifacts: archive
+    documents:
+      - "${artifact}.spdx.json"
+
+signs:
+  - cmd: cosign
+    artifacts: checksum
+    output: true
+    certificate: '${artifact}.pem'
+    args:
+      - sign-blob
+      - "--output-signature=${signature}"
+      - "--output-certificate=${certificate}"
+      - "${artifact}"
+      - "--yes"
+
+announce:
+  slack:
+    enabled: true
+    channel: '#announcements'
+    message_template: 'NGINX Plus Integration with Cloud Autoscaling {{ .Tag }} is out! Check it out: {{ .ReleaseURL }}'
+
+milestones:
+  - close: true
+
+snapshot:
+  name_template: 'edge'
diff --git a/LICENSES b/LICENSES
index 671ad732..660f5fe8 100644
--- a/LICENSES
+++ b/LICENSES
@@ -1,7 +1,7 @@
-github.com/Azure/azure-sdk-for-go,https://github.com/Azure/azure-sdk-for-go/blob/v66.0.0/LICENSE.txt,MIT
+github.com/Azure/azure-sdk-for-go,https://github.com/Azure/azure-sdk-for-go/blob/v68.0.0/LICENSE.txt,MIT
 github.com/Azure/go-autorest/autorest,https://github.com/Azure/go-autorest/blob/autorest/v0.11.24/autorest/LICENSE,Apache-2.0
 github.com/Azure/go-autorest/autorest/adal,https://github.com/Azure/go-autorest/blob/autorest/adal/v0.9.18/autorest/adal/LICENSE,Apache-2.0
-github.com/Azure/go-autorest/autorest/azure/auth,https://github.com/Azure/go-autorest/blob/autorest/azure/auth/v0.5.11/autorest/azure/auth/LICENSE,Apache-2.0
+github.com/Azure/go-autorest/autorest/azure/auth,https://github.com/Azure/go-autorest/blob/autorest/azure/auth/v0.5.12/autorest/azure/auth/LICENSE,Apache-2.0
 github.com/Azure/go-autorest/autorest/azure/cli,https://github.com/Azure/go-autorest/blob/autorest/azure/cli/v0.4.5/autorest/azure/cli/LICENSE,Apache-2.0
 github.com/Azure/go-autorest/autorest/date,https://github.com/Azure/go-autorest/blob/autorest/date/v0.3.0/autorest/date/LICENSE,Apache-2.0
 github.com/Azure/go-autorest/autorest/to,https://github.com/Azure/go-autorest/blob/autorest/to/v0.4.0/autorest/to/LICENSE,Apache-2.0
@@ -16,5 +16,5 @@ github.com/jmespath/go-jmespath,https://github.com/jmespath/go-jmespath/blob/v0.
 github.com/mitchellh/go-homedir,https://github.com/mitchellh/go-homedir/blob/v1.1.0/LICENSE,MIT
 github.com/nginxinc/nginx-asg-sync/cmd/sync,https://github.com/nginxinc/nginx-asg-sync/blob/HEAD/LICENSE,BSD-2-Clause
 github.com/nginxinc/nginx-plus-go-client/client,https://github.com/nginxinc/nginx-plus-go-client/blob/v0.10.0/LICENSE,Apache-2.0
-golang.org/x/crypto/pkcs12,https://cs.opensource.google/go/x/crypto/+/e495a2d5:LICENSE,BSD-3-Clause
+golang.org/x/crypto/pkcs12,https://cs.opensource.google/go/x/crypto/+/v0.1.0:LICENSE,BSD-3-Clause
 gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0
diff --git a/Makefile b/Makefile
index 256102c5..2dd48b02 100644
--- a/Makefile
+++ b/Makefile
@@ -15,12 +15,12 @@ nginx-asg-sync:
 .PHONY: build-goreleaser
 build-goreleaser:
 	@goreleaser -v || (code=$$?; printf "\033[0;31mError\033[0m: there was a problem with GoReleaser. Follow the docs to install it https://goreleaser.com/install\n"; exit $$code)
-	@GOPATH=$(shell go env GOPATH) goreleaser release --rm-dist --snapshot
+	@GOPATH=$(shell go env GOPATH) goreleaser release --clean --snapshot
 
 .PHONY: build-goreleaser-docker
 build-goreleaser-docker:
 	@docker -v || (code=$$?; printf "\033[0;31mError\033[0m: there was a problem with Docker\n"; exit $$code)
-	@docker run --rm --privileged -v $(PWD):/go/src/github.com/nginxinc/nginx-asg-sync -v /var/run/docker.sock:/var/run/docker.sock -w /go/src/github.com/nginxinc/nginx-asg-sync goreleaser/goreleaser release --snapshot --rm-dist
+	@docker run --rm --privileged -v $(PWD):/go/src/github.com/nginxinc/nginx-asg-sync -v /var/run/docker.sock:/var/run/docker.sock -w /go/src/github.com/nginxinc/nginx-asg-sync goreleaser/goreleaser release --snapshot --clean
 
 .PHONY: clean
 clean:
diff --git a/README.md b/README.md
index 2efe89db..f50bed6e 100644
--- a/README.md
+++ b/README.md
@@ -59,7 +59,7 @@ Below you will find documentation on how to use nginx-asg-sync.
 
 ## Supported Operating Systems and Architectures
 
-We provide `.rpm` and `.deb` packages for `386`, `amd64`, `arm64`, and `s390x`.
+We provide `.rpm` and `.deb` packages for `386`, `amd64`, `arm64`, `ppc64le` and `s390x`.
 
 Support for other operating systems or architectures can be added.
 
@@ -70,8 +70,8 @@ Support for other operating systems or architectures can be added.
     - For the latest source code from the main branch, build a software package by following [these
       instructions](#building-a-software-package).
 2. Install the package:
-    - For CentOS/RHEL based OSs, run: `$ sudo rpm -i <package-name>.rpm`
-    - For Debian based OSs, run: `$ sudo dpkg -i <package-name>.deb`
+    - For CentOS/RHEL based OSs, run: `sudo rpm -i <package-name>.rpm`
+    - For Debian based OSs, run: `sudo dpkg -i <package-name>.deb`
 
 ### NGINX Plus Configuration