update build configuration for static binaries and better attestation

OpenCHAMI · Oct 25, 2024 · be7e8c9 · be7e8c9
1 parent fea8e05
commit be7e8c9
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 12 deletions.
diff --git a/.github/workflows/Release.yml b/.github/workflows/Release.yml
@@ -57,22 +57,37 @@ jobs:
           node process.js
           echo "digest=$(cat digest.txt)" >> $GITHUB_OUTPUT
           
-      - name: Attest smd binary
-        uses: actions/attest-build-provenance@v1
+      - name: Attest smd binary linux_amd64
+        uses: attest-build-provenance@v1
         with:
-          subject-path: dist/smd
+          subject-path: dist/smd_linux_amd64_v1/smd
 
-      - name: Attest smd-init binary
+      - name: Attest smd-init binary linux_amd64
         uses: actions/attest-build-provenance@v1
         with:
-          subject-path: dist/smd-init
+          subject-path: dist/smd-init_linux_amd64_v1/smd-init
 
-      - name: Attest smd-loader binary
+      - name: Attest smd-loader binary linux_amd64
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: dist/smd-loader_linux_amd64_v1/smd-loader
+
+      - name: Attest smd binary linux_arm64
+        uses: attest-build-provenance@v1
+        with:
+          subject-path: dist/smd_linux_arm64_v1/smd
+
+      - name: Attest smd-init binary linux_arm64
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: dist/smd-init_linux_arm64_v1/smd-init
+
+      - name: Attest smd-loader binary linux_arm64
         uses: actions/attest-build-provenance@v1
         with:
-          subject-path: dist/smd-loader
+          subject-path: dist/smd-loader_linux_arm64_v1/smd-loader
 
-      - name: generate build provenance
+      - name: generate build provenance of docker container
         uses: actions/attest-build-provenance@v1
         with:
           subject-name: ghcr.io/openchami/smd

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -25,7 +25,8 @@ builds:
          -X main.GitState={{ .Env.GIT_STATE }} \
          -X main.BuildHost={{ .Env.BUILD_HOST }} \
          -X main.GoVersion={{ .Env.GO_VERSION }} \
-         -X main.BuildUser={{ .Env.BUILD_USER }}"
+         -X main.BuildUser={{ .Env.BUILD_USER }} \
+         -extldflags '-static'"
     goos:
       - linux
       - darwin
@@ -34,7 +35,6 @@ builds:
       - arm64
     tags:
       - musl
-      - dynamic
 
   - id: smd-init
     main: ./cmd/smd-init/
@@ -47,7 +47,6 @@ builds:
       - arm64
     tags:
       - musl
-      - dynamic
   - id: smd-loader
     main: ./cmd/smd-loader/
     binary: smd-loader
@@ -59,7 +58,6 @@ builds:
       - arm64
     tags:
       - musl
-      - dynamic
 
 dockers:
   - image_templates: