Skip to content

Clean up GoReleaser release publishing config #174

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bomly-guy merged 5 commits into from
Jun 17, 2026
Merged

Clean up GoReleaser release publishing config #174

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c219696
Use GoReleaser header for release notes
bomly-guy Jun 17, 2026
8432773
Avoid fork sync for Bomly package repos
bomly-guy Jun 17, 2026
7a87c5e
chore: update homepage and descriptions for Bomly CLI across multiple…
bomly-guy Jun 17, 2026
857622a
chore: update homepage and descriptions for Bomly CLI across multiple…
bomly-guy Jun 17, 2026
415b117
Merge branch 'main' into codex/use-goreleaser-release-header
bomly-guy Jun 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 1 addition & 17 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,22 +48,6 @@ jobs:
with:
fetch-depth: 0

- name: Write release notes
shell: bash
run: |
cat > "$RUNNER_TEMP/RELEASE_NOTES.md" <<'EOF'
Bomly release ${{ github.ref_name }}

Assets in this draft release include:
- Full builtin `bomly` archives for Linux, macOS, and Windows
- Alternate `bomly-lite` archives for users who prefer external Syft/Grype binaries
- `SHA256SUMS` for release verification

Each archive includes `LICENSE`, `NOTICE`, and a `licenses/` directory with the full license text for every bundled dependency.

GitHub-native artifact attestations are planned and will be added in a future release.
EOF

- name: Set up Go
uses: actions/setup-go@v6
with:
Expand All @@ -90,7 +74,7 @@ jobs:
with:
distribution: goreleaser
version: v2.16.0
args: release --clean --release-notes=${{ runner.temp }}/RELEASE_NOTES.md
args: release --clean
env:
GITHUB_TOKEN: ${{ github.token }}
TAP_GITHUB_TOKEN: ${{ steps.package-token.outputs.token }}
Expand Down
39 changes: 19 additions & 20 deletions .goreleaser.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,9 +107,16 @@ release:
header: |
Bomly release {{ .Tag }}

Assets in this draft release include full `bomly` archives, `bomly-lite` archives, Linux packages, package-manager manifests, and `SHA256SUMS`.
This draft release was generated by GoReleaser from the tagged `bomly-cli` source tree.

Each archive includes `LICENSE`, `NOTICE`, and a `licenses/` directory with third-party license texts.
Included artifacts:
- Full builtin `bomly` archives for Linux, macOS, and Windows.
- Alternate `bomly-lite` archives for users who prefer external Syft and Grype binaries.
- Linux packages for Debian, RPM, Alpine, and Arch-compatible package managers.
- Homebrew, Scoop, and WinGet package-manager manifests or publishing pull requests.
- `SHA256SUMS` for release artifact verification.

Each archive includes `LICENSE`, `NOTICE`, and a `licenses/` directory with third-party license texts. GitHub-native artifact attestations are planned for a future release.

nfpms:
- id: bomly-linux-packages
Expand All @@ -118,9 +125,9 @@ nfpms:
package_name: bomly
file_name_template: "bomly_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
vendor: Bomly
homepage: https://github.com/bomly-dev/bomly-cli
maintainer: Bomly Maintainers <maintainers@bomly.dev>
description: Free, open-source CLI for dependency intelligence.
homepage: https://bomly.dev/cli
maintainer: Ahmed ElMallah <ahmed@bomly.dev>
description: Free, open-source CLI for dependency intelligence and SBOM analysis.
license: Apache-2.0
bindir: /usr/bin
section: utils
Expand All @@ -142,8 +149,8 @@ homebrew_casks:
- bomly
binaries:
- bomly
homepage: https://github.com/bomly-dev/bomly-cli
description: Free, open-source CLI for dependency intelligence.
homepage: https://bomly.dev/cli
description: Free, open-source CLI for dependency intelligence and SBOM analysis.
license: Apache-2.0
directory: Casks
commit_msg_template: "Update Bomly CLI to {{ .Tag }}"
Expand All @@ -157,17 +164,13 @@ homebrew_casks:
pull_request:
enabled: true
draft: false
base:
owner: bomly-dev
name: homebrew-tap
branch: main

scoops:
- name: bomly
ids:
- bomly
homepage: https://github.com/bomly-dev/bomly-cli
description: Free, open-source CLI for dependency intelligence.
homepage: https://bomly.dev/cli
description: Free, open-source CLI for dependency intelligence and SBOM analysis.
license: Apache-2.0
commit_msg_template: "Update Bomly CLI to {{ .Tag }}"
repository:
Expand All @@ -178,10 +181,6 @@ scoops:
pull_request:
enabled: true
draft: false
base:
owner: bomly-dev
name: scoop-bucket
branch: main

winget:
- name: bomly
Expand All @@ -190,10 +189,10 @@ winget:
publisher: Bomly
package_identifier: Bomly.BomlyCLI
package_name: Bomly CLI
short_description: Free, open-source CLI for dependency intelligence.
description: Bomly scans source trees, SBOMs, Git refs, and container images for dependency intelligence, vulnerability enrichment, policy evaluation, and automation-friendly reports.
short_description: Free, open-source CLI for dependency intelligence and SBOM analysis.
description: Bomly is a free, open-source CLI that scans your projects, SBOMs, and container images, explains where each dependency came from, and surfaces vulnerability and license data when you ask for it.
license: Apache-2.0
homepage: https://github.com/bomly-dev/bomly-cli
homepage: https://bomly.dev/cli
publisher_url: https://github.com/bomly-dev
publisher_support_url: https://github.com/bomly-dev/bomly-cli/issues
license_url: https://github.com/bomly-dev/bomly-cli/blob/main/LICENSE
Expand Down