Building GoReleaser: from shell script to paid product
In this post, I want to share the history behind GoReleaser, how we got here, lessons I’ve learned along the way, and what’s ahead.| carlosbecker.com
This version introduces the new version of the Docker integration, Docker image attestation, Makeself packaging support, Go 1.25, and much more!| Posts on Carlos Becker
In this post, I want to share the history behind GoReleaser, how we got here, lessons I’ve learned along the way, and what’s ahead.| carlosbecker.com
This version consists mostly of improvements to the Homebrew Cask feature introduced in the last release, and in other features.| Posts on Carlos Becker
After using nix in my dotfiles for over 2 years, I’m now moving away from it. Here’s why.| carlosbecker.com
This version introduces the new Homebrew Casks feature, an experimental MCP server, plus many other small improvements.| Posts on Carlos Becker
My talk at Gophercon Latam 2025, showing a brief history of terminals, an introduction to ANSI escape sequences, a briefer introduction to SSH, and finally, how to build and serve a TUI using Bubble Tea and Wish.| Posts on Carlos Becker
This release introduces support to Python builds through Poetry and UV!| Posts on Carlos Becker
Had an amazing chat with Matthew and Angelica about being a maintainer, monetization, making time, and GoReleaser| carlosbecker.com
string and []string can be the same thing…| Posts on Carlos Becker
Happy March! Another release is here with several improvements across the board.| Posts on Carlos Becker
A live chat with Elton Minetto about learning Go, GoReleaser, and more, in preparation for Gophercon Latam 2025 (in Portuguese).| Posts on Carlos Becker
Had an amazing chat with Jonathan and Shay about GoReleaser and other topics.| carlosbecker.com
Happy February! Another release is here with several improvements across the board.| Posts on Carlos Becker
Happy Easter! The second release of 2024 is here! It’s the result of 2 months of work by me and many contributors, aiming on releasing a v2 soon. Highlights new: automatically update the description/readme on Docker Hub (only on Pro) new: added goreleaser verify-license command (only on Pro) archives: allow to skip archiving certain GOOS by using none in format_overrides dmg: fix packaging when binary name contains a directory msi: fix packaging when binary name contains a directory homebre...| Posts on Carlos Becker
Happy new year! The first release of the year is here!| Posts on Carlos Becker
GoReleaser v2.5 is out with Rust and Zig support - let’s explore how we can use it!| Posts on Carlos Becker
Merry Christmas - the last release of 2024 is here!| Posts on Carlos Becker
A couple of weeks ago I added a small automation to automatically merge dependabot pull requests if the build succeed.| Posts on Carlos Becker
A short reflection on side projects, and how I do them.| Posts on Carlos Becker
A couple of days ago, all of the sudden, my jobs started running out of space.| Posts on Carlos Becker
New release coming in hot! new: create macOS app bundles. Initially they are only usable with dmgs, more uses might be added in the future. (only on pro) Example: # .goreleaser.yml app_bundles: - bundle: com.goreleaser.goreleaser icon: www/docs/static/goreleaser.icns if: '{{eq .Arch "all"}}' dmg: - name: goreleaser use: appbundle DMG with GoReleaser Pro's App Bundle new: nfpms and dmgs get an if field, which allows to further filter artifacts. (only on pro) new: dmgs get an templated_extra_fi...| Posts on Carlos Becker
Recently I found a good use case for AI when migrating my dotfiles to another theme. This is a short post about it.| Posts on Carlos Becker
Continuity Camera is the macOS feature that allows to use an iPhone as a webcam.| Posts on Carlos Becker
I’ve been using Gumroad for payments of GoReleaser Pro since the beginning, around May 2021.| Posts on Carlos Becker
Another month, another minor release full of improvements!| Posts on Carlos Becker
This is a quick post showing how to set up a Wireguard VPN in an UniFi Dream Machine.| Posts on Carlos Becker
In this interview I talk with Josh about my developer workflow including tmux, neovim, nix, and more on macOS. More links Original post. Everything I use.| Posts on Carlos Becker
Another month, another minor release full of improvements!| Posts on Carlos Becker
I talked a bit about my career to some first year college students. Slides are in PT-BR.| Posts on Carlos Becker
Winter is here (in the South America)! Let’s see whats new!| Posts on Carlos Becker
I thought I would share some quick bits about how to do go.mod version bumps.| Posts on Carlos Becker
This weekend’s side quest: installing Starlink as my second internet provider. Here’s how it went.| Posts on Carlos Becker
The new major version of GoReleaser is here!| Posts on Carlos Becker
If you, like me, release your projects to the Snap Store using GoReleaser, you might need to eventually update the secret. It seems to me that the secret expires every year, and this is the time of the year I need to renew mine. To help future me, this is my recipe on how to do it quickly: snapcraft export-login /tmp/snap.login gh secret set SNAPCRAFT_STORE_CREDENTIALS </tmp/snap.login If you used to use snapcraft login --with, it is not needed anymore!| Posts on Carlos Becker
Happy mother’s day! This will be probably the last minor v1 release of GoReleaser. V2 will not be a big update, rather, it’ll be the same as v1.26, but removing all the deprecated stuff. That said, let’s see what’s new on this version! Highlights new: macOS binaries notarization new: Publish Homebrew, NUR, Winget, and others, across SCMs (only on Pro) fury: Retry uploads continue: Fixed goreleaser continue --merge when running with --snapshot announce: BlueSky support archive: Create .| Posts on Carlos Becker
I was live with Natalie to discuss how GOOS and GOARCH spark joy. Go Time 311: Ship software, not code – Listen on Changelog.com| Posts on Carlos Becker
Happy new year! The first release of 2024 is here! Highlights security: goreleaser would log environment variables in some configurations when run with --verbose. Note that we only recommend using the --verbose flag locally, to debug possible issues. CVE-2024-23840 new: create DMG images (with hdutil/mkisofs) (only on Pro) new: create MSI installers (with wix/msitools) (only on Pro) git: options to ignore tag prefixes (only on Pro) blog: we fully migrated our blog from Medium to mkdocs blob: ...| Posts on Carlos Becker
The yearly Christmas edition, and the last release of 2023. This release contains mostly small improvements and bug fixes. Highlights nix: validate license to prevent generating invalid derivations nix: make sure zip is included if one of the archives is a zip file winget: support archives.format: binary homebrew: dependencies can be added to specific OSes homebrew: support tar.xz aur: support archives.wrap_in_directory aur: support multiple packages in the same repository --single-target is ...| Posts on Carlos Becker
Another boring release, with mostly bug fixes and quality-of-life improvements. Highlights Several new pipes can be skipped with --skip=pipe, check goreleaser release --help for details If you have gomod.proxy enabled, GoReleaser will now check if your go.mod has replace directives, and warn you about them on snapshots, and straight out fail on a production build If you have gomod.proxy enabled and a go.work file with multiple modules, GoReleaser will now properly handle it, using the first m...| Posts on Carlos Becker
Twitter Spaces with some OSS developers: @caarlos0 @charmcli @jzmusings @meowgorithm @propeldatacloud @roxcodes Listen to it here.| Posts on Carlos Becker
A boring release, mostly bug fixes. Boring is good. Highlights You can now sort tags by semver in GoReleaser Pro Docker pushes will now be retried when the registry yields a 503. It’ll retry 10 times. Winget: added support for package_dependencies and update schema version to 1.5.0. GoReleaser will now run against Gerrit, Soft-Serve, and other Git providers, as long as the SCM release is disabled. You can now ignore Git tags that match a regular expression.| Posts on Carlos Becker
A little over 100 commits in small-ish quality-of-life improvements.| Posts on Carlos Becker
Almost 200 commits adding Nix, Winget, and much more…| Posts on Carlos Becker
May is the maintainers month, so I would first like to thank all the maintainers out there for the hard work, you rock!| Posts on Carlos Becker
The Easter release is here!| Posts on Carlos Becker
The February release got a little late… better later than even later, I guess! 😄 goreleaser healthcheck It is packed with some juicy features and tons of bug fixes and quality-of-life improvements. Let’s take a look: Highlights On GoReleaser Pro you can now add dividers between groups in the changelog. Documentation. GoReleaser Pro also gets a new template variable: {{ .Artifacts }}, which you can iterate over to build, for instance, custom scripts.| Posts on Carlos Becker
Keeping our pace of 1 minor a month, this is the January 2023 release. GoReleaser’s Ko integration documentation It is packed with some juicy features and tons of bug fixes and quality-of-life improvements. Let’s take a look: Highlights GoReleaser Pro now can now create changelog subgroups You can create and push Docker images/manifests with Ko (big thanks to @developerguyba and @ImJasonH for all the work here) More templateable fields: nfpms.apk.signature.key_name, release.| Posts on Carlos Becker
Another month, another release! In fact, the last release of the year. This one in particular marks the 6 years anniversary of GoReleaser, and is packed with new features and improvements. GoReleaser Santa Let’s see what’s new: Highlights GoReleaser Pro can now skip the build of specific Docker images based on a template evaluation result; GoReleaser Pro build hooks now also inherit the build environment variables You can now use templates in brews.| Posts on Carlos Becker
This is a different kind of post: I’m sharing some music I enjoyed this year! If that’s not your thing, you don’t need to go any further. Best albums of 2022 Those are the albums I listened to (and incidentally liked) the most in 2022. Avantasia – A Paranormal Evening With The Moonflower Society Bleed From Within – Shrine Lorna Shore – Pain Remains Make Them Suffer – How to Survive A Funeral Malevolence – Malicious Intent Memphis May Fire – Remade In Misery Parkway Drive –...| Posts on Carlos Becker
Another month, another release! Like the previous 2 releases, this is a beefy one: over 100 commits from 15 contributors! GoReleaser on Mastocon This one also marks the point of 1 year since our first v1! Highlights docker, docker buildx and podman (on GoReleaser Pro) will now use the image digest when creating docker manifests. This should help ensure that what you are releasing wasn’t changed by an outside tool. In the same token, the Docker images and manifests signing with cosign will n...| Posts on Carlos Becker
We launched GoReleaser v1 exactly 1 year ago today! onefetch First, I wanted to wholeheartedly thank all the users, fans, contributors, backers, GoReleaser Pro users, and, especially, the other maintainers — without you all I’m sure GoReleaser would not be where it is today! Thank you! ❤️ Since v1.0.0, we continue making steady progress towards making it easier to release increasingly more complex projects, with increasingly more integrations, and with good defaults — especially reg...| Posts on Carlos Becker
The previous release had ~100 commits, and this one has 149 since previous feature release! Definitely a big release, with some big features. Let’s dive in! GoReleaser Pro release using the new split/merge feature Highlights GoReleaser Pro can now split and merge releases; GoReleaser Pro can now filter paths for changelogs; GoReleaser Pro has now a continue command, which merges publish and announce; GoReleaser Pro can now filter targets by GGOOS and GGOARCH as well; AUR can now set the...| Posts on Carlos Becker
This release took a while, for all the good reasons: a ton of new features and bug fixes for your delight! Oh, and, over 100 commits! It might be the biggest GoReleaser release in commits made, although I have no data to back it up — except my memory. GoReleaser screenshot Highlights GoReleaser Pro can now skip Fury publishing with --skip-fury; GoReleaser Pro now has before and after hooks for archives; GoReleaser is now compiled using Go 1.| Posts on Carlos Becker
Fun fact: it is actually winter now here in Brazil. Regardless, this release is packed with new features, quality-of-life improvements and bug fixes! GoReleaser screenshot Highlights GoReleaser Pro can now skip global after hooks with -skip-after; GoReleaser Pro can now split the release process into “prepare”, “publish” and “announce”. Check out goreleaser release --help,goreleaser publish --help and goreleaser announce --help for more details; The entire GoReleaser output...| Posts on Carlos Becker
A conversation about maintaining OSS and other software-related topics.| Posts on Carlos Becker
A conversation about maintaining OSS — in Portuguese.| Posts on Carlos Becker
Twitter Spaces with Twitter and Charm folks, discussing favorite developer tools. This Space was not recorded.| Posts on Carlos Becker
This release contains several minor improvements and a couple of new features! Let’s have a look! goreleaser changelog preview. Highlights goreleaser changelog was added to GoReleaser Pro — you can use it to preview your next release changelog added more build options, enabling you to build test binaries #3064 added go_first_class target options for build #3062 new run script for CIs that don’t have it natively #3075 make it easier to run GoReleaser against a SCM that is not GitHub, Git...| Posts on Carlos Becker
A couple of weeks ago I was working on adding SSH Certificate Authentication support to Wish, and did not find any good, to the point documentation on how to use certificates from the Go SSH client — hence this post. In short, we need to parse the user’s private key and the certificate, create a signer using both the certificate and the private key, and use that as an auth method in our client.| Posts on Carlos Becker
GoReleaser can help you, to some extent, to have reproducible builds. Reproducible Builds What are reproducible builds? According to Reproducible-Builds.org: A build is reproducible if given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts. So, things we need to pay attention here are: the source is the same the dependencies are the same, in the same versions chtimes are the same build path is the ...| Posts on Carlos Becker
This release’s biggest feature is the GOAMD64 support. Highlights support GOAMD64(#3016) upgraded from yaml.v2 to yaml.v3(#3004) deprecate gofish (#2999) added Slack notification options (#2988) a lot of bug fixes and docs improvements You can see the full changelog here. Other news Still no community meeting, sorry 🫠. Link. Release Party though! Thanks to everyone who joined! GoReleaser is now in the ThoughtWorks Technology Radar! GoReleaser now has ~9.9k stars and 271 contribut...| Posts on Carlos Becker
The title would have been more creative if it was GoReleaser 1.18 as well… maybe… probably not. Highlights Go 1.18 update (#2978, #2984) Ability to filter by file extension in HTTP uploads (#2992) Homebrew tap service block (#2973) Deprecated buildpacks support (#2982), and removed some deprecated code/etc that have been deprecated for 6 months+ (#2985) As always, some dependency upgrades, bug fixes and documentation improvements. You can see the full changelog here.| Posts on Carlos Becker
GoReleaser 1.6 is out! Another “boring” release with some miscellaneous improvements and bug fixes. Highlights New filter and reverseFilter template functions (#2924) nFPM and archiving in tar.gz should now be faster (#2940, #2941) More Snapcraft app metadata fields (#2955) New .TagBody template field (#2923) Install amd64 binaries when no arm64 binaries are present on macOS (i.e. use Rosetta) (#2939) Several dependency updates Several bug fixes Some documentation improvement...| Posts on Carlos Becker
GoReleaser 1.5 is out, with a handful of miscellaneous improvements. Highlights Better manpages using mango; Migrated from cobra to coral — which will eventually lead to faster go install; Improved nFPM to make it easier for GoReleaser’s debs and GoReleaser-generated debs that pass lintian checks; Several improvements on GoReleaser output logs; More fields are now templateable, namely on nFPMs and Universal Binaries configs; Hooks now have an option to always print their outputs; ...| Posts on Carlos Becker
GoReleaser can now create and publish Arch Linux PKGBUILD files to Arch User Repositories! neofetch in an Arch Linux container This amazing new feature was sponsored by Charm. How does it work? The AUR is basically a group of Git repositories that, if you push the right set of files, are installable on an Arch Linux box using a tool like yay. To push there, you’ll need to create an account on the AUR website and inform them of the public key you’ll be using to push.| Posts on Carlos Becker
We just launched GoReleaser v1.3, the first release of 2022! Highlights Announce to any HTTP endpoint #2750 Create universal binaries from multiple build IDs #2811 New templateable fields #2826 #2797 Custom publishers can now publish extra #2770 Fixed dependency issue with go-reddit which was causing problems when go installing goreleaser #2823 Fixed some issues with the github-native changelog implementantion #2802 #2803 You can see the full changelog here. Also check out GoReleaser...| Posts on Carlos Becker
$ glow charm.md Everyone who knows me knows that I love CLI tools. I have my own opinionated dotfiles, a lot of scripts to achieve several tasks, a lot of automations and a lot of other tools and binaries for both useful and useless things. And I just love working with that stuff. I’ll be joining Charm to work on tools to make the command line glamorous, starting this January! Are you excited?| Posts on Carlos Becker
In the v1.1 release, GoReleaser introduced a new feature called “changelog groups”. This is a quick post to spread the word. This feature allows you to “organize” your changelog in categories by using regular expressions. Using it with use: github and some exclusion filters yields pretty good looking release notes: An example release changelog. Here’s a quick usage example: # .goreleaser.yaml changelog: sort: asc use: github filters: exclude: - Merge pull request - Merge remote-trac...| Posts on Carlos Becker
A hands-on talk on how to create and set up a project with GoReleaser. In Portuguese.| Posts on Carlos Becker
A hands-on talk on how to create and set up a project with GoReleaser.| Posts on Carlos Becker
Sometimes, working on big projects, running all tests locally take too much time.| carlosbecker.com
This is how I automated my garage doors without using a BTN interface. Arriving home is always a pain, I have to open two garages, and disarm the alarm system. I wanted to make that experience better. Once I figured out the alarm part, I started looking into the garages. Usually, garage motors have a BTN input or similar, in which you can plug a smart relay and move on with life.| carlosbecker.com
This post documents my journey implementing a Homekit integration for my Intelbras AMT8000 alarm system. This particular alarm system is relatively common here in Brazil, as it can be found in Brazil for a decent price, and is surprisingly easy to install. The sensors, keyboard, and sirens are all wire-free, which makes it a matter of pairing them with the system and then double-sided taping them wherever you want them.| carlosbecker.com
GoReleaser v1.2 is out — likely be the last feature release of 2021. It also marks the first 5 years since its first commit. It comes packed with some great features and fixes by several people! Christmas GoReleaser gopher! Here are some highlights: GoRelaser now generates a dist/artifacts.json file — this might help integrating with other tools (e.g. you can jq it to find stuff). Link. We now have a “Common Errors” section in our docs.| carlosbecker.com
A few months ago, I published a post on Multi-platform Docker images with GoReleaser and GitHub Actions. Today’s post has the same idea, but using Podman instead of Docker. The main advantage of Podman is that you can run in rootless mode (e.g. inside a container) and that it doesn’t require a daemon. An example project I created an example project showing with all the code needed for everything to work.| carlosbecker.com
Talking about improving sustainability of open source with some incredible open source community members. We highly recommend checking out their profiles to see the cool projects they’re working on! Panel with: abbycabs bashbunni caarlos0 filmgirl muesli tjdevries| carlosbecker.com
GitHub Sponsors expanded to over 30 new regions this year, Abigail Cabunoc Mayes chat with three developers from India, Brazil and Egypt about building careers in open source. Panel with: abbycabs caarlos0 kovidgoyal youssef1313| carlosbecker.com
SSH certificates allow system administrators to SSH into machines without having to manage authorized keys in the servers. In summary, you create a key pair to be used as a Certificate Authority (CA), and add the public key of that key pair to the server: TrustedUserCAKeys /etc/ssh/my-root-ca.pub Then, usually, a system administrator or an automated system creates certificates for the users that need to access the servers. Those certificates are created with the CA’s private key, the user...| carlosbecker.com
Hello everyone! I’ve been holding on the “v1” release for, checks notes, years now. That’s because I wanted v1 to have a “stable enough API”, i.e. something unlikely to change. A couple of months ago I realized that we’ll probably never reach that, as things keep changing: we add more features, change old ones (sometimes on our own, sometimes due to changes on other tools), and so on. That way, v1 would never happen.| carlosbecker.com
In this post I’m going to talk about some old text editors you probably never heard of, what is modal text editing, and why people like it so much.| carlosbecker.com
Learn how to use the recently-added Tailscale, DNS, and Zeroconf endpoint discovery in Wishlist, our SSH host directory.| carlosbecker.com
Learn how to use x/exp/teatest to write tests for your Bubble Tea apps.| carlosbecker.com
Having your favorite commands available over SSH can be very convenient. I think I talked about this a couple of times before, but I usually work by SSH-ing from my mac into a Linux machine (a rather chunky one, might I add). While it allows me to work faster when I’m not home and with a poor internet connection, it has some drawbacks too. Two of them are the lack of clipboard integration and the fact that open (or xdg-open) won’t work.| carlosbecker.com
Not long ago, when I was building melt, I learned something interesting: if you restore a private key from its seed, and marshal it back to the OpenSSH Private Key format, you’ll always get a different block in the middle. Why? That lead to an investigation of how the private key format works. I didn’t find many good references out there, except OpenSSH’s source code. Let’s start from there, shall we?| carlosbecker.com
Since v1.12.0-pro, GoReleaser can split and merge its release process. This means that you can run the builds for each platform in its own machine, and then merge the results and publish later. This can be useful if you need CGO, or if your build process takes too long. In this post we’ll set up an example using GitHub Actions and a sample project. GoReleaser config By default, GoReleaser will split by GOOS, so, if you run goreleaser release --split in a Linux machine, it’ll build all tar...| carlosbecker.com
I keep getting asked how my setup works, how I use tmux and nvim over ssh… all that good stuff. I wrote this series of posts in an attempt to explain it. Meta I think I should start from the principle: how I actually work, in a more general sense, before we get into software — and this will be part 1. On subsequent parts I’ll dig more into software and configurations.| carlosbecker.com
Most people run GoReleaser by creating a tag locally, pushing it, and letting their CI takes care of the matter. Another lesser known option is to leverage workflow_dispatch on a GitHub Action to create the tag locally, and then “auto-creating” the tag once the release finishes. This has a couple of trade-offs, though: You’ll also have to set up signing in your workflow if you want to sign the tag; Go mod proxying will not work, as the tag is only created when the release finishes.| carlosbecker.com
GoReleaser Pro v1.11+ added support to keeping a nightly release. That means that, whenever you want, you can run: goreleaser releaser --clean --nightly And it’ll delete previous nightly releases and create a new one with the current commit artifacts. To enable it, you’ll need to change a few things in your .goreleaser.yml. The first one, is actually enabling the nightly release publishing, and setting up the version name template, as well as instructing GoReleaser to keep a single nightl...| carlosbecker.com
Everyone likes command line completions, so much that some even install extra tools just to have them. But you don’t need to install anything just for completions: Bash, Fish and ZSH all support it out of the box! In this post I’ll show you how to ship completions for your Go tools using Cobra and GoReleaser. Cobra Cobra is a tool that helps you write command line applications. It is used by a lot of big Go projects, such as Kubernetes, Hugo and many others.| carlosbecker.com
Since I joined Charm, I’ve been working and learning more about SSH, and I thought I would share a few quick tips and tricks with you. Forward Yubikey Agent If you use a Yubikey (you should), you can use it in your remotes by having the key in a SSH agent and forwarding it. To manage the agent, I strongly recommend yubikey-agent. You can then forward it in your ~/.ssh/config like the following:| carlosbecker.com
I wanted to share a quick thing that made my life easier on tmux lately, but before we dig into that, I feel like I need to explain how I usually work. How my workflow looks like It has 2 main modes: Mode 1: Local I open an Alacritty windows and run: $ tmux Mode 2: Remote This is the mode I use the most: I open an Alacritty window and run:| carlosbecker.com
This post will describe my experience with a couple of firsts: first mechanical keyboard first split keyboard first orthogonal keyboard first time in my adult life being able to touch type And all of them are related to the same keyboard: a ZSA Moonlander. This will not be a hardware review, though. You can find plenty of them online from people that actually know things about keyboards. This is just a short description of my experience with it.| carlosbecker.com
I’m doing 99% of my coding in a “big” machine instead of my laptop. I do that by SSH’ing into it, hopefully into a tmux session, and coding on Neovim. Neovim has a neat plugin that shows what’re doing as a Discord Rich Presence thing… but, Discord is running on my laptop, so… how can I make this work? Investigating After digging some source and testing a little, I found out that Discord’s bind itself to a socket in one of the following places:| carlosbecker.com
I’m still mad I haven’t found this out before. Imagine you’re working on something, then you need to work on something else on the same repo for whatever reason - you have some modified files, some new ones, some deleted… what do you do? I would usually stash them without a description, because, you know, I’m in a hurry, and then spend a lot of time later finding out which stash it was.| carlosbecker.com
I got a MacBook Pro 14" with an Apple M1 Pro SoC, 16GB of memory and 500GB of disk a couple of weeks ago, and wanted to write my impressions about it, since a lot of people ask. The following are a revised format of my notes as I was setting up the M1 for the first time. About this Mac. Rosetta 2 Rosetta 2 allows you to run amd64 apps on arm64 Macs.| carlosbecker.com
One issue we had from time to time on GoReleaser was related to its Linux packages. We had a single map from GOARCH to Linux arch, when in fact, each package manager might have their own. That led to less popular packages (e.g. arm) to report the wrong architecture and thus be not installable. This was recently moved to nFPM, and we now just pass a concatenation of GOARCH+GOARM+GOMIPS, and each packager handles it on nFPM.| carlosbecker.com
You can now import pre-built binaries into GoReleaser! This feature was made with mainly two cases in mind: You are migrating to GoReleaser and already have the build part covered by a Makefile or some other tool, and you don’t want to change that You want to build each platform on a different machine and join the binaries later (for performance or CGO reasons) Let’s talk about them. 1. Another builder In this case, you’ll likely have a Makefile or some other tool doing the heavy liftin...| carlosbecker.com
In GoReleaser v0.176.0 (both OSS and Pro), we released the ability to sign Docker images - with cosign in mind, and also did small quality-of-life improvements in the artifact signing feature. In this post we’ll explore how to quickly add this to your GoReleaser config so your users can verify the artifacts they download. cosign You’ll need to install cosign, and then generate a key pair with it: cosign generate-key-pair It’ll ask for a password and its confirmation - and that’s it.| carlosbecker.com
Since the infamous SolarWinds attack, supply chain integrity is something a lot of people are discussing and working on. In this post we’ll see how we can verify a binary built with Go is indeed what it says it is. Building from Go mod proxy Using go install The easiest way of doing that is using go install: $ go install github.com/caarlos0/svu@v1.7.0 And then we can verify with go version -m:| carlosbecker.com
