From 1815547c81b8d7e5e001f454aa870325f7f53b07 Mon Sep 17 00:00:00 2001 From: Victoria Date: Thu, 21 Aug 2025 15:29:16 +0200 Subject: [PATCH 1/2] fix(build): include go package licenses in sbom fixes#2363 for the cli Signed-off-by: Victoria --- .goreleaser.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.goreleaser.yml b/.goreleaser.yml index 5fcfc0daf..dc3b1316c 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -216,6 +216,12 @@ docker_manifests: - "ghcr.io/chainloop-dev/chainloop/cli:{{ .Tag }}-amd64" - "ghcr.io/chainloop-dev/chainloop/cli:{{ .Tag }}-arm64" +# Enable retrieving golang packages license information https://github.com/anchore/syft#configuration +# https://goreleaser.com/customization/sbom/ +sboms: + - env: + - SYFT_GOLANG_SEARCH_REMOTE_LICENSES=true + release: extra_files: - glob: ./.github/workflows/cosign.pub From cd0914a518cc5a91626d5832fb941324a10cc1f1 Mon Sep 17 00:00:00 2001 From: Victoria Date: Mon, 1 Sep 2025 12:07:19 +0200 Subject: [PATCH 2/2] Revert "fix(build): include go package licenses in sbom fixes#2363 for the cli" This reverts commit 1815547c81b8d7e5e001f454aa870325f7f53b07. Signed-off-by: Victoria --- .goreleaser.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index dc3b1316c..5fcfc0daf 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -216,12 +216,6 @@ docker_manifests: - "ghcr.io/chainloop-dev/chainloop/cli:{{ .Tag }}-amd64" - "ghcr.io/chainloop-dev/chainloop/cli:{{ .Tag }}-arm64" -# Enable retrieving golang packages license information https://github.com/anchore/syft#configuration -# https://goreleaser.com/customization/sbom/ -sboms: - - env: - - SYFT_GOLANG_SEARCH_REMOTE_LICENSES=true - release: extra_files: - glob: ./.github/workflows/cosign.pub